We recommend that EEOC review and remediate the level 4 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems. (See Attachment B for the full list of vulnerabilities identified, including those identified as Level 4.);
-To remediate vulnerabilities and prevent further exploitation, the Agency should implement risk mitigation procedures such as: performing system updates, operating systems with administrative rights, downloading patches, uninstalling unprotected applications, etc;
-Where risk acceptance is required for vulnerabilities based on EEOC's network operations and risk assessments, we recommend that EEOC formally document the risk acceptance along with any associated mitigation activities;