Objective

To determine whether the Office of Temporary and Disability Assistance has met federal requirements for securing National Directory of New Hires data. The audit covers the period June 2, 2016 to March 3, 2020.

About the Program

The Office of Temporary and Disability Assistance (Office) is responsible for supervising State programs that provide assistance and support to eligible families and individuals. Two such programs administered by the Office are the Temporary Assistance for Needy Families (TANF) and the Supplemental Nutrition Assistance Program (SNAP). As part of managing these programs, the Office obtains National Directory of New Hires (Directory) data provided by the Office of Child Support Enforcement (Child Support Enforcement), a subdivision of the U.S. Department of Health and Human Services (Health and Human Services).

The Directory data is composed of information on new hires, quarterly wage, and unemployment insurance. The Office uses Directory data to verify TANF and SNAP eligibility information. The identification and verification of this data helps the Office identify and resolve any fraudulent activity by program recipients as well as maintain program integrity.

All state agencies that receive and process Directory data must demonstrate a strong security posture and comply with the security requirements established by Health and Human Services and Child Support Enforcement. The state agency also must comply with the Security Requirements for State Agencies Receiving National Directory of New Hires Data, dated August 2018. These requirements define the administrative, technical, and physical security controls required to be implemented by the state agency prior to receiving Directory data.

Every four years, the Office must submit a copy of an independent security assessment to Child Support Enforcement. At the request of Office officials, we performed an independent security assessment of the Directory system security controls at the Office.

Key Finding

The Office has taken actions to comply with the federal requirements for securing Directory data. We found that the Office is fully compliant with 30 of the 32 requirements; the remaining 2 requirements were found to be not applicable due to current practices at the Office and modifications of federal reporting requirements.

Key Recommendation

Continue to maintain a system of controls that ensures compliance with federal requirements for securing Directory data.