Congressional Response Report: The Security of Systems that Provide Access to Personally Identifiable Information (Limited Distribution)
Office Affiliation: The Office of Audit
Audit Report Number: A-14-16-50173
As required by the Consolidated Appropriations Act, 2016, we are issuing this report on the security of the systems at the Social Security Administration (SSA) that provide access to personally identifiable information (PII). The law requires that our report include information about SSA’s policies, procedures, and capabilities related to
1. controlling access to systems;
2. conducting software inventories;
3. monitoring and detecting exfiltration and other threats; and
4. ensuring contractors implement capabilities to monitor and detect exfiltration and other threats. <p align="left"> As required by the Consolidated Appropriations Act, 2016, we are issuing this report on the security of the systems at the Social Security Administration (SSA) that provide access to personally identifiable information (PII). The law requires that our report include information about SSA’s policies, procedures, and capabilities related to </p>
1. controlling access to systems;
2. conducting software inventories;
3. monitoring and detecting exfiltration and other threats; and
4. ensuring contractors implement capabilities to monitor and detect exfiltration and other threats.