Administration
Fiscal Year (FY) 2013 Vulnerability Assessment and Penetration Testing (EVAL-2014-6/FA-13-93-5)
As part of the annual financial statement audit, CliftonLarsonAllen LLP assessed the PBGC information security infrastructure to discover possible weaknesses in logical security controls and to exploit discovered vulnerabilities. We found that PBGC’s information security vulnerabilities have increased. OIG was optimistic after seeing a significant decline in the number of vulnerabilities form FY 2011 to FY 2012. Our FY 2013 findings raise concerns about the effectiveness of PBGC’s scanning efforts and timeliness in mitigating significant security weaknesses. Due to the nature of this report, it is not publically available. The Office of Inspector General has determined that this report is for official use only. The attachment detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information that, if disclosed, would cause further vulnerability.
