EEOC Passes FISMA Audit, But Gets Security Recommendations

The U.S. Equal Employment Opportunity Commission (EEOC) achieved compliance with Federal Information Security Modernization Act of 2014 (FISMA) requirements for FY 2018, according to an audit conducted by Brown & Company.

Although Brown & Company found that EEOC had effective information security programs – which are developed and implemented by the EEOC’s Office of Information Technology (OIT) – it made three recommendations to improve the commission’s security practices:

  • OIT should, and do not currently, use automated mechanisms to ensure full encryption of sensitive data and personally identifiable information on mobile devices;
  • The Chief Human Capital Officer and OIT should conduct a baseline assessment of EEOC’s cybersecurity workforce; and
  • OIT should analyze and resolve its internal vulnerabilities.