We recommend that EEOC implement strong authentication mechanisms for privileged and non-privileged users in accordance with Federal guidance, to meet the required use of PIV or an Identity Assurance Level (IAL)3/Authenticator Assurance Level (AAL) credential of the Agency's networks, including remote access sessions, in accordance with Federal targets. The Agency should continue developing their plans for organization-wide use of strong authentication mechanisms for non-privileged users and require multifactor authentication to network access for all user accounts.
Organization
Report Number
2022-001-AOIG
Report Type
Fiscal Year
2023
Open/Closed
On
Cost
$0