Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

The Social Security Administration’s Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2016 (Limited Distribution)

November 14, 2016

Office Affiliation: The Office of Audit

Audit Report Number: A-14-17-50151

Our objective was to determine whether the Social Security Administration’s (SSA) overall information security program and practices were effective and consistent with the requirements of the Federal Information Security Modernization Act of 2014 (FISMA), as defined by the Department of Homeland Security.

SSA’s Office of the Inspector General engaged us, KPMG LLP (KPMG), to conduct the Fiscal Year (FY) 2016 FISMA performance audit in accordance with Government Auditing Standards. We assessed the effectiveness of SSA’s information security controls including its policies, procedures, and practices on a representative subset of the Agency’s information systems by leveraging work performed as part of the financial statement audit and performing necessary additional testing procedures. For the FISMA performance audit, we used the FY 2016 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics as the basis for our evaluation of SSA’s overall information security program and practices. Our objective was to determine whether the Social Security Administration’s (SSA) overall information security program and practices were effective and consistent with the requirements of the Federal Information Security Modernization Act of 2014 (FISMA), as defined by the Department of Homeland Security.

SSA’s Office of the Inspector General engaged us, KPMG LLP (KPMG), to conduct the Fiscal Year (FY) 2016 FISMA performance audit in accordance with Government Auditing Standards. We assessed the effectiveness of SSA’s information security controls including its policies, procedures, and practices on a representative subset of the Agency’s information systems by leveraging work performed as part of the financial statement audit and performing necessary additional testing procedures. For the FISMA performance audit, we used the FY 2016 Inspector General Federal Information Security Modernization Act of 2014 Reporting Metrics as the basis for our evaluation of SSA’s overall information security program and practices.

Read the summary report

Looking for U.S. government information and services?
Visit USA.gov