“The Department of Health and Human Services’ (HHS) FISMA (Federal Information Security Modernization Act) audit for fiscal year 2018, released today by HHS’ Office of the Inspector General (OIG), shows the agency improved its performance in the “Identify” and “Protect” areas of the framework, while holding steady in other areas.”
“The audit found that while HHS’ information security program as a whole is “not effective,” the agency notched improvements since the FISMA audit from FY2017. The report ranks agency implementation against the National Institute of Standards and Technology (NIST) Cybersecurity Framework. HHS received…”
“The one area of regression for the department was on the Detect aspect of the NIST Cybersecurity Framework. While the strategy for information security continuous monitoring (ISCM) at the enterprise level remained unchanged from FY17, the department…” Read the full article here.
Source: HHS Gains in FISMA Audit, but Security Program Deemed ‘Not Effective’ – April 19, 2019. MeriTalk.
