PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

We recommend that EEOC review and remediate the level 4 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems.

PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

We recommend that EEOC:

PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

We recommend that EEOC review and remediate the medium level severity vulnerabilities identified during external penetration testing by:

PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

We recommend that EEOC implement strong authentication mechanisms for privileged and non-privileged users in accordance with Federal guidance, to meet the required use of PIV or an Identity Assurance Level (IAL)3/Authenticator Assurance Level (AAL) 3 credential of the agency's networks, including rem

FY 2021 Annual Report on the U.S. Equal Employment Opportunity Commission's Compliance with the Payment Integrity Information Act of 2019

FY 2021 Annual Report on the U.S. Equal Employment Opportunity Commission's Compliance with the Payment Integrity Information Act of 2019

Report the OIG's finding of non-compliance with the FY 2021 PIIA requirements, as outlined in OMB Memorandum M-21-19, Section VI.D, "Agency Responsibility When a Program is Non-Compliant."

FY 2021 Annual Report on the U.S. Equal Employment Opportunity Commission's Compliance with the Payment Integrity Information Act of 2019

FY 2021 Annual Report on the U.S. Equal Employment Opportunity Commission's Compliance with the Payment Integrity Information Act of 2019

Annually conduct an improper payment review in accordance with PIIA and follow the guidance outlined in OMB Circular A-136, section II.4.5 [Payment Integrity Information Act].

Performance Audit Report U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA)

Performance Audit Report U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA)

We recommend that EEOC review and remediate the informational vulnerabilities identified during external penetration testing by: (1) Ensuring that passwords meet complexity requirements. (2) Requiring 2-Factor Authentication mechanisms for all externally accessible systems. (3) Recommending that employees not use their work email addresses for personal accounts. (4) Recommending that employees avoid using previously breached passwords.

Performance Audit Report U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA)

Performance Audit Report U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA)

We recommend that EEOC review and remediate the medium level severity vulnerabilities identified during external penetration testing by: (1) Disabling IKE Aggressive Mode. (2) Refraining from the use of pre-shared authentication keys.(3) Implementing multi-factor authentication for all VPN access.

Performance Audit Report U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA)

Performance Audit Report U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA)

We recommend that EEOC plans and prepares to meet the goals of the TIC initiative, consistent with OMB M-19-26. The agency should define and customize, as appropriate, a set of policies, procedures, and processes to implement TIC 3.0, including updating its network and system boundary policies, in accordance with OMB M-19-26. This includes, as appropriate, incorporation of TIC security capabilities catalog, TIC use cases, and TIC overlays.

Independent Evaluation of the U.S. Equal Employment Opportunity Commission’s Compliance with Provisions of the Federal Information Security Modernization Act of 2014 (FISMA)

Independent Evaluation of the U.S. Equal Employment Opportunity Commission’s Compliance with Provisions of the Federal Information Security Modernization Act of 2014 (FISMA)

The EEOC OIT should fully implement multifactor authentication for logical and remote access enterprise-wide. (Repeat finding)

Subscribe to