Friday, November 22, 2024

FedScoop: HHS commits to continuous monitoring, after information security found ‘not effective’

“The Department of Health and Human Services has agreed to continue implementing continuous monitoring of its systems, after an Ernst & Young audit released April 25 found its information security program ‘not effective’.”

“HHS is working with the Department of Homeland Security to implement automated Continuous Diagnostics and Mitigation (CDM) tools that feed risk information to an RSA Archer solution for an enterprise-wide picture.”

“Ernst & Young (EY) found HHS’s information security program ineffective in September, following an analysis of Federal Information Security Modernization Act (FISMA) metrics, because its Information Security Continuous Monitoring (ISCM) strategy was only partially implemented — providing limited visibility into assets and awareness of vulnerabilities and threats.”

“’Four [operational divisions] have completed transition to Archer, with an additional eight OpDivs in progress for transition,’ reads the HHS Office of the Chief Information Officer’s response. ‘The full deployment timeline is dependent on OpDiv and HHS funding resource availability.'”

“HHS is further working with the Cybersecurity and Infrastructure Security Agency‘s CDM program to implement the CDM Dashboard 2, based on Elastic’s data analysis solution, by the end of fiscal 2022 to collect asset, infrastructure, user and protection data from OpDivs.”

“While HHS established a monthly ISCM/CDM Working Group, its ISCM strategy for OpDivs lacks roadmaps, key performance indicators or benchmarks…” Read the full article here.

Source: HHS commits to continuous monitoring, after information security found ‘not effective’ – By Dave Nyczepir, May 6, 2022. FedScoop.

[related-post]

LEAVE A REPLY

Please enter your comment!
Please enter your name here

FedHealthIT Xtra – Find Out More!

Recent News

Don’t Miss A Thing

Jackie Gilbert
Jackie Gilbert
Jackie Gilbert is a Content Analyst for FedHealthIT and Author of 'Anything but COVID-19' on the Daily Take Newsletter for G2Xchange Health and FedCiv.

Subscribe to our mailing list

* indicates required