Report 2011-005-FISM - Assessment of Equal Employment Opportunity Commission’s (EEOC) Compliance with Provisions of the Federal Information Security Management Act of 2002

Fiscal Year
2011
Executive Summary

The audit concluded that EEOC met most, but not all, of the key requirements of FISMA. The
Agency has made positive strides over the last year in addressing information security
weaknesses and continues to make progress in becoming fully compliant with FISMA.
However, EEOC still faces challenges to refine its information security program. (See page 6)

These challenges involve:
· Maintaining documentation for network access requests/approvals. (See page 6)
· Implementing multi-factor authentication (See page 7)
· Updating the agency-wide Business Impact Analysis (BIA) (See page 8)
· Implementing controls over the agency’s vulnerability assessment process (see page 9).
· Removing Virtual Private Network (VPN) access for separated employees timely. (See
page 10)

Consequently, EEOC’ operations and assets may be at risk of misuse and disruption. The
report contains five recommendations to help EEOC improve its information security program
and practices.