We recommend that EEOC review and remediate the level 5 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems.
- To remediate vulnerabilities and prevent further exploitation, the agency should implement risk mitigation procedures such as: applying vendor-released security fixes, disabling certain user access rights, upgrading to the latest supported version, and removing vulnerable/obsolete hardware from its network.
- These vulnerabilities should be added and tracked on POAMS.
- Where risk acceptance is required for vulnerabilities based on EEOC's network operations and risk assessments, we recommend that EEOC formally document the risk acceptance along with any associated mitigation activities.
Organization
Report Number
2022-001-AOIG
Report Type
Fiscal Year
2023
Open/Closed
On
Cost
$0