SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director,

Slides:



Advertisements
Similar presentations
MONITORING OF SUBGRANTEES
Advertisements

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 4: Effective Integration.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
E B a n k i n g Information Security Guidelines ABA’s Technology Risk Management – A Strategic Approach Telephone/Webcast Briefing June 17, 2002.
Security Controls – What Works
Information Security Policies and Standards
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Environmental Management Systems Refresher
Computer Security: Principles and Practice
Philippe LE TERTRE IS Governance Consultant  Founder and managing partner of VADEGIS (company specialized in Information System Management.
Federal IT Security Professional - Manager FITSP-M Module 1.
Session 3 – Information Security Policies
UNLV Data Governance Executive Sponsors Meeting Office of Institutional Analysis and Planning August 29, 2006.
United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.
Guidelines for constructing a Compliance Program for Medicaid Managed Care Organizations and PrePaid Health Plans As provided by the Medicaid Alliance.
Complying With The Federal Information Security Act (FISMA)
National Association of College and University Attorneys 1 November 11, 2009 NACUA Fall 2009 Workshop November 2009.
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
Information Systems Security Computer System Life Cycle Security.
Credit unions use social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback.
Maintain Ethical Conduct
NIST Special Publication Revision 1
Federal IT Security Professional - Auditor
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
1 Application of SAS 112 in a Single Audit GAQC Member Conference Call January 15, 2008 Presented by Mandy Nelson, CPA George Rippey, CPA.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Compliance Management Platform ™. Compliance Management Platform Compliance is the New Marketing – Position yourself to thrive in the new regulatory and.
September 14, David A. Reed Attorney at Law Reed & Jolly, PLLC (703)
Why the Office of Compliance and Ethics was Created
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.
Award Monitoring Update National Science Foundation Advisory Committee for Business and Operations October 22, 2003 Mary Santonastasso, Director, Division.
10/20/ The ISMS Compliance in 2009 GRC-ISMS Module for ISO Certification.
13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
BSA PROGRAM REQUIREMENTS.  Written, approved by the board of directors, and noted in the board minutes.  Based on the risk assessment  Fully implemented.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Managing Market Risk. Board of Directors The Boards defines –Market risk –Management policies –Procedures –Prudential risk limits –Review mechanisms –Reporting.
Policy, Standards, Guidelines. NSF draft Article for FATC supplement The awardee is responsible for all information technology (IT) systems security and.
1 PARCC Data Privacy & Security Policy December 2013.
South Region Compliance Seminar December 2-3, 2015 | New Orleans, LA Variable Annuities Procedures Practices and Findings.
HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Chapter 8 Auditing in an E-commerce Environment
NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.
TDOT MODEL APPROVAL POLICY. DRAFT POLICY  TDOT MPO MODEL APPROVAL POLICY.
ISO 9001 Quality Management System implementation experience in the Agency on Statistics of the Republic of Kazakhstan (ASRK) Zhasser Jarkinbayev, ASRK.
The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,
Information Security in Laurier Grant Li Wilfrid Laurier University.
1 HIPAA Privacy Rule Clean-Up Following Compliance Date Tracie Hanna & Emily McConkey American Republic Insurance Company.
Law Firm Data Security: What In-house Counsel Need to Know
The Demand for Audit and Other Assurance Services
Disaster and Emergency Planning
GDPR Awareness and Training Workshop
CISM Dumps PDF Latest Certified Information Security Manager CISM dumpsCISM dumps pdfCISM braindumpsCISM exam dumps.
Security Awareness Training: System Owners
#IASACFO.
UNLV Data Governance Executive Sponsors Meeting
WARNING: Privacy and Data Breach
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Overview: ICS Evaluation Procedures
Neopay Practical Guides #2 PSD2 (Should I be worried?)
HIPAA Compliance Services CTG HealthCare Solutions, Inc.
Introduction to the PACS Security
PERSONALLY IDENTIFIABLE INFORMATION: AUDIT CONSIDERATIONS
Information Resource & Security Management www. oti. fsu. edu www
Presentation transcript:

SSA’s Electronic Information Data Exchange Information Security Certification and Compliance Monitoring Program Presented by: Michael G. Johnson, Director, Division of Compliance and Oversight, Office of Information Security, Office of the Chief Information Officer

A formal agreement with SSA SSA’s security certification Ongoing conformance to SSA’s information security requirements Acquiring and Continuing to Receive Electronic Information from SSA Pivots on …

Federal laws and policies OMB mandates Recognized NIST standards Due diligence SSA’s Security Requirements and Guidelines are in Consideration of …

Technical access controls Transaction audit trails Monitoring and anomaly detection Management controls and oversight User security awareness training User sanctions Personally Identifiable Information management and breach reporting SSA’s Suite of Information Security Requirements and Guidelines Address …

Fluid Articulated in a formal living document that is sensitive and distributed on a “need to know” basis Security Requirements, Certification and Compliance Monitoring Procedures are …

New higher level requirements; e.g., Federal mandate New technologies Emergence of new threats or attack methods Some Factors That Impact Security Requirements are …

Written plan addressing all facets of SSA’s requirements (plan format SSA’s requirements (plan format follows a prescribed template) follows a prescribed template) Self-certification SSA onsite certification Getting Certified Requires …

Generally every 3 years Reviews can be triggered by special circumstances; e.g., PII breaches, organizational changes potentially impacting the security of SSA information, introduction of new technology impacting SSA information Reviews may be remote or onsite Reviews are announced Reviews assess conformance to the suite of SSA’s security requirements Review findings are formally conveyed Actions required to address findings are monitored to closure Compliance Monitoring Entails Cyclical Reviews by SSA …

Not an “Aha, we gotcha!” exercise SSA will work with its partners in resolving deficiencies which occur subsequent to previous approval for access as the result of updated security requirements Security Certification and Compliance Monitoring Procedures …

Q S U N E O S I T S I E O U N Q S

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.