| The Office of Inspector General contracted with Clifton Gunderson LLP, an independent certified public accounting firm, to audit the financial statements of the Single-Employer and Multiemployer Program Funds administered by the Pension Benefit Guaranty Corporation (PBGC) as of and for the years ended September 30, 2009 and 2008 (AUD-2010-1/FA-09-64-1). During the audit, our independent public accountant assessed the PBGC information security infrastructure to discover possible weaknesses in logical security controls and to exploit discovered vulnerabilities. In its assessment, Clifton Gunderson found major issues of concern and suggested that management:
- Ensure that PBGC systems have the most current patches and updates for all systems; and
- Implement standardized procedures, including best practices to strengthen or harden the configuration of PBGC's operating systems and applications.
To avoid duplication, specific recommendations from this assessment are included in the Report on Internal Controls Related to the Pension Benefit Guaranty Corporation’s Fiscal Year 2009 and 2008 Financial Statements Audit (AUD-2010-2/FA-09-64-2) or the Fiscal Year 2009 FISMA Independent Evaluation Report (EVAL-2010-7/FA-09-64-7).
Due to the nature of this report, it is not publically available.
The Office of Inspector General has determined that this report is for official use only. The attachment
detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and
confidential information that, if disclosed, would cause further vulnerability.
|
