The Social Security Administration's Compliance with the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015

Date: 
Thursday, November 12, 2015
Report Number: 
A-14-16-50037
Report Type: 
Audit Report
Office Affiliation: 

Grant Thornton LLP (Grant Thornton) issued this report to determine whether the Social Security Administration’s (SSA) overall information security program and practices were effective and consistent with the requirements of the Federal Information Security Modernization Act of 2014 (FISMA), as defined by the Department of Homeland Security (DHS).

SSA’s Office of the Inspector General (OIG) engaged Grant Thornton, to conduct the Fiscal Year (FY) 2015 FISMA performance audit in accordance with Government Auditing Standards. Grant Thornton assessed the effectiveness of SSA’s information security controls including its policies, procedures, and practices on a representative subset of the Agency’s information systems by leveraging work performed as part of the financial statement audit and by performing additional testing procedures as needed. Grant Thornton used the DHS OIG FY 2015 Inspector General (IG) FISMA reporting metrics as the basis for their assessment of SSA’s overall information security program and practices.