We recommend that the EEOC ensure it has a policy in place to address NIST 800-53, Rev 5, SI-2, Flaw Remediation. · Ensure procedures are written in such a way to accomplish what is written in the policy.
We recommend that EEOC: · Update to a recent BIRT viewer component, well past version 4.12. · Determine if the application should be publi
We recommend that EEOC's information security team should, in conjunction with other EEOC offices: a. Identify and document all applicable policies and procedures to cybersecurity and information security; b. Develop and use an accessible repository, such as SharePoint, for all identified documents, regardless of what office they reside in; c.
EEOC should develop an executable plan to meet the requirements of OMB M-21-31 and ensure the plan is properly supported.
We recommend that EEOC plans and prepares to meet the goals of the TIC initiative, consistent with OMB M-19-26. The Agency should define and customize, as appropriate, a set of policies, procedures, and processes to implement TIC 3.0, including updating its network and system boundary policies, in accordance with OMB M-19-26. This includes, as appropriate, incorporation of TIC security capabilities catalog, TIC use cases, and TIC overlays.
We recommend that EEOC continue its full implementation in accordance with their plan. For the ZTA Identity pillar, to better meet ZT requirements for all agency-provided devices, the EEOC made a strategic decision to move away from the prior PIV-based device-login solution to a new password-less Multifactor Authentication (MFA) strategy - providing a strong, non-impersonable authentication process for all agency resource access.
We recommend that EEOC communicates and implements an organization-wide SCRM and CSCRM strategy to guide supply chain analyses, provide communication channels with internal/external partners and stakeholders, and assist in building consensus regarding the appropriate resources for SCRM and C-SCRM.
I am pleased to submit this semiannual report to Congress highlighting the activities of the Equal
Employment Opportunity Commission (EEOC), Office of Inspector General (OIG) for the six month
period ending on March 31, 2025.
The OIG employs modern technologies and tools to ensure good financial management of
American taxpayers' investment in the OIG. I have tasked my staff to develop a structured process
to identify and perform our high-risk evaluation work. In order to do so, I have also implemented
an Effectiveness and Efficiency Review Initiative within OIG. This initiative allows senior OIG
staff to collaborate on enhancing our efforts to identify the highest mission-related risk areas, and
ultimately conduct targeted evaluations of such areas. This initiative is manned by senior OIG
staffers who work together to identify better high-risk areas associated with the Agency’s mission critical
programs and conduct targeted reviews to address risk areas and identify effective and
efficient solutions. Applying this new concept within the OIG while merging technologies and
other innovative approaches and ideas to our work has aided in improved performance regarding
the OIG’s core mission of providing independent, objective, standards-based oversight, and
enforcement to protect EEOC programs and the people they serve from fraud, waste, and abuse.
Furthermore, the OIG staff has fully returned to the office as required by President Donald Trump’s
The PIIA (Public Law 116-117) aims to improve efforts to identify and reduce government-wide improper payments. Agencies are required to identify and review all programs and activities they administer that may be susceptible to significant improper payments based on guidance provided by the OMB. Payment integrity information is published with the agency's annual financial statement in accordance with payment integrity guidance in OMB Circular A-1361. The agency must also publish applicable payment integrity information required in the accompanying materials to the annual financial statement in accordance with applicable guidance. The most common accompanying material to the annual financial statements is the payment integrity information published on paymentaccurancy.gov. The agency's Inspectors General are to review payment integrity reporting for compliance and issue an annual report.
Recently, the Office of Information Technology (OIT) contacted the Office of Inspector General (OIG) regarding suspicious and/or pornographic images being uploaded by a potential charging party (PCP) as evidence to their claim of sexual harassment against an employer into the Agency’s information system, the Agency Records Center (ARC).
A Management Advisory was issued to Agency senior management.