Performance Audit Report U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA)

We recommend that EEOC review and remediate the level 5 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems.(1)To remediate vulnerabilities and prevent further exploitation, the agency should implement risk mitigation procedures such as: applying vendor-released security fixes, disabling certain user access rights, upgrading to the latest supported version, and removing vulnerable/obsolete hardware from its network. (2) These vulnerabilities should be added and tracked on PAOM(s).(3) Where risk acceptance is required for vulnerabilities based on EEOC's network operations and risk assessments, we recommend that EEOC formally document the risk acceptance along with any associated mitigation activities.

Report Number
Report Type
Fiscal Year