Systems Security Requirements. 5.1 Overview SSA must certify that the EIEP has implemented controls that meet the requirements and work as intended, before we will authorize initiating transactions to and from SSA through batch data exchange processes or online processes such as State Online Query (SOLQ) or Internet SOLQ (SOLQ-I). The Technical Systems Security Requirements (TSSRs) address management, operational, and technical aspects of security safeguards to ensure only the authorized disclosure and use of SSA-provided information by SSA’s EIEPs. SSA recommends that the EIEP develop and publish a comprehensive Systems Security Policy document that specifically addresses: the classification of information processed and stored within the network, administrative controls to protect the information stored and processed within the network, access to the various systems and subsystems within the network, Security Awareness Training, Employee Sanctions Policy, Incident Response Policy, and the disposal of protected information and sensitive documents derived from the system or subsystems on the network. SSA’s systems security requirements represent the current state-of-the-practice security controls, safeguards, and countermeasures required for Federal information systems by Federal regulations, statutes, standards, and guidelines. Additionally, SSA’s systems security requirements also include organizationally defined interpretations, policies, and procedures mandated by the authority of the Commissioner of Social Security in areas when or where other cited authorities may be silent or non-specific.
Appears in 3 contracts
Sources: Standard Agreement, Computer Matching and Privacy Protection Act Agreement, Information Exchange Agreement