SSA’s Compliance with the Federal Information Security Management Act of 2002 for Fiscal Year 2014

Date: 
Friday, October 31, 2014
Report Number: 
A-14-14-24083
Report Type: 
Audit Report
Office Affiliation: 

For this review, we worked with Grant Thornton, LLC, to determine whether SSA's overall information security program and practices were effective and consistent with the requirements of the Federal Information Security Management Act of 2002 (FISMA), as defined by the Department of Homeland Security.

We and Grant Thronton determined that SSA had established an overall information security program and practices that were generally consistent with FISMA requirements. However, weaknesses in some of the program’s components limited the program’s effectiveness to adequately protect the Agency’s information and information systems. We concluded that these weaknesses constituted a significant deficiency under FISMA.