Pension Benefit Guaranty Corporation’s Information Security Program and Practices for Fiscal Year 2024
Pension Benefit Guaranty Corporation’s Information Security Program and Practices for Fiscal Year 2024
PBGC should establish robust network segmentation and configure firewalls with default rules to ensure the guest wireless network is effectively isolated from internal resources.
PBGC should establish robust network segmentation and configure firewalls with default rules to ensure the guest wireless network is effectively isolated from internal resources.
PBGC should manage Active Directory certificate template settings effectively by hardening and auditing existing templates in the environment. Privileges should also be assessed for all templates to prevent unauthorized changes to the configuration…
PBGC should manage Active Directory certificate template settings effectively by hardening and auditing existing templates in the environment. Privileges should also be assessed for all templates to prevent unauthorized changes to the configuration…
PBGC should implement an enterprise-wide approach to prevent counterfeit components from entering its supply chain and establish performance measures to gauge the effectiveness of its anti-counterfeit policies and procedures. Additionally, PBGC should…
PBGC should implement an enterprise-wide approach to prevent counterfeit components from entering its supply chain and establish performance measures to gauge the effectiveness of its anti-counterfeit policies and procedures. Additionally, PBGC should…
Projected Benefit Payments in Selected Special Financial Assistance (SFA) Applications
Projected Benefit Payments in Selected Special Financial Assistance (SFA) Applications
For plans paid SFA prior to implementation of the Corporation’s full death audit procedure, continue to implement the new death audit procedures, and rectify with the plans the value attributed to deceased participants to include repayment to Treasury.…
For plans paid SFA prior to implementation of the Corporation’s full death audit procedure, continue to implement the new death audit procedures, and rectify with the plans the value attributed to deceased participants to include repayment to Treasury.…
PBGC Needs to Strengthen Oversight Controls Between CORs and Other Technical Personnel
PBGC Needs to Strengthen Oversight Controls Between CORs and Other Technical Personnel
Provide training for individuals responsible for writing contracts to ensure requirements are clear and options comply with the FAR.
Provide training for individuals responsible for writing contracts to ensure requirements are clear and options comply with the FAR.
Develop a control to ensure that options are exercised in accordance with contractual language. Implementing this recommendation could have ensured $1,442 would have been put to better use.
Develop a control to ensure that options are exercised in accordance with contractual language. Implementing this recommendation could have ensured $1,442 would have been put to better use.
Require the PD to follow up on annual COR file reviews within 90 days to ensure the COR fixed any identified discrepancies.
Require the PD to follow up on annual COR file reviews within 90 days to ensure the COR fixed any identified discrepancies.
Ensure the annual COR file review process identifies improvements needed in COR files and communicates them to the CORs.
Ensure the annual COR file review process identifies improvements needed in COR files and communicates them to the CORs.
Improve controls to properly centralize, maintain and safeguard COR contract files, as required by the FAR and internal policies.
Improve controls to properly centralize, maintain and safeguard COR contract files, as required by the FAR and internal policies.
Ensure designated contracting officials document the acceptance of all deliverables in accordance with FAR, PBGC FARS, and/or contract requirements.
Ensure designated contracting officials document the acceptance of all deliverables in accordance with FAR, PBGC FARS, and/or contract requirements.