PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

We recommend that EEOC:

  • Determine if listening ports or entire system should be blocked from public access;
  • Regularly review network device search engines for new systems belonging to EEOC or those that may be masquerading as EEOC systems;
  • Perform a forensic analysis on identified system to ensure no malicious access has taken place;
  • For authorized remote sessions, create a control to address remote access being left open after the session has concluded. The controls should at minimum require the session owner to ensure the remote session was closed at the conclusion of the session as well as an overall control run on a set basis that will identify any open remote sessions on endpoints;
  • Create an auditability feature that checks internally via an agent when a device with remote access is listening;
  • Create an auditability feature that checks for remote connection software being installed.
Organization
Office of Information Technology
Report Number
2022-001-AOIG
Report Type
AOIG
Fiscal Year
2022
Open/Closed
On
Cost
$0
Associated Report
FY 2022 FEDERAL INFORMATION SECURITY MODERNIZATION ACT INDEPENDENT EVALUATION