Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Contractor Access to Social Security Administration Data (Limited Distribution)

September 26, 2014

Controlling and limiting access to the Agency’s information systems and resources is the first line of defense in assuring the confidentiality, integrity, and availability of the Agency’s information technology resources. SSA’s systems access policy is built on the principles of least privilege and need-to-know. This policy applies to all SSA employees and other authorized users, such as employees of other agencies, business partners, contractors, agents, and any other individuals operating on the Agency’s behalf and having direct access to and/or using SSA information system resources.

We identified three systems that contained contractor populations: Top Secret, the Electronic Personal Enrollment Credential System (EPECS), and the Contractor Suitability System (CSS).

The objective of this report was to determine (1) whether security profiles assigned to SSA contractors provided access to SSA data they did not need and (2) if terminated contractors still had access to SSA systems.

Controlling and limiting access to the Agency’s information systems and resources is the first line of defense in assuring the confidentiality, integrity, and availability of the Agency’s information technology resources. SSA’s systems access policy is built on the principles of least privilege and need-to-know. This policy applies to all SSA employees and other authorized users, such as employees of other agencies, business partners, contractors, agents, and any other individuals operating on the Agency’s behalf and having direct access to and/or using SSA information system resources.

We identified three systems that contained contractor populations: Top Secret, the Electronic Personal Enrollment Credential System (EPECS), and the Contractor Suitability System (CSS).

The objective of this report was to determine (1) whether security profiles assigned to SSA contractors provided access to SSA data they did not need and (2) if terminated contractors still had access to SSA systems.

Read the summary report

Looking for U.S. government information and services?
Visit USA.gov