Security Certification and Compliance Review Programs. (NIST SP 800-18 – System Security Plans and Planning (PL) Family, NIST SP 800-53 rev. 4) SSA’s security certification and compliance review programs are distinct processes. The certification program is a unique episodic process when an EIEP initially requests electronic access to SSA-provided information or makes substantive changes to existing exchange protocol, delivery method, infrastructure, or platform. The certification process entails two stages (refer to 6.1 for details) intended to ensure that management, operational, and technical security measures work as designed. SSA must ensure that the EIEPs fully conform to SSA’s security requirements at the time of certification and satisfy both stages of the certification process before SSA will permit online access to its data in a production environment. The compliance review program entails cyclical security review of the EIEP performed by, or on behalf of SSA. The purpose of the review is to to assess an EIEP’s conformance to SSA’s current security requirements at the time of the review engagement. The compliance review program applies to both online and batch access to SSA-provided information. Under the compliance review program, EIEPs are subject to ongoing and periodic security reviews by SSA. (THE REST OF THIS PAGE HAS BEEN LEFT BLANK INTENTIONALLY)
Appears in 5 contracts
Samples: Program Agreement, Program Agreement, legistarweb-production.s3.amazonaws.com
