From: FierceGovernmentIT
Although the Health and Human Services Department has formalized its information security continuous monitoring program, department-wide implementation gaps persist, according to an HHS Office of Inspector General report (pdf) issued March 7.
HHS operating divisions lack final policy guidance on how to address and report on Homeland Security Department-mandated metrics, such as vulnerability management, software assurance, information management, patch management, license management, event management, malware detection, asset management and network management, found the audit, which Ernst & Young, LLP independently conducted.
Leave a Reply