Fiscal Year (FY) 2017 Vulnerability Assessment and Penetration Test Report (EVAL-2018-2/FA-17-119-5), issued November 13, 2017

During the financial statement audit, we assessed PBGC’s information security infrastructure for technical weaknesses in PBGC’s computer systems that may allow employees or outsiders to cause harm to, and/or impact, PBGC’s business processes and information. Current year testing found weaknesses in the areas of vulnerability management, software support, authentication, malicious traffic detection, and data protection. This report includes seven new recommendations and three repeat recommendations. This work was conducted by CliftonLarsonAllen LLP under contract with the OIG.

The Office of Inspector General has determined that this report is for official use only. The report detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information.

Click here for redacted report.