EAC OIG, through the independent public accounting firm of Brown & Company, CPAs, audited EAC's fiscal year 2019 compliance with the requirements of the Federal Information Security Modernization Act of 2014.
EAC Compliance with the Federal Information Security Modernization Act Fiscal Year 2019
Report Information
Status of Recommendations
We recommend EAC OIT conduct physical inventory annually to the level of information deemed necessary for effective accountability of inventory specifications that include physical location, component owners, manufacturer, device type, model and serial...
We recommend the EAC OIT prioritize and implement the use of multifactor authentication for network access for privileged accounts.
We recommend EAC OIT implement a SCAP tool to help maintain an up-to-date, complete, accurate and readily available view of configuration settings for all information components connected to the agency's network.
We recommend EAC OIT develop an annual specialized training schedule that identifies individuals who need training. The training program should include training objectives, specific appropriate training to ensure IT staff gains specific knowledge, skills...
EAC OIT should track the training schedule to ensure individuals receive assigned training according to the agency's policy.