Purpose

To determine whether the Office of Temporary and Disability Assistance has met Federal requirements for securing National Directory of New Hires data. The audit covers the period April 11, 2016 to June 2, 2016.

Background

The Office of Temporary and Disability Assistance (Office) is responsible for supervising State programs that provide assistance and support to eligible families and individuals. Two such programs administered by the Office are the Temporary Assistance for Needy Families (TANF) and the Supplemental Nutrition Assistance Program (SNAP). As part of managing these programs, the Office obtains National Directory of New Hires (Directory) data provided by the Office of Child Support Enforcement (Child Support Enforcement), a subdivision of the U.S. Department of Health and Human Services (Health and Human Services).

The Directory data is comprised of information on new hires, quarterly wage, and unemployment insurance. The Office uses Directory data to verify TANF and SNAP eligibility information. The identification and verification of this data helps the Office identify and resolve any fraudulent activity by program recipients, as well as maintain program integrity.

All State agencies that receive and process Directory data must demonstrate a strong security posture and comply with the security requirements established by Health and Human Services and Child Support Enforcement. The State agency also must comply with Child Support Enforcement’s Security Requirements for State Agencies Receiving National Directory of New Hires Data (Requirements), dated March 2015. The Requirements define the administrative, technical, and physical security controls required to be implemented by the State agency prior to receiving Directory data.

Every four years, the Office must submit a copy of an independent security assessment to Child Support Enforcement. At the request of Office officials, we performed an independent security assessment of the Directory system security controls at the Office.

Key Finding

The Office has taken actions to comply with the Federal requirements for securing Directory data. We found that the Office is fully compliant with 23 of the 32 requirements and partially compliant (in-progress) with seven requirements, and two requirements were not applicable due to current practices at the Office and modifications of Federal reporting requirements.

Key Recommendation

Continue to develop and implement controls for those requirements identified as in-progress.

Other Related Audits/Reports of Interest

Office of Temporary and Disability Assistance: Security Controls over National Directory of New Hires Data (2012-S-9)
Office of Temporary and Disability Assistance: National Directory of New Hires Data Security (Follow-Up) (2009-F-29)
Office of Temporary and Disability Assistance: National Directory of New Hires Data Security (2008-S-49)