SSA's Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2013

Date: 
Tuesday, November 26, 2013
Report Number: 
A-14-13-13086
Report Type: 
Audit Report
Office Affiliation: 

The OIG and Grant Thornton assessed the effectiveness of SSA’s information security policies, procedures, and practices on a representative subset of the Agency’s information systems by leveraging work performed as part of the financial statement audit and through performance of additional testing procedures as needed. We determined whether SSA’s overall information security program and practices were effective and consistent with the requirements of the Federal Information Security Management Act (FISMA) and other applicable regulations, standards, and guidance applicable during the audit period.

We determined that SSA had established an overall information security program and practices that were generally consistent with FISMA requirements. However, weaknesses in some of the program’s components limited the overall program’s effectiveness to adequately protect the Agency’s information and information systems. We concluded that these weaknesses constituted a significant deficiency under FISMA.