Vulnerability Assessment and Penetration Testing Report Fiscal Year 2019 (EVAL-2020-04), issued November 25, 2019
During the financial statement audit, OIG’s contracted independent public accountant, CliftonLarsonAllen LLP, assessed PBGC’s network for technical weaknesses in PBGC’s computer systems that may allow employees or outsiders to cause harm to, and/or impact, PBGC’s business processes and information. Current year testing noted improvements in the effectiveness of the vulnerability management program but identified weaknesses in the areas of patch management, configuration management, and unsupported software. This report includes five repeat recommendations. The Office of Inspector General has determined that this report is for official use only. The report detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information.