Fiscal Year (FY) 2016 Vulnerability Assessment and Penetration Testing Report

During the financial statement audit, we assessed the PBGC information security infrastructure for technical weaknesses in PBGC’s computer systems that may allow employees or outsiders to cause harm to, and/or impact, PBGC’s business processes and information. PBGC made improvements to its vulnerability management program, however, work is still needed to ensure that vulnerability scans are complete. The improvement in PBGC’s vulnerability management program also increased the number of Critical and High severity vulnerabilities detected. This report includes three new recommendations. This work was conducted by CliftonLarsonAllen LLP under contract with the OIG. The Office of Inspector General has determined that this report is for official use only. The report detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information.