Fiscal Year 2011 Vulnerability Assessment and Penetration Testing Report (EVAL 2012-7/ FA 11-82-5), issued March 19, 2012

As part of the annual financial statement audit, CliftonLarsonAllen LLP (formally Clifton Gunderson) assessed the PBGC information security infrastructure to discover possible weaknesses in logical security controls and to exploit discovered vulnerabilities. In its assessment, CliftonLarsonAllen found major issues of concern regarding:

• Configuration management;
• Network design;
• Access Control; and
• Patch Management.

To avoid duplication, specific recommendations from this assessment are included in the Report on Internal Controls Related to the Pension Benefit Guaranty Corporation's Fiscal Year 2011 and 2010 Financial Statements Audit or the Fiscal Year 2011 FISMA Independent Evaluation Report.

Due to the nature of this report, it is not publically available.

The Office of Inspector General has determined that this report is for official use only. The attachment detailing the vulnerability assessment has been redacted in its entirety because it contains privileged and confidential information that, if disclosed, would cause further vulnerability.