Fiscal Year 2018 Vulnerability Assessment and Penetration Testing of PBGC’s Network

During the financial statement audit, OIG’s contracted independent public accountant, CliftonLarsonAllen LLP, assessed PBGC’s information security infrastructure for technical weaknesses in PBGC’s computer systems that may allow employees or outsiders to cause harm to, and/or impact, PBGC’s business processes and information. Current year testing found weaknesses in the areas of configuration management, data protection and privacy, and identity and access management. This report includes three new recommendations and five repeat recommendations. The Office of Inspector General has determined that this report is for official use only. The report detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information.