In 2016, the 社会保障局 suddenly began requiring security certification for companies accessing the SSA Death Master File. 作为回应,LBMC 网络安全 became one of the first companies offering ACAB certification assessments.

Today, we remain one of the most of experienced LADMF certification firms in the nation. LBMC 网络安全 uses the NIST Framework for Improving Critical Infrastructure 网络安全 and the NTIS 有限访问死亡主文件 (LADMF) 认证计划第100版 as guidelines to satisfy the requirements of the rule. In accordance with NTIS 有限访问死亡主文件 认证计划第100版, LBMC 网络安全 评估标准包括:

  • 信息安全存储
  • 限制获取LADMF信息
  • Disposing of Limited Access DMF Information
  • Information Security guidance in accordance with ACAB requirements

另外, we conduct an initial scoping of the environment where we will determine, 根据LADMF的处理方式和地点, the extent to which we can “pull-forward” testing results from any previous assessments. 评估完成后, and upon the satisfactory completion of any associated remediation efforts, LBMC 网络安全 submits a completed LADMF ACAB Systems Safeguards Attestation Form (Form NTIS FM100A) in accordance with NTIS procedures, 代表明升体育app下载委托人向国家情报署举报.











The National Institute of Standards and 技术 at the U.S. 商务部.

ACAB and LADMF 合规: Rules for Accessing Data of the Deceased

Organizations who utilize government data to monitor and track deaths in the U.S. know it is no longer the simple process it once was. The Death Master File data, governed by the U.S. 商务部 国家技术信息服务处 (NTIS), is commonly referenced by healthcare providers, 保险公司, 金融机构, 等, to identify concerns such as expired account holders and fraudulent activities.

This data used to be obtained from NTIS through a formal, yet uncomplicated, request process. 现在, 然而, regulations have gone into effect with the intent of ensuring secure and responsible handling of this data and have created additional regulatory compliance for requestors.

The NTIS cybersecurity standards were called for as part of the 2013年两党预算法 并最终通过 最后的规则 发布于2016年11月28日. The new rule prohibits the Secretary of Commerce from disclosing Death Master File (DMF) information during the three-calendar-year period following an individual’s death (the “Limited Access DMF or LADMF”). The only entities who can access this data must be certified to receive that information.

In short, organizations requesting access to LADMF data must:

  1. Attest to the security of the systems and processes utilized in the acquisition and management of this data.
  2. Gain an assessment by a reputable independent party, otherwise known as an 认可合格评定机构 (ACAB), against an established cybersecurity standard.
  3. The submitted assessment must be in line with security control requirements documented in the LADMF Certification Program (Publication 100). Security controls listed in Publication 100 are “not intended to be prescriptive” and that results of an assessment against other established standards or in the course of satisfying other regulations, can satisfy the LADMF security and safeguard requirements.
  4. Then the assessor will submit an attestation form to the NTIS on behalf of the applicant after which, subject to acceptance of the attestation and associated fees, the applicant is provided access to LADMF data.

幸运的是, this assessment can be addressed as a component of other security assessment programs and, 根据NTIS网站, must only be completed every three years in addition to annual certification and fee requirements.

Whether organizations choose to assess their LADMF program directly or as part of other organizational security assessments, choosing the right partner to serve as their ACAB is important. LBMC 网络安全 is an 认可合格评定机构. To request a private briefing, or for questions about the NTIS LADMF certification program, 明升体育app下载 今天.



画了 Hendrickson

股东 & 网络安全实践负责人

手机图标 电子邮件图标 纳什维尔
手机图标 电子邮件图标 纳什维尔

罗宾 巴顿


手机图标 电子邮件图标 纳什维尔
手机图标 电子邮件图标 纳什维尔