We recommend that EEOC implement strong authentication mechanisms for privileged and non-privileged users in accordance with Federal guidance, to meet the required use of PIV or an Identity Assurance Level (IAL)3/Authenticator Assurance Level (AAL) 3 credential of the agency's networks, including remote access sessions, in accordance with Federal targets. The agency should continue developing their plans for organization-wide use of strong authentication mechanisms for non-privileged users and require multifactor authentication to network access for all user accounts.
Organization
Report Number
2022-001-AOIG
Report Type
Fiscal Year
2022
Open/Closed
On
Cost
$0