Administration
PBGC’s Software Self-Attestation Efforts Need Improvement (AUD-2025-10), issued August 06, 2025
PBGC made some efforts to meet the critical software self-attestation requirements. Specifically, PBGC established a process for the Critical Software Inventory and obtained and stored some attestations for critical software. However, while PBGC inventoried critical software, the inventory did not contain all the data elements needed. Additionally, we also found instances where the Corporation did not adequately collect, review, and manage attestations; this led to PBGC utilizing critical software that may not meet minimum secure software development requirements.
