We determined that SSA’s mobile device security did not always conform with Federal standards and business best practices to mitigate unauthorized access to the Agency’s sensitive information. SSA did not adequately secure all of its mobile devices, potentially putting Agency data at risk. For example, while SSA stated it had mitigating controls to encrypt files copied to a device, we successfully copied a file to a mobile device without encryption occurring. We believe this occurred because SSA did not have a comprehensive, consolidated policy on mobile device, lacked configuration guides for all mobile devices, and provided minimal mobile device security training .
Oct 1, 2014
More Security Needed For Mobile Devices
From a recent report by Social Security's Office of Inspector General (footnote omitted):