PERFORMANCE AUDIT REPORT U.S. EQUAL EMPLOYMENT OPPORTUNITY COMMISSION FEDERAL INFORMATION SECURITY MODERNIZATION ACT OF 2014 (FISMA) FOR THE FISCAL YEAR ENDING SEPTEMBER 30, 2022

We recommend that EEOC review and remediate the level 4 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems.

• To remediate vulnerabilities and prevent further exploitation, the agency should implement risk mitigation procedures such as: performing system updates, operating systems with administrative rights, downloading patches, uninstalling unprotected applications, etc.
• Where risk acceptance is required for vulnerabilities based on EEOC's network operations and risk assessments, we recommend that EEOC formally document the risk acceptance along with any associated mitigation activities.