Pension Benefit Guaranty Corporation’s Information Security Program and Practices for Fiscal Year 2024 (AUD-2025-02), issued October 31, 2024
We contracted with Ernst and Young LLP (EY) to assess PBGC’s information security program as required by FISMA. EY reviewed a sample of nine systems and completed fieldwork to address the FY 2024 IG FISMA metrics developed by OMB, DHS, and the Council of the Inspectors General on Integrity and Efficiency. Our independent auditors found PBGC’s information security program to be effective with the Identify, Protect, Respond, and Recover function areas assessed at Managed and Measurable and the Detect function area assessed at Optimized. EY issued six recommendations to address weaknesses associated with PBGC’s supply chain risk management, configuration management, data protection and privacy, and security training programs.