SSA’s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2012

FISMA provides the framework for securing the Government’s information and information systems. FISMA requires that each agency develop, document, and implement an agency-wide information security program. FISMA also requires that each agency’s Inspector General, or an independent external auditor, perform an independent evaluation of the agency’s information security program and practices to determine their effectiveness.

Our objective of this audit was to determine whether the Social Security Administration’s (SSA) overall information security program and practices were effective and consistent with the requirements of the Federal Information Security Management Act of 2002 (FISMA), as defined by the Department of Homeland Security.