Fiscal Year 2025 Pension Benefit Guaranty Corporation Federal Information Security Modernization Act of 2014 (FISMA) Independent Performance Audit
Fiscal Year 2025 Pension Benefit Guaranty Corporation Federal Information Security Modernization Act of 2014 (FISMA) Independent Performance Audit
Confirm the requirement that deficiencies identified by SPA&A reviews that are not remediated within 30 days after identification are tracked via POA&Ms with accountable personnel.
Confirm the requirement that deficiencies identified by SPA&A reviews that are not remediated within 30 days after identification are tracked via POA&Ms with accountable personnel.
Provide training to ISSPOs, ISOs, and Information Owners on their roles and responsibilities to follow the PBGC RMF and POA&M processes.
Provide training to ISSPOs, ISOs, and Information Owners on their roles and responsibilities to follow the PBGC RMF and POA&M processes.
Fiscal Year 2025 Financial Statement Audit Management Letter Report
Fiscal Year 2025 Financial Statement Audit Management Letter Report
Due to the sensitive nature of the findings and recommendations in this report, its disclosure has been restricted.
Due to the sensitive nature of the findings and recommendations in this report, its disclosure has been restricted.
Due to the sensitive nature of the findings and recommendations in this report, its disclosure has been restricted.
Due to the sensitive nature of the findings and recommendations in this report, its disclosure has been restricted.
Due to the sensitive nature of the findings and recommendations in this report, its disclosure has been restricted.
Due to the sensitive nature of the findings and recommendations in this report, its disclosure has been restricted.
Audit of the Pension Benefit Guaranty Corporation’s Fiscal Year 2025 Financial Statements
Audit of the Pension Benefit Guaranty Corporation’s Fiscal Year 2025 Financial Statements
Design and implement additional controls based on the results of PBGC’s risk assessment process.
Design and implement additional controls based on the results of PBGC’s risk assessment process.
Strengthen their risk assessment process by considering the gap period between the last SOC 1 reports and PBGC’s fiscal year end to determine the sufficiency of internal controls relevant to PBGC’s financial reporting processed by the service…
Strengthen their risk assessment process by considering the gap period between the last SOC 1 reports and PBGC’s fiscal year end to determine the sufficiency of internal controls relevant to PBGC’s financial reporting processed by the service…
PBGC’s Software Self-Attestation Efforts Need Improvement
PBGC’s Software Self-Attestation Efforts Need Improvement
Contact OMB to obtain additional guidance to determine if an exception, waiver, or if the Corporation should discontinue the use of software for outstanding attestations.
Contact OMB to obtain additional guidance to determine if an exception, waiver, or if the Corporation should discontinue the use of software for outstanding attestations.
Update PBGC's process documentation to properly align with OMB requirements for software producers who cannot attest to adhering to the secure software development practices within their attestations and ensure PBGC effectively follows this process.
Update PBGC's process documentation to properly align with OMB requirements for software producers who cannot attest to adhering to the secure software development practices within their attestations and ensure PBGC effectively follows this process.
Ensure all responsible staff receive appropriate training on attestation roles and responsibilities.
Ensure all responsible staff receive appropriate training on attestation roles and responsibilities.