FY 2024 Annual Performance Plan and Report - Strategic Goal 5: Objective 5.4

Fiscal Year 2024
Released March, 2023

Topics on this page: Objective 5.4: Ensure the security of HHS facilities, technology, data, and information, while advancing environment-friendly practices. | Objective 5.4 Table of Related Performance Measures

Objective 5.4: Ensure the security and climate resiliency of HHS facilities, technology, data, and information, while advancing environment-friendly practices.

HHS supports strategies to ensure the security of HHS facilities, technology, data, and information, while advancing environment-friendly practices.  HHS is focused on shifting the culture of data use across the enterprise to maximize the power of data.  The Department is leveraging modernization as a gateway to strengthened cybersecurity and enhanced risk management.  HHS also captures and applies lessons learned from real-world experiences to strengthen operational resilience. 

The Office of the Secretary leads this objective.  All divisions are responsible for implementing programs under this strategic objective.  In consultation with OMB, HHS has determined that performance toward this objective is progressing.  The narrative below provides a brief summary of progress made and achievements or challenges, as well as plans to improve or maintain performance.

Objective 5.4 Table of Related Performance Measures

An ATO authorizes an information system to connect to or operate within the HHS network for a specified period based on the implementation of a set of security and privacy controls.  Prior to issuing an ATO, HHS assesses the system to ensure that it will not compromise network data, cause technical support problems, and has the appropriate controls in place.  The HHS Office of Information Security identifies the organizations and systems not in compliance with ATO requirements and diligently works with OpDiv’s cybersecurity programs and Federal Information Security Modernization Act reporting leads across the Department to increase compliance. 

It is the responsibility of the OpDiv Chief Information Officers, Chief Information Security Officers, and StaffDiv system owners to maintain their system ATOs. HHS has made continued improvements toward meeting the  ATO compliance target and will continue to  implement proactive initiatives to meet the 100% target.

Phishing is a fraudulent attempt to obtain sensitive information (e.g., usernames and passwords) to access a system or network.  Per various threat analyses, phishing attacks remain one of the main threat vectors targeting HHS and the healthcare industry.  HHS trains and educates its personnel to reduce the likelihood of staff mistaking phishing email attempts for legitimate communications through a combination or training, education, and tools. The response rates to phishing training drills is 96% (i.e., only 4% of personnel take the “bait.”)

HHS uses the DOE Federal Energy Management Program greenhouse gas emissions (GHG) emissions report to identify and target high emission categories and implement specific actions to address the identified high emission areas. For HHS, the highest focus is on Scope 1 and 2 GHG emissions generated by energy use in building and laboratory operations. HHS also continues to focus on promoting green commuting habits for employees to reduce GHG emissions. Public transportation, car and van pools, and teleworking are emphasized through the promotion of transit subsidies, enhanced access to public transportation, and employee outreach.

HHS continues to prevent and reduce waste and pollution by diverting waste to landfill and eliminating single use plastic through the promotion and establishment of closed loop recycling processes.

HHS focuses on improving facility energy efficiency through dedicated energy reduction projects, renovations and upgrade projects, and new construction. Facility evaluations identify projects that can be bundled into performance contracts or with scheduled upgrades and renovations. Employee energy efficiency awareness and outreach is another strategy used to engage the HHS workforce in the effort to improve facility energy efficiency.

HHS focuses on improving water efficiency through infrastructure upgrades, leak detection and prevention, metering, and implementing no-cost or low-cost water conservation measures (WCMs). WCMs are primarily implemented through performance contracts or bundled in HHS-funded upgrade projects. HHS also works to improve the efficiency of research water use in laboratories.