We recommend that EEOC defines, communicates, and implements an organization-
wide SCRM strategy to guide supply chain analyses, provide communication channels
with internal/external partners and stakeholders, and assist in building consensus
regarding the appropriate resources for SCRM.
We recommend that the Office of the Chief Financial Officer of the U.S. Equal
Employment Opportunity Commission enhance the documentation, monitoring, and
enforcement of its controls over the closure of charge card accounts.
We recommend that EEOC review and remediate the level 5 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems.
We recommend that EEOC review and remediate the level 4 severity vulnerabilities identified during internal vulnerability scanning to avoid compromises to agency systems.
We recommend that EEOC:
We recommend that EEOC review and remediate the medium level severity vulnerabilities identified during external penetration testing by:
We recommend that EEOC implement strong authentication mechanisms for privileged and non-privileged users in accordance with Federal guidance, to meet the required use of PIV or an Identity Assurance Level (IAL)3/Authenticator Assurance Level (AAL) 3 credential of the agency's networks, including rem
We recommend that EEOC review and remediate the informational vulnerabilities identified during external penetration testing by: (1) Ensuring that passwords meet complexity requirements. (2) Requiring 2-Factor Authentication mechanisms for all externally accessible systems. (3) Recommending that employees not use their work email addresses for personal accounts. (4) Recommending that employees avoid using previously breached passwords.
We recommend that EEOC review and remediate the medium level severity vulnerabilities identified during external penetration testing by: (1) Disabling IKE Aggressive Mode. (2) Refraining from the use of pre-shared authentication keys.(3) Implementing multi-factor authentication for all VPN access.
We recommend that EEOC plans and prepares to meet the goals of the TIC initiative, consistent with OMB M-19-26. The agency should define and customize, as appropriate, a set of policies, procedures, and processes to implement TIC 3.0, including updating its network and system boundary policies, in accordance with OMB M-19-26. This includes, as appropriate, incorporation of TIC security capabilities catalog, TIC use cases, and TIC overlays.