During the financial statement audit, we assessed the PBGC information security infrastructure for technical weaknesses in PBGC’s computer systems that may allow employees or outsiders to cause harm to, and/or impact, PBGC’s business processes and information. PBGC made improvements to its vulnerability management program, however, work is still needed to ensure that vulnerability scans are complete. The improvement in PBGC’s vulnerability management program also increased the number of Critical and High severity vulnerabilities detected. This report includes three new recommendations. This work was conducted by CliftonLarsonAllen LLP under contract with the OIG. The Office of Inspector General has determined that this report is for official use only. The report detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information.
Wednesday, February 22, 2017
Agency Reviewed / Investigated:
Submitting OIG-Specific Report Number:
Type of Report:
Inspection / Evaluation
Funds for Better Use:
Number of Recommendations: