Performance Audit Report U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA)

We recommend that EEOC review and remediate the level 4 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems. (1) To remediate vulnerabilities and prevent further exploitation, the agency should implement risk mitigation procedures such as: performing system updates, operating systems with administrative rights, downloading patches, uninstalling unprotected applications, etc.(2) Where risk acceptance is required for vulnerabilities based on EEOC's network operations and risk assessments, we recommend that EEOC formally document the risk acceptance along with any associated mitigation activities.

Report Number
Report Type
Fiscal Year