Administration
Fiscal Year (FY) 2014 Vulnerability Assessment and Penetration Testing (EVAL-2015-7/FA-14-101-6) March 30, 2015
As part of the annual financial statement audit, we assessed the PBGC information security infrastructure to discover possible weaknesses in logical security controls and to exploit discovered vulnerabilities. We found the culture surrounding vulnerability management has improved. PBGC's information security critical and high vulnerabilities have decreased and patch management has achieved the highest level of maturity in the agency's history. At the same time, PBGC continues to have challenges in mitigating longstanding weaknesses, as a number of issues have continued for multiple years. This work was conducted by CliftonLarsonAllen LLP under contract with the OIG.
The Office of Inspector General has determined that this report is for official use only. The report detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information.
