PBGC’s Software Self-Attestation Efforts Need Improvement

Date Issued

Wednesday, August 6, 2025

Submitting OIG

Pension Benefit Guaranty Corporation OIG

Agencies Reviewed/Investigated

Pension Benefit Guaranty Corporation

Report Number

AUD-2025-10

Report Type

Audit

Agency Wide

Yes

Number of Recommendations

Questioned Costs

Funds for Better Use

Report updated under NDAA 5274

Open Recommendations

This report has 5 open recommendations.

Recommendation Number	Significant Recommendation	Recommended Questioned Costs	Recommended Funds for Better Use
2025-10-01	No	$0	$0
Update and maintain a complete Critical Software Inventory that staff may utilize to fulfill their responsibilities and provide transparency and tracking.
2025-10-02	No	$0	$0
Create or update guidance to implement policies and procedures to guide and govern supply chain risk management activities related to attestations.
2025-10-03	No	$0	$0
Ensure all responsible staff receive appropriate training on attestation roles and responsibilities.
2025-10-04	No	$0	$0
Update PBGC's process documentation to properly align with OMB requirements for software producers who cannot attest to adhering to the secure software development practices within their attestations and ensure PBGC effectively follows this process.
2025-10-05	No	$0	$0
Contact OMB to obtain additional guidance to determine if an exception, waiver, or if the Corporation should discontinue the use of software for outstanding attestations.