This narrative report is a follow-up to our FY 2016 Federal Information Security Modernization Act (FISMA) Submission to the Office of Management and Budget (LTR 2017-04/FA-16-110-3) to provide findings and recommendations related to PBGC's information security program.We contracted with CliftonLarsonAllen LLP, an independent public accounting firm, to perform an evaluation of PBGC’s information security program as required by the Federal Information Security Modernization Act (FISMA). In FY 2016, PBGC made progress improving its information security program by publishing its Information Security Risk Management Framework Process and requiring the use of PIV for authentication; however, additional action is needed. More specifically, PBGC needs to permanently fill its risk executive position and ensure it fully and consistently implements current NIST access controls. The Corporation also needs to complete implementation of its information system continuous monitoring program. We reported 20 new recommendations based on the results of our FY 2016 independent evaluation. In addition to the recommendations in this report, there were eight FISMA-related recommendations reported in the Corporation’s FY 2016 internal control report AUD-2017-3/FA-16-110-2.
Report File
Date Issued
Submitting OIG
Pension Benefit Guaranty Corporation OIG
Other Participating OIGs
Pension Benefit Guaranty Corporation OIG
Agencies Reviewed/Investigated
Pension Benefit Guaranty Corporation
Report Number
EVAL2017-09FA-16-110-7
Report Description
Report Type
Inspection / Evaluation
Agency Wide
Yes
Number of Recommendations
20
Questioned Costs
$0
Funds for Better Use
$0