Prevent or Delay Accomplishment of SSA's Mission--The DDS must ensure that should
such action or event still occur, (despite careful use of preventive measures), it
is capable of rapid recovery to maintain the continuity of its operations and accomplishments
of its mission.
The system safeguards are intended to be primarily preventive in nature, with the
added responsibilities to detect abuse and recover from actions and events not intended.
As the DDS proceeds with feasibility studies and cost benefit analyses, the security
requirements of the system must be considered. The DDSs should consult with the Regional
Security Officer (RSO) at the outset of planning so that proper safeguards can be
integrated into the systems design. Standard systems development procedures require
that functional requirement documents (FRD) submitted as part of the studies contain
a thorough discussion of the security implications. Such procedures are intended to
require the designer of the system to think through the security problems being created
by the proposal and then explain how they are being guarded against.
All systems need appropriate backup procedures. A copy of all programs should be made
(either a tape or disk) and stored in a fireproof vault at an offsite location, to
be used in the event of an emergency.
Requirements for controls over password usage in accessing the system should include
hiring and termination procedures.
NOTE: Access to the system must be limited to appropriate personnel. Controls should be
in place to allow new hires and disallow terminated personnel use of the system.
DDSs are subject to the same security requirements as SSA components (i.e., DOs and
BOs) and the RSO has responsibility for all system security matters. Therefore, all
system proposals are subject to RSO approval.