Information Security: Software Change Controls at the Social Security Administration Page: 2 of 2
The following text was automatically extracted from the image on this page using optical character recognition software:
and procedures.1 This report concluded that discipline and consistency in SSA's systems
maintenance process have deteriorated because the Software Engineering Technology
Manual was difficult to use. In addition, the report stated that SSA needed to establish an
organizational commitment to restoring consistency and discipline in its present process
while it plans for the future. We performed our work from January through March 2000 in
accordance with generally accepted government auditing standards. At the end of our
fieldwork, SSA officials reviewed a draft of this letter, orally concurred with our findings,
and provided no substantive comments.
In January 1998, GAO reported2 that SSA had established a goal to achieve a level 2, or
repeatable, software process maturity based on the Carnegie Mellon University Software
Engineering Institute's Capability Maturity Model for Software3 as part of its initiative to
improve software processes. SSA's software process improvement initiatives include several
activities related to improving software change controls.
* The software maintenance activity process will be improved.
* A process for assessment and implementation of software tools to manage software
through its life cycle and control movement of program code will be established.
* A Configuration Control Board process and procedures will be developed.
We suggest that you continue these initiatives to improve software change policies and
procedures at SSA. Because we also identified software control weaknesses at other
agencies covered by our review, we have recommended that OMB clarify its guidance to
agencies regarding software change controls as part of broader revisions that OMB is
currently developing to Circular A-130, Management of Federal Information Resources.
We appreciate SSA's participation in this study and the cooperation we received from
officials at your office. If you have any questions, please contact me at (202) 512-6240 or by
e-mail at firstname.lastname@example.org, or you may contact Jean Boltz, Assistant Director, at
(202) 512-5247 or by e-mail at email@example.com.
David L. McClure
Associate Director, Governmentwide
and Defense Information Systems
1 Social Security Administration, Office of Inspector General: Semiannual Report to the Congress, October 1,
1998, through March 31, 1999.
2 Social Security Administration: Software Development Process Improvements Started But Work Remains
(GAO/AIMD-98-39, January 1998).
3 The Capability Maturity Model is organized into five levels, ranging from initial (level 1) to optimizing (level
5), to characterize an organization's software process maturity. Level 2 is described as the repeatable level, in
which basic project management processes are established to track cost, schedule, and functionality.
2 GAO/AIMD-00-198R Software Change Controls at SSA
This text can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Text.
United States. General Accounting Office. Information Security: Software Change Controls at the Social Security Administration, text, June 30, 2000; Washington D.C.. (digital.library.unt.edu/ark:/67531/metadc302499/m1/2/: accessed November 16, 2018), University of North Texas Libraries, Digital Library, digital.library.unt.edu; crediting UNT Libraries Government Documents Department.