“Overall, the Department has made improvements and continues to implement changes to strengthen its enterprise-wide information security program including adhering to security training procedures and updating policies and procedures. Further, the Department continues to work towards implementing a Department-wide Continuous Diagnostics and Mitigation program, coordinating with the Department of Homeland Security.”
“While the Department continue to improve its information security program, opportunities to strengthen the overall information security program were identified, which should allow the Department to achieve a higher level of maturity for its information security program. We continued to identify weaknesses in the following areas: risk management, configuration management, identity and access management, security training, information security continuous monitoring…” Access the full report here.
Source: Review of the Department of Health and Human Services’ Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2017 – March 2018. Office of Inspector General.