Presentation is loading. Please wait.

Presentation is loading. Please wait.

SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,

Published byJace Bullington Modified over 9 years ago

Similar presentations

Presentation on theme: "SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,"— Presentation transcript:

1 SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director, Division of Compliance and Oversight, Office of Information Security, Office of the Chief Information Officer

2 A formal agreement with SSA SSA’s security certification Ongoing conformance to SSA’s information security requirements Acquiring and Continuing to Receive Electronic Information from SSA Pivots on …

3 Federal laws and policies OMB mandates Recognized NIST standards Due diligence SSA’s Security Requirements and Guidelines are in Consideration of …

4 Technical access controls Transaction audit trails Monitoring and anomaly detection Management controls and oversight User security awareness training User sanctions Personally Identifiable Information management and breach reporting SSA’s Suite of Information Security Requirements and Guidelines Address …

5 Fluid Articulated in a formal living document that is sensitive and distributed on a “need to know” basis Security Requirements, Certification and Compliance Monitoring Procedures are …

6 New higher level requirements; e.g., Federal mandate New technologies Emergence of new threats or attack methods Some Factors That Impact Security Requirements are …

7 Written plan addressing all facets of SSA’s requirements (plan format SSA’s requirements (plan format follows a prescribed template) follows a prescribed template) Self-certification SSA onsite certification Getting Certified Requires …

8 Generally every 3 years Reviews can be triggered by special circumstances; e.g., PII breaches, organizational changes potentially impacting the security of SSA information, introduction of new technology impacting SSA information Reviews may be remote or onsite Reviews are announced Reviews assess conformance to the suite of SSA’s security requirements Review findings are formally conveyed Actions required to address findings are monitored to closure Compliance Monitoring Entails Cyclical Reviews by SSA …

9 Not an “Aha, we gotcha!” exercise SSA will work with its partners in resolving deficiencies which occur subsequent to previous approval for access as the result of updated security requirements Security Certification and Compliance Monitoring Procedures …

10 Q S U N E O S I T S I E O U N Q S

11

Download ppt "SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,"

Similar presentations

MONITORING OF SUBGRANTEES

MONITORING OF SUBGRANTEES
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.

HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.

E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Environmental Management Systems Refresher

Environmental Management Systems Refresher
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Www.adira.org Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.

Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Federal IT Security Professional - Manager FITSP-M Module 1.

Federal IT Security Professional - Manager FITSP-M Module 1.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.

UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.

United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.
Guidelines for constructing a Compliance Program for Medicaid Managed Care Organizations and PrePaid Health Plans As provided by the Medicaid Alliance.

Guidelines for constructing a Compliance Program for Medicaid Managed Care Organizations and PrePaid Health Plans As provided by the Medicaid Alliance.
Complying With The Federal Information Security Act (FISMA)

Complying With The Federal Information Security Act (FISMA)
National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.

National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

Similar presentations

Ads by Google