Information Security:

SSA's Computer Intrusion Detection Capabilities

AIMD-00-16R: Published: Oct 27, 1999. Publicly Released: Oct 27, 1999.

Additional Materials:


Jack L. Brock, Jr
(202) 512-4841


Office of Public Affairs
(202) 512-4800

GAO reviewed the Social Security Administration's (SSA) computing environment, focusing on its policies, procedures, and techniques designed to detect, respond to, and report on incidents of computer intrusion and misuse.

GAO noted that: (1) while SSA has a basic system and network management policies and procedures that provide a foundation for more effective intrusion and misuse detection capabilities, SSA does not have an integrated set of procedures for effectively detecting, responding to, and reporting such incidents; (2) access control and other weaknesses that were identified through the independent audit of SSA's fiscal year (FY) 1998 financial statements diminish the value of SSA's intrusion detection techniques; (3) this is because these weaknesses increase the risk that either authorized users or intruders will find a way to bypass, alter, or in other ways compromise sensors intended to monitor system activity and identify suspicious events and patterns; (4) during GAO's work, it identified the following weaknesses that affect SSA's intrusion and misuse detection and reporting capabilities: (a) SSA has installed a firewall between its main network and the Internet to provide control, however, SSA's firewall policy has not been updated since 1996, and it does not reflect which Internet services are permitted or disallowed; (b) SSA does not have effective procedures in place for analyzing data, such as those captured in mainframe computer access violation logs; (c) SSA has not developed computer emergency response procedures or designated a computer emergency response team; and (d) SSA's computer security monitoring and reporting activities have not been integrated with its routine system and network management monitoring operations; (5) at the close of GAO's work in June, tests of SSA's information security controls had recently begun as part of the independent audit of its FY 1999 financial statements; and (6) the results of the audit are likely to provide valuable information on the effectiveness of SSA's information security controls, including SSA's efforts to address previously reported weaknesses.

Jul 31, 2018

Jul 25, 2018

Jul 12, 2018

Jun 14, 2018

May 14, 2018

Apr 24, 2018

Mar 7, 2018

Feb 6, 2018

Sep 28, 2017

Aug 3, 2017

Looking for more? Browse all our products here