• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

HHS Information Security Program ‘Not Effective’

You are here: Home / General Cyber Security News / HHS Information Security Program ‘Not Effective’
May 4, 2022

The information security program of the United States’ Department of Health and Human Products and services (HHS) has been considered ineffective for a fourth consecutive 12 months. 

Audits carried out for the HHS’ Business of Inspector General (OIG) to evaluate compliance with the Federal Info Security Modernization Act of 2014 (FISMA) in the fiscal many years 2018, 2019, 2020 and 2021 have all resulted in the method receiving a ‘not effective’ ranking.

The results of the most the latest audit, released in April 2022, ended up carried out at five of the HHS’ 12 running divisions, whilst the OIG did not specify which 5 divisions had been audited.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Outlining why the system had at the time once again been rated ‘not efficient,’ the OIG report stated: “This willpower was produced based mostly on HHS not meeting the ‘Managed and Measurable’ maturity amount for the Detect, Secure, Detect, Respond, and Recuperate operate regions as expected by DHS assistance and the FY 2021 Inspector Typical FISMA Reporting Metrics.”

Even with the department’s failure to meet up with the needed ranking degree for 5 of the five operate regions, the OIG acknowledged that the section was aware of methods in which it could strengthen its cybersecurity and that endeavours were staying made by the section toward reaching a mature cybersecurity posture.

“HHS proceeds to put into action changes to strengthen the maturity of its enterprise-vast cybersecurity plan. Development carries on to be created to maintain cybersecurity maturity across all FISMA domains,” observe the OIG,

“HHS is mindful of alternatives to improve the Department’s all round information and facts security plan which would support assure that all OpDivs are constantly utilizing and in line with the prerequisites across their security plans.” 

The OIG observed that in the fiscal year 2021, the HHS experienced unsuccessful to fully apply a constant diagnostics and mitigation (CDM) system and that the section had no definitive agenda to know the CDM program across all its operational divisions (OpDivs).

“Without a totally implemented CDM method, HHS may possibly not be able to discover cybersecurity challenges on an ongoing basis, use CDM info to prioritize the pitfalls based mostly on likely impacts, and then mitigate the most significant vulnerabilities initially,” warned the OIG.


Some parts of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News UK to Place Security Requirements on App Developers and Store Operators
Next Post: SIM Fraud Solution Sparks Privacy Fears Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.