Summary of the Audit of the Social Security Administration’s Information Security Program and Practices for Fiscal Year 2023

The attached final report summarizes Ernst & Young LLP’s (Ernst & Young) Fiscal Year (FY) 2023 review of the Social Security Administration’s (SSA) information security program and practices, as required by the Federal Information Security Modernization Act of 2014 (FISMA). Ernst & Young’s audit results contain information that, if not protected, could result in adverse effects to the Agency’s information systems. In accordance with government auditing standards, we have separately transmitted to SSA management Ernst & Young’s detailed findings and recommendations and excluded from this report certain sensitive information because of the potential damage if the information is misused. The omitted information neither distorts the audit results described in this report nor conceals improper or illegal practices.