The audit concluded that EEOC met most, but not all, of the key requirements of FISMA. The
Agency has made positive strides over the last year in addressing information security
weaknesses and continues to make progress in becoming fully compliant with FISMA.
However, EEOC still faces challenges to refine its information security program. (See page 6)
These challenges involve:
· Maintaining documentation for network access requests/approvals. (See page 6)
· Implementing multi-factor authentication (See page 7)
· Updating the agency-wide Business Impact Analysis (BIA) (See page 8)
· Implementing controls over the agency’s vulnerability assessment process (see page 9).
· Removing Virtual Private Network (VPN) access for separated employees timely. (See
Consequently, EEOC’ operations and assets may be at risk of misuse and disruption. The
report contains five recommendations to help EEOC improve its information security program