Pension Benefit Guaranty Corporation FY 2023 Federal Information Security Modernization Act of 2014 Report (AUD-2024-06), issued January 31, 2024
We contracted with Ernst and Young LLP (EY) to assess PBGC’s information security program as required by the Federal Information Security Modernization Act of 2014. EY reviewed a sample of eight systems and completed fieldwork to address the FY 2023 IG FISMA metrics developed by OMB, DHS, and the Council of the Inspectors General on Integrity and Efficiency. Our independent auditors found PBGC’s information security program to be effective with the Identify, Protect, Respond, and Recover function areas assessed at Managed and Measurable and the Detect function area assessed at Optimized. EY issued three recommendations to address weaknesses associated with PBGC’s configuration management program.