Fiscal Year 2012 Vulnerability Assessment and Penetration Testing Report (EVAL 2013-7/FA 12-88-6), issued May 16, 2013
As part of the annual financial statement audit, CliftonLarsonAllen LLP assessed the PBGC information security infrastructure to discover possible weaknesses in logical security controls and to exploit discovered vulnerabilities. In the assessment, we reported that PBGC’s information security has improved, although several critical and high risk weaknesses have repeated from prior years. Additionally, PBGC needs to increase controls and processes surrounding patch and password management. PBGC was responsive and agreed with all five recommendations contained in this report. OIG concurred with management decision and the associated completion dates.
Due to the nature of this report, it is not publically available.
The Office of Inspector General has determined that this report is for official use only. The attachment detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information that, if disclosed, would cause further vulnerability.