Office of Information Technology

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) FY 2019 Performance Audit.

We recommend EEOC OIT develop an action plan to address related policy and procedural requirements of the SECURE Technology Act.

We recommend EEOC OIT develop an action plan to address related policy and
procedural requirements of the SECURE Technology Act.

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) FY 2019 Performance Audit.

We recommend EEOC OIT enforce its mobile device management compliance policies for all enrolled mobile devices and report noncompliance to the user and OIT senior management for corrective action.

We recommend EEOC OIT enforce its mobile device management compliance policies
for all enrolled mobile devices and report noncompliance to the user and OIT senior
management for corrective action.

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) FY 2019 Performance Audit.

We recommend EEOC OIT review and remediate critical-risk, high-risk, and mediumrisk vulnerabilities in accordance with EEOC OIT's assessment of risk. If the risk is not remediated then we recommend EEOC OIT document the acceptance of the risk.

We recommend EEOC OIT review and remediate critical-risk, high-risk, and medium risk
vulnerabilities in accordance with EEOC OIT's assessment of risk. If the risk is not
remediated then we recommend EEOC OIT document the acceptance of the risk.

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) FY 2019 Performance Audit.

We recommend EEOC OIT provide specialized training for SharePoint administrators and users to reduce the risk of exposing sensitive information and PII.

We recommend EEOC OIT provide specialized training for SharePoint administrators
and users to reduce the risk of exposing sensitive information and PII.

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) FY 2019 Performance Audit.

We recommend EEOC OIT conduct a privacy impact assessment of the SharePoint system to identify privacy issues and risks associated with the security settings; and to provide recommendations to mitigate potential privacy risk.

We recommend EEOC OIT conduct a privacy impact assessment of the SharePoint
system to identify privacy issues and risks associated with the security settings; and to
provide recommendations to mitigate potential privacy risk.

Report 2018-004-AOIG - U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

We recommend the OIT review and remediate critical-risk, high-risk and moderate-risk vulnerabilities. These vulnerabilities should be resolved to avoid compromise to EEOC’s systems; or the Agency should document acceptance of the risk or reclassification of the risk

Report 2018-004-AOIG - U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

We recommend the OCHCO and OIT conduct a baseline assessment of the EEOC’s cybersecurity workforce that includes (1) the percentage of personnel with IT, cybersecurity, or other cyber-related job functions who hold certifications; (2) the level of preparedness of other cyber personnel without existing credentials to take certification exams; and (3) a strategy for mitigating any gaps identified with appropriate training and certification for existing personnel.

Report 2018-004-AOIG - U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

We recommend the OCHCO and OIT define and implement a process for conducting assessment of the knowledge, skills, and abilities of EEOC’s cybersecurity workforce.

Report 2018-004-AOIG - U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

We recommend the OIT employed an automated mechanism that ensures sensitive PII is encrypted on removable mobile media.

Report 2016-008-EOIG - Independent Evaluation of the U.S. Equal Employment Opportunity Commission’s Compliance with Provisions of the Federal Information Security Modernization Act of 2014 (FISMA)

Report 2016-008-EOIG - Independent Evaluation of the U.S. Equal Employment Opportunity Commission’s Compliance with Provisions of the Federal Information Security Modernization Act of 2014 (FISMA)

EEOC OIT should review and analyze critical, high, and medium vulnerabilities. These vulnerabilities should be resolved to avoid compromise of EEOC’s systems; or the agency should document acceptance of the risk or reclassification of the risk.