Fiscal Year 2025 Pension Benefit Guaranty Corporation Federal Information Security Modernization Act of 2014 (FISMA) Independent Performance Audit

Date Issued

Tuesday, September 30, 2025

Submitting OIG

Pension Benefit Guaranty Corporation OIG

Agencies Reviewed/Investigated

Pension Benefit Guaranty Corporation

Report Number

AUD-2025-12

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 4 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
2025-12-01	No	$0	$0
Provide training to ISSPOs, ISOs, and Information Owners on their roles and responsibilities to follow the PBGC RMF and POA&M processes.
2025-12-02	No	$0	$0
Confirm the requirement that deficiencies identified by SPA&A reviews that are not remediated within 30 days after identification are tracked via POA&Ms with accountable personnel.
2025-12-03	No	$0	$0
Periodically monitor the satisfaction of the system risk assessment and POA&M creation requirements to help ensure ongoing compliance associated with the timely completion of and updates to system risk assessments and documentation and tracking of POA&Ms.
2025-12-04	No	$0	$0
We recommend PBGC management to coordinate with its CSP to update its service agreement and shared responsibility matrix to address ambiguities regarding accountable parties for key controls and develop and implement a contingency plan for the system.