Social Security Administration Commissioner Frank Bisignano has addressed concerns raised by a former chief data officer regarding the agency’s database security. Bisignano stated that there has been no unauthorized access or leakage of information from the agency’s Numident database, refuting the whistleblower complaint that alleged improper handling of sensitive data.
In a letter to Senate Finance Committee Chair Mike Crapo, Bisignano emphasized that the SSA conducts regular monitoring of its systems to detect any signs of unauthorized access or data compromise. Despite the whistleblower’s claims, Bisignano affirmed that the agency did not identify any issues related to the Numident database.
The whistleblower complaint, filed by the agency’s former chief data officer, raised alarms about the storage and transfer of the Numident database to a potentially vulnerable cloud environment without proper authorization. This led to inquiries about the adequacy of the SSA’s data protection measures and the potential risk of data breaches.
The Numident database contains crucial information used for Social Security cards, including personal details such as names, addresses, dates of birth, and Social Security numbers. Bisignano reassured Crapo that the SSA adheres to the Federal Information Security Modernization Act (FISMA) requirements, ensuring robust information security practices across all its systems.
Following the whistleblower’s allegations, the SSA took swift action, appointing executives to investigate the concerns raised by the former chief data officer. The agency’s key staff, including the acting chief information security officer, chief information officer, and chief legal counsel, reviewed the allegations to assess the integrity of the data and the security protocols in place.
Bisignano clarified that the whistleblower’s claims regarding the storage of Numident data in an unsecured cloud environment were unfounded. He explained that the data was housed in a secure server within the agency’s cloud infrastructure, which is continuously monitored and maintained according to SSA’s standard security practices.
In response to queries about the choice of Amazon Web Services (AWS) as the cloud service provider, Bisignano highlighted that the SSA followed federal procurement regulations and selected AWS based on its FedRAMP certification and suitability for cloud services. He emphasized that all employees undergo thorough vetting before accessing agency information systems, ensuring compliance with established protocols.
Contrary to the whistleblower’s assertions, Bisignano affirmed that the SSA did not transfer the Numident database to a private cloud server within its AWS infrastructure. He underscored that the agency maintains stringent security measures and does not have a private cloud within its secure AWS environment.
The SSA’s proactive response to the whistleblower complaint underscores its commitment to data security and compliance with regulatory frameworks. By addressing the concerns raised and providing detailed explanations of its security protocols, the agency aims to reassure stakeholders and the public about the integrity of its data management practices.
- The SSA Commissioner’s response refutes whistleblower allegations and emphasizes the agency’s adherence to information security standards.
- Swift action was taken by the SSA to investigate the concerns raised by the former chief data officer and address the integrity of the Numident database.
- The choice of AWS as the cloud service provider was based on compliance with federal regulations and the suitability of AWS as a secure cloud platform.
- The SSA maintains robust security measures and undergoes regular monitoring to safeguard sensitive data within its systems.
- By clarifying misconceptions and providing transparency on its security practices, the SSA seeks to uphold public trust and confidence in its data protection efforts.
Read more on fedscoop.com