We contracted with CliftonLarsonAllen LLP, an independent public accounting firm, to perform an evaluation of PBGC’s information security program as required by the Federal Information Security Modernization Act (FISMA). In Fiscal Year 2016, PBGC made progress improving its information security program by publishing its Information Security Risk Management Framework Process and requiring the use of PIV for authentication; however, improvements are still needed. More specifically, PBGC needed to permanently fill its risk executive position and ensure current NIST controls are fully and consistently implemented including controls over access control. The Corporation also needed to fully implement its information system continuous monitoring program. The OIG’s Report on Internal Controls Related to the Pension Benefit Guaranty Corporation’s Fiscal Year 2016 and 2015 Financial Statements Audit (AUD 2017-3/FA-16-110-2) presents additional details on the Corporation’s progress in mitigating IT control weaknesses identified in: (1) PBGC’s entity-wide security program and (2) access controls and configuration management.
| Report Date | Agency Reviewed / Investigated | Report Title | Type | Location | |
|---|---|---|---|---|---|
| Pension Benefit Guaranty Corporation | FY 2016 Federal Information Security Modernization Act (FISMA) Submission to the Office of Management and Budget (OMB) | Audit | Agency-Wide | View Report | |
| Election Assistance Commission | Audit of the U.S. Election Assistance Commission's Financial Statements for Fiscal Years 2016 and 2015 | Audit | Agency-Wide | View Report | |
| Election Assistance Commission | Compliance with the Requirements of the Federal Information Security Management Act 2016 | Audit | Agency-Wide | View Report | |
| Department of the Interior | Tribal and Other Trust Funds and Individual Indian Monies Trust Funds Statements for Fiscal Years 2016 and 2015 | Other | Agency-Wide | View Report | |
| Department of Defense | Improvements Needed in Managing Air Force Suspense Accounts | Audit | Agency-Wide | View Report | |
| Peace Corps | 2016 Review of the Peace Corps’ Information Security Program | Review | Agency-Wide | View Report | |
| Department of Defense | Application Level General Controls for the Defense Cash Accountability System Need Improvement | Audit | Agency-Wide | View Report | |
| Federal Maritime Commission | Independent Auditors’ Report of the FMC’s FY 2016 Financial Statements | Audit | Agency-Wide | View Report | |
| Federal Housing Finance Agency | FHFA’s Use of Inconsistent Criteria Materially Affected its Reporting of Remediation of Serious Deficiencies in its 2015 Performance and Accountability Report | Inspection / Evaluation | Agency-Wide | View Report | |
| Office of Personnel Management | Federal Information Security Moderization Act Audit Fiscal Year 2016 | Audit | Agency-Wide | View Report | |
