Report 2012-003-FISM - Evaluation of Equal Employment Opportunity Commission’s (EEOC) Compliance with Provisions of the Federal Information Security Management Act of 2002

Fiscal Year
Executive Summary

The audit concluded that EEOC met most, but not all, of the key requirements of FISMA. The
Agency has made positive strides over the last year in addressing information security
weaknesses and continues to make progress in becoming fully compliant with FISMA. However,
EEOC still faces challenges to refine its information security program. These challenges involve:

Maintaining documentation for network access requests/approvals. (See page 6)mplementing multi-factor authentication. (See page 7)
Maintaining documentation of acceptance and understanding of information security
responsibilities. (See page 8)
Revising the incident response policy to reflect all US-CERT categorization types (See
page 9)

Consequently, EEOC’ operations and assets may be at risk of misuse and disruption. The
report contains four recommendations to help EEOC improve its information security program
and practices.