Administration
Audit of PBGC’s FY 2018 Compliance with the Federal Information Security Modernization Act of 2014 (AUD-2019-04/FA-18-127-4), issued December 20, 2018
We contracted with CliftonLarsonAllen LLP, an independent public accounting firm, to perform an evaluation of PBGC’s information security program for FY 2018 as required by FISMA. Our independent public accountants concluded that PBGC did not implement an effective information security program for many of the security controls for selected information systems. PBGC’s implementation of a subset of selected controls was not fully effective to ensure the confidentiality, integrity, and availability of the Corporation’s information and information systems, potentially exposing them to unauthorized access, use, disclosure, disruption, modification, or destruction. Consequently, CLA noted weaknesses in seven of the eight Inspector General FISMA Metric Domains and issued ten new FISMA-related recommendations and 16 repeated or modified recommendations to assist PBGC in strengthening its information security program. Of the ten new recommendations, five were issued in the Financial Statements audit report and five are issued in this report. PBGC agreed with the five new recommendations in this report and previously agreed with the five recommendations in the Financial Statements audit report.
