PBGC should strengthen its controls around verifying the identity of PBGC personnel prior to temporarily disabling their requirement for MFA for remote access should a user purportedly have a malfunctioning PIV card or other MFA token.

Date Issued

October 30, 2024

Status

Closed

PBGC should strengthen its controls around verifying the identity of PBGC personnel prior to temporarily disabling their requirement for MFA for remote access should a user purportedly have a malfunctioning PIV card or other MFA token.

Report

Pension Benefit Guaranty Corporation’s Information Security Program and Practices for Fiscal Year 2024

Significant Recommendation

Questioned Costs

Funds for Better Use

Breadcrumb

PBGC should strengthen its controls around verifying the identity of PBGC personnel prior to temporarily disabling their requirement for MFA for remote access should a user purportedly have a malfunctioning PIV card or other MFA token.