U.S. Department of Health and Human Services
Under FISMA, HHS must determine the effectiveness of its information security program by annually performing an independent evaluation. The OIG reviews HHS information security policies, procedures, and practices.
The CIO and the OIG may ask for your help in reviewing existing security documentation, configurations, procedures, system testing, inventory, or anything else related to information security for the systems for which you are responsible.
Page 4 of 8
Information Security and the EPLC Independent Evaluation