Office of Inspector General Contact OMB to obtain additional guidance to determine if an exception, waiver, or if the Corporation should discontinue the use of software for outstanding attestations.
Update PBGC's process documentation to properly align with OMB requirements for software producers who cannot attest to adhering to the secure software development practices within their attestations and ensure PBGC effectively follows this process.
Ensure all responsible staff receive appropriate training on attestation roles and responsibilities.
Create or update guidance to implement policies and procedures to guide and govern supply chain risk management activities related to attestations.
Update and maintain a complete Critical Software Inventory that staff may utilize to fulfill their responsibilities and provide transparency and tracking.