PBGC - Office of Inspector General

Powered by Google

Pension Benefit Guaranty Corporation’s Implementation of the Federal Information Security Modernization Act of 2014 for FY 2022 (AUD-2023-06), issued January 09, 2023

We contracted with Ernst and Young LLP (EY) to perform an evaluation of PBGC’s information security program as required by FISMA. EY reviewed a sample of six systems and completed fieldwork to address the FY 2022 IG FISMA Core Metrics developed by OMB, DHS, and the Council of the Inspectors General on Integrity and Efficiency. EY noted improvements in Information Security Continuous Monitoring and Supply Chain Risk Management. Weaknesses in Configuration Management and Identity and Access Management domains were identified. However, these domains and PBGC's overall information security program remained effective. PBGC's Information Security Continuous Monitoring function was assessed at Optimized, and the remaining four Cybersecurity Framework functions were found to be Managed and Measurable. In their report, EY issued four new recommendations related to PBGC’s configuration management and identity and access management programs.

Click here for full report.

Pension Benefits Guarantee Corporation
By using this website, you agree to the conditions, policies, disclaimer, and terms of use set forth in the above menu and throughout this website.