The U.S. Equal Employment Opportunity Commission (EEOC) achieved compliance with Federal Information Security Modernization Act of 2014 (FISMA) requirements for FY 2018, according to an audit conducted by Brown & Company.
Although Brown & Company found that EEOC had effective information security programs – which are developed and implemented by the EEOC’s Office of Information Technology (OIT) – it made three recommendations to improve the commission’s security practices:
- OIT should, and do not currently, use automated mechanisms to ensure full encryption of sensitive data and personally identifiable information on mobile devices;
- The Chief Human Capital Officer and OIT should conduct a baseline assessment of EEOC’s cybersecurity workforce; and
- OIT should analyze and resolve its internal vulnerabilities.