Accountability - The concept that users will be held individually responsible for actions they perform in an automated system.
Authentication - Providing assurance that a user is who they claim to be.
Authorization - The granting to a user, program or device the right to system, file, or record access and identifying the limits of that access.
Certification - A comprehensive evaluation of a computer facility or application to establish whether the specified security requirements were incorporated according to the design specifications.
Classification Level - Defining categories of data according to its value and criticality to the organization so appropriate security safeguards can be assigned to protect it. SSA uses non-sensitive, sensitive and critical data levels.
Compliance - Meeting or exceeding the requirements stated in legislation, policy statements, regulations or guidelines. Compliance may only be partially achieved or a waiver may be granted if personnel or budgetary restraints prevent full compliance.
Computer Matching - The identification of similarities or dissimilarities in data found in two or more computer files. The Social Security Administration (SSA) conducts computer matching to establish or verify recipient eligibility for federal benefit programs. The Office of Program Benefits (OPB) is responsible for SSA's Computer Matching Program. Computer matching allows SSA to receive records from or to disclose records to federal or non-federal agencies for use in the comparison of computer files. SSA's Matching Program helps government streamline operations, reduce costs, and eliminate overpayments and fraud.
Data Security - The protection of data from accidental or intentional but unauthorized modification, destruction or disclosure through the use of physical security, administrative controls, logical controls, and other safeguards to limit accessibility.
Data Integrity - Maintaining information exactly as it was input to a system, free from alteration or unauthorized disclosure, or if it has been modified, that modification was carried out in a secure and auditable fashion.
Disclosure - The release of sensitive information to anyone other than the subject individual, legal guardian or parent of a minor.
The Federal Information Security Management Act of 2002(FISMA) - Title III of the E-Government Act of 2002 is the primary legislation governing federal information security. FISMA built and expanded upon earlier legislation and added particular emphasis to the management dimension of information security in the federal government. FISMA establishes stronger lines of management responsibility for information security and provides for substantial oversight by the legislative branch.
Matching Program - Any computerized comparison of records or system of records with Federal or non-Federal records for the purpose of, or continuing compliance with, statutory and regulatory requirements for individuals with respect to cash or in-kind assistance under federal programs, or recouping payments or delinquent debts under Federal benefit programs; comparison of two or more Federal personnel and payroll systems of records with non-Federal records.
Memorandum of Understanding (MOU) - A written document executed by certain parties which establishes policies or procedures of mutual concern. It does not require either party to obligate funds and does not create a legally binding commitment.
Need to Know- The legitimate requirement of a person or organization to know, access, or possess sensitive or classified information that is critical to the performance of an authorized, assigned mission.
Privacy Act of 1974 (5 U.S.C. 552a) - Provides that no agency shall disclose any record which is contained in a system of records by any means of communication to any person or to another agency, except pursuant to a written request by, or with the prior written consent of, the individual to whom the record pertains, unless disclosure of the record meets certain specific limiting conditions outlined in the Act.
Reasonable Assurance - A high degree of confidence by an individual, entity, or application that received data should be treated as valid and unaltered.
Risk - The possibility that a particular threat will exploit a particular vulnerability of a data processing system.
Safeguard - A control designed to deter, prevent or detect a threat to a process or to eliminate vulnerability.
Secure Sockets Layer (SSL)- A protocol for sending encrypted information between a client and a server, often a Web server. SSL can work with any application-layer TCP/IP protocol and is most commonly used with HTTP.
Sensitive Information - Information, the loss, or misuse, or unauthorized access to or modification of which could adversely affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled to under 5 U.S.C. Section 552a (the Privacy Act), but that has not been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept secret in the interest of national defense or foreign policy.
Temporary Assistance for Needy Families (TANF) - The Office of Family Assistance administers the TANF program. TANF provides assistance and work opportunities to needy families by granting States the federal funds and wide flexibility to develop and implement their own welfare programs.
Title II - Federal Old-Age, Survivors, and Disability Insurance Benefits through the Social Security Administration trust fund.
Title XVI - Supplemental Security Income for the Aged, Blind, and Disabled (SSI). A Federal supplemental income program funded by general tax revenues (not Social Security taxes). It helps aged, blind, and disabled people, who have little or no income by providing monthly cash payments to meet basic needs for food, clothing, and shelter.
Virtual Private Network (VPN) - The use of encryption in the lower protocol layers to provide a secure connection through an otherwise insecure network, typically the Internet.