Fiscal Year (FY) 2017 Vulnerability Assessment and Penetration Test Report

During the financial statement audit, we assessed PBGC’s information security infrastructure for technical weaknesses in PBGC’s computer systems that may allow employees or outsiders to cause harm to, and/or impact, PBGC’s business processes and information. Current year testing found weaknesses in the areas of vulnerability management, software support, authentication, malicious traffic detection, and data protection. This report includes seven new and three repeat recommendations. This work was conducted by CliftonLarsonAllen LLP under contract with the OIG. The Office of Inspector General has determined that this report is for official use only. The report detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information.