Fiscal Year 2013 Federal Information Security Management Act (FISMA) Independent Evaluation Report (EVAL-2014-9/FA-13-93-7), issued March 21, 2014
This narrative report is a follow-up to our FY 2013 Federal Information Security Management Act (FISMA submission) to OMB FA-13-93-4.pdf to provide findings and recommendations related to PBGC's information security program.
Overall, we determined that IT continues to be a challenge for PBGC management. We reported five (5) FISMA findings with twenty-four (24) recommendations for FY 2013. These are in addition to the twelve (12) FISMA-related findings with thirty-eight (38) recommendations we reported in the Corporation's FY 2013 internal control report FA-13-93-2.pdf. Identified deficiencies included controls to protect privacy, incident response, and application-specific general controls. PBGC agreed with all recommendations in this report.