SSA’s Fiscal Year 2012 Federal Information Security Management Act of 2002 report stated that its automated processes identified 276,165 hardware devices connected to its network. SSA uses automated tools to provide the Department of Homeland Security with security metrics. The metrics include the number of hardware devices connected to the network, whether there are secure configuration baselines, and the number of certain security incidents detected.
We selected a sample of hardware devices identified by the Agency’s network scanning tool to determine whether SSA approved these devices and the devices were operating at a reasonable system security level.
To determine whether the SSA process for identifying and monitoring hardware devices connected to its network effectively differentiated unapproved devices and ensured devices were at a reasonable system security level.