Social Security Administration

SYSTEMS
SECURITY
BULLETIN

June 28, 2000      


SYSTEMS SECURITY - TIPS AND BEST PRACTICES II

  1. DO NOT POST YOUR PIN OR PASSWORD:
  2. Never post your PIN or password on your workstation or in and around the work area. Passwords should not be written down. That is why it is important to choose a password that is hard to guess yet meaningful to you. See the SSASSO INTRANET page for suggestions on good password construction. Remember that YOU are responsible for all transactions initiated under your PIN.

  3. REPORTING A SECURITY INCIDENT:
  4. The most important factor in reporting a security incident is time. Immediately notify your manager or Site/LAN Coordinator (SLC). If neither is available, contact your local or component security officer. If all of the above are unavailable, immediately call the National Network Service Center yourself at:

    (999) 999-9999

    The security incident report will be taken by telephone and an incident response manager will be contacted. This number operates 24 hours a day 7 days per week.

  5. TO REPORT PROGRAM FRAUD USE THE NEW ELECTRONIC 8551:
  6. Program fraud can now be reported directly to the Office of the Inspector General electronically. You may access the electronic referral form on the INTRANET or through the OIG Allegation Hotline home or Intranet site for the Office of Information Systems Security. Your report will be transmitted to OIG immediately and you will be notified of receipt.

  7. DO NOT INSTALL UNAPPROVED SOFTWARE ON YOUR PC:
Installation of unapproved software is prohibited, as is modification of approved installed software. This includes, but is not limited to turning off or modifying the virus scanning software or installing anything that overrides the workstation lock-out feature.

 

Office of Systems Security
SSA Pub. No. 31-041