• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

HHS Information Security Program ‘Not Effective’

You are here: Home / General Cyber Security News / HHS Information Security Program ‘Not Effective’
May 4, 2022

The information security program of the United States’ Department of Health and Human Products and services (HHS) has been considered ineffective for a fourth consecutive 12 months. 

Audits carried out for the HHS’ Business of Inspector General (OIG) to evaluate compliance with the Federal Info Security Modernization Act of 2014 (FISMA) in the fiscal many years 2018, 2019, 2020 and 2021 have all resulted in the method receiving a ‘not effective’ ranking.

The results of the most the latest audit, released in April 2022, ended up carried out at five of the HHS’ 12 running divisions, whilst the OIG did not specify which 5 divisions had been audited.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Outlining why the system had at the time once again been rated ‘not efficient,’ the OIG report stated: “This willpower was produced based mostly on HHS not meeting the ‘Managed and Measurable’ maturity amount for the Detect, Secure, Detect, Respond, and Recuperate operate regions as expected by DHS assistance and the FY 2021 Inspector Typical FISMA Reporting Metrics.”

Even with the department’s failure to meet up with the needed ranking degree for 5 of the five operate regions, the OIG acknowledged that the section was aware of methods in which it could strengthen its cybersecurity and that endeavours were staying made by the section toward reaching a mature cybersecurity posture.

“HHS proceeds to put into action changes to strengthen the maturity of its enterprise-vast cybersecurity plan. Development carries on to be created to maintain cybersecurity maturity across all FISMA domains,” observe the OIG,

“HHS is mindful of alternatives to improve the Department’s all round information and facts security plan which would support assure that all OpDivs are constantly utilizing and in line with the prerequisites across their security plans.” 

The OIG observed that in the fiscal year 2021, the HHS experienced unsuccessful to fully apply a constant diagnostics and mitigation (CDM) system and that the section had no definitive agenda to know the CDM program across all its operational divisions (OpDivs).

“Without a totally implemented CDM method, HHS may possibly not be able to discover cybersecurity challenges on an ongoing basis, use CDM info to prioritize the pitfalls based mostly on likely impacts, and then mitigate the most significant vulnerabilities initially,” warned the OIG.


Some parts of this write-up are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News UK to Place Security Requirements on App Developers and Store Operators
Next Post: SIM Fraud Solution Sparks Privacy Fears Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Dark Web Actors Fight For Drug Trafficking and Illegal Pharmacy Supremacy
  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022
  • Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
  • Threat Actors Spread RAT Via Pokemon NFT Card Site

Copyright © TheCyberSecurity.News, All Rights Reserved.