Security of the Web Identification, Authentication, and Access Control Systems

The attached final report summarizes Ernst & Young LLP’s (Ernst & Young) review of the security of the Social Security Administration’s (SSA) Web Identification, Authentication, and Access Control System. Ernst & Young’s audit results contain information that, if not protected, could result in adverse effects to the Agency’s information systems. In accordance with government auditing standards, we have separately transmitted to SSA management Ernst & Young’s detailed findings and recommendations and excluded from this summary report certain sensitive information because of the potential damage if the information is misused. We have determined the omitted information neither distorts the audit results described in this report nor conceals improper or illegal practices.