We recommend that EEOC: · Update to a recent BIRT viewer component, well past version 4.12. · Determine if the application should be publi
We recommend that EEOC's information security team should, in conjunction with other EEOC offices: a. Identify and document all applicable policies and procedures to cybersecurity and information security; b. Develop and use an accessible repository, such as SharePoint, for all identified documents, regardless of what office they reside in; c.
EEOC should develop an executable plan to meet the requirements of OMB M-21-31 and ensure the plan is properly supported.
We recommend that EEOC plans and prepares to meet the goals of the TIC initiative, consistent with OMB M-19-26. The Agency should define and customize, as appropriate, a set of policies, procedures, and processes to implement TIC 3.0, including updating its network and system boundary policies, in accordance with OMB M-19-26. This includes, as appropriate, incorporation of TIC security capabilities catalog, TIC use cases, and TIC overlays.
We recommend that EEOC continue its full implementation in accordance with their plan. For the ZTA Identity pillar, to better meet ZT requirements for all agency-provided devices, the EEOC made a strategic decision to move away from the prior PIV-based device-login solution to a new password-less Multifactor Authentication (MFA) strategy - providing a strong, non-impersonable authentication process for all agency resource access.
We recommend that EEOC communicates and implements an organization-wide SCRM and CSCRM strategy to guide supply chain analyses, provide communication channels with internal/external partners and stakeholders, and assist in building consensus regarding the appropriate resources for SCRM and C-SCRM.