Sorry, you need to enable JavaScript to visit this website.

Recommendation Dashboard

Number of Reports:   7

Number of Open Recommendations:   16

Potential Cost Saving:   $0


Report 2018-007-AOIG - Performance Audit Report on the EEOC Charge Card Program: Fiscal Years Ending September 30 2018 and 2017

We recommend that the Office of the Chief Financial Officer of the U.S. Equal Employment Opportunity Commission enhance the documentation, monitoring, and enforcement of its controls over the closure of charge card accounts.

Report 2018-004-AOIG - U.S. Equal Employment Opportunity Commission Federal Information Security Modernization Act of 2014 (FISMA) Fiscal Year 2018 Independent Evaluation

We recommend the OCHCO and OIT conduct a baseline assessment of the EEOC’s cybersecurity workforce that includes (1) the percentage of personnel with IT, cybersecurity, or other cyber-related job functions who hold certifications; (2) the level of preparedness of other cyber personnel without existing credentials to take certification exams; and (3) a strategy for mitigating any gaps identified with appropriate training and certification for existing personnel.

We recommend the OIT review and remediate critical-risk, high-risk and moderate-risk vulnerabilities. These vulnerabilities should be resolved to avoid compromise to EEOC’s systems; or the Agency should document acceptance of the risk or reclassification of the risk

We recommend the OIT employed an automated mechanism that ensures sensitive PII is encrypted on removable mobile media.

Report 2017-007-AOIG - Independent Evaluation of the U.S. Equal Employment Opportunity Commission’s Compliance with Provisions of the Federal Information Security Modernization Act of 2014 (FISMA)

EEOC should conduct an e-authentication risk assessment for its digital systems and has not fully implemented multifactor authentication for logical and remote access for privileged and non-privileged users. (Repeat finding since FY 2008)

EEOC should develop a Trusted Internet Connection (TIC) program that meets OMB requirements to improve the agency’s security posture.

EEOC should implement an automated solution that provides a centralized, enterprise-wide view of risk across the agency.

Report 2017-002-EOIG - Evaluation of the EEOC’s Data Analytics Activities

Consider new approaches, such as web-enabled and cloud-based solutions, to support expanding IT infrastructure needs of both the analytics team as well as analytical product users.

Establish a data warehouse to address data retention, versioning, and reporting needs.

Invest in the generation of new metrics that quantify opportunity costs and corresponding benefits of data collection and data assurance.

Report 2014-008-EOIG - Evaluation of Equal Employment Opportunity Commission’s (EEOC) Compliance with Provisions of the Federal Information Security Management Act of 2002 (OIG REPORT NUMBER 2012-03-FISMA

EEOC update its personnel policy and procedures requiring screening and background checks for all individuals having access to information systems and information as defined by NIST SP 800-53, Rev. 4, Security and Privacy Controls for Federal Information Systems and Organizations, PS-3 Personnel Screening. The agency should ensure all individuals are processed through the E-Verify program, and no exception exists for those who have previously been verified by a third-party.

Report 2013-008-PSA - Performance Audit of the Agency’s Personnel Security Program

Immediately correct any known weaknesses. If EEOC determines not to correct a noted weakness, EEOC should document this analysis and their acceptance of the associated risk.

Develop and implement policies and procedures to address the safeguarding, transfer, storage, or disposal of classified information. The policy should include the requirements for Memorandums of Understanding between agencies.

Implement a formalized training program for individuals who use classified information as a part of their duties. If an external agency is to assume the responsibility of training these individuals, this agreement should be documented in an MOU.