“The Department of Health and Human Services’ information security program was once again deemed “not effective,” according to the Office of Management and Budget’s annual Federal Information Security Modernization Act report.”
“In April, an Office of the Inspector General report deemed the HHS’ security programs at four operating divisions “not effective,” when auditing the departments to determine compliance with FISMA.”
“While the departments were found to be working toward improving its security posture, the audited divisions’ had weaknesses in risk management, identity access management, and…”
“OMB also found HHS has already taken steps to mitigate some of the risks to the organization through the development of collaborative efforts within the agency to manage…” Read the full article here.
Source: HHS Lacks Managed, Measurable Security Maturity Level, OMB Finds – By Jessica Davis, August 26, 2019. Health IT Security.
