We recommend that EEOC review and remediate the level 4 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems. (1) To remediate vulnerabilities and prevent further exploitation, the agency should implement risk mitigation procedures such as: performing system updates, operating systems with administrative rights, downloading patches, uninstalling unprotected applications, etc.(2) Where risk acceptance is required for vulnerabilities based on EEOC's network operations and risk assessments, we recommend that EEOC formally document the risk acceptance along with any associated mitigation activities.
Organization
Report Number
2021-004-AOIG
Report Type
Fiscal Year
2022
Open/Closed
On
Cost
$0
Associated Report