Content created by Assistant Secretary for Financial Resources (ASFR)
Fiscal Year 2023
Released March, 2022
Topics on this page: Objective 5.4: Ensure the security of HHS facilities, technology, data, and information, while advancing environment-friendly practices. | Objective 5.4 Table of Related Performance Measures
Objective 5.4: Ensure the security of HHS facilities, technology, data, and information, while advancing environment-friendly practices.
HHS supports strategies to ensure the security of HHS facilities, technology, data, and information, while advancing environment-friendly practices. HHS is focused on shifting the culture of data use across the enterprise to maximize the power of data. The Department is leveraging modernization as a gateway to strengthened cybersecurity and enhanced risk management. HHS also captures and applies lessons learned from real-world experiences to strengthen operational resilience.
The Office of the Secretary leads this objective. All divisions are responsible for implementing programs under this strategic objective. The narrative below provides a brief summary of any past work towards these objectives and strategies planned to improve or maintain performance on these objectives.
Objective 5.4 Table of Related Performance Measures
| FY 2016 | FY 2017 | FY 2018 | FY 2019 | FY 2020 | FY 2021 | FY 2022 | FY 2023 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | N/A | 100% | 100% |
| Result | N/A | N/A | N/A | N/A | N/A | N/A | Dec 31, 2022 | Dec 31, 2023 |
| Status | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Pending | Pending |
An ATO authorizes an information system to connect to or operate within the HHS network for a specified period based on the implementation of a set of security and privacy controls. Prior to issuing an ATO, HHS assesses the system to ensure that it will not compromise network data, cause technical support problems, and has the appropriate controls in place. The HHS Office of Information Security identifies the organizations and systems not in compliance with ATO requirements and diligently works with OpDiv’s cybersecurity programs and Federal Information Security Management Act reporting leads across the Department to increase compliance.
| FY 2016 | FY 2017 | FY 2018 | FY 2019 | FY 2020 | FY 2021 | FY 2022 | FY 2023 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | N/A | 95% | 95% |
| Result | N/A | N/A | N/A | N/A | N/A | N/A | 12/31/2022 | 12/31/2023 |
| Status | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Pending | Pending |
Phishing is a fraudulent attempt to obtain sensitive information (e.g., usernames and passwords) to access a system or network. Statistics suggest phishing attacks remain one of the main threat vectors targeting the healthcare industry. HHS trains and educates its personnel to reduce the likelihood of staff mistaking phishing email attempts for legitimate communications through a combination or training, education, and tools.
| FY 2016 | FY 2017 | FY 2018 | FY 2019 | FY 2020 | FY 2021 | FY 2022 | FY 2023 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | N/A | 2% | 2% |
| Result | N/A | N/A | N/A | N/A | N/A | N/A | 12/31/2022 | 12/31/2023 |
| Status | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Pending | Pending |
| FY 2016 | FY 2017 | FY 2018 | FY 2019 | FY 2020 | FY 2021 | FY 2022 | FY 2023 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | N/A | 44% | 46% |
| Result | N/A | N/A | N/A | N/A | N/A | N/A | 12/31/2022 | 12/31/2023 |
| Status | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Pending | Pending |
| FY 2016 | FY 2017 | FY 2018 | FY 2019 | FY 2020 | FY 2021 | FY 2022 | FY 2023 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | N/A | 2% | 2% |
| Result | N/A | N/A | N/A | N/A | N/A | N/A | 12/31/2022 | 12/31/2023 |
| Status | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Pending | Pending |
| FY 2016 | FY 2017 | FY 2018 | FY 2019 | FY 2020 | FY 2021 | FY 2022 | FY 2023 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | N/A | 2% | 2% |
| Result | N/A | N/A | N/A | N/A | N/A | N/A | 12/31/2022 | 12/31/2023 |
| Status | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Not Collected | Pending | Pending |
The HHS Sustainability Program, led by the HHS Chief Sustainability Officer (CSO), engages the HHS community to promote a culture of quality improvement and lead the advancement of human health, environmental stewardship, and sustainability through partnership and innovation. HHS uses an interdisciplinary, collaborative approach to sustainability with all employees, contract personnel, and the private sector, to develop and implement sustainability endeavors connected with agency functions.
The HHS Sustainability Program achieves sustainability goals with the help of appointed goal managers across the HHS OpDivs. Goal managers serve as champions for sustainability to promote widespread adoption of sustainable practices throughout the agency. Additionally, HHS has dedicated sustainability teams and workgroups that focus on efforts and initiatives for energy and water efficiency, high performance buildings, and employee outreach to reduce greenhouse gas (GHG) emissions.