Office of Information Technology

We recommend that EEOC continue its full implementation in accordance with their plan. For the ZTA Identity pillar, to better meet ZT requirements for all agency-provided devices, the EEOC made a strategic decision to move away from the prior PIV-based device-login solution to a new password-less Multifactor Authentication (MFA) strategy - providing a strong, non-impersonable authentication process for all agency resource access.

We recommend that EEOC communicates and implements an organization-wide SCRM and CSCRM strategy to guide supply chain analyses, provide communication channels with internal/external partners and stakeholders, and assist in building consensus regarding the appropriate resources for SCRM and C-SCRM.