ACAB LADMF Certification Assessment

What is ACAB?

ACAB is an Accredited Conformity Assessment Body that certifies compliance with regulatory standards.

What is LADMF?

LADMF stands for Limited Access Death Master File, a controlled database of death records used to verify deceased individuals and prevent fraud.

What is SSA?

The Social Security Administration (SSA) is the U.S. government agency managing social security programs, including retirement and disability benefits.

What is NTIS?

The National Technical Information Service (NTIS) provides access to government-generated scientific and technical information.

What is NIST?

The National Institute of Standards and Technology (NIST) develops measurement standards to support U.S. industry competitiveness.

Organizations who utilize government data to monitor and track deaths in the U.S. know it is no longer the simple process it once was. The Death Master File (DMF) data, governed by the U.S. Department of Commerce National Technical Information Service (NTIS), is commonly referenced by healthcare providers, insurance companies, and financial institutions, among others, to identify concerns such as expired account holders and fraudulent activities.

The NTIS cybersecurity standards were called for as part of the 2013 Bipartisan Budget Act and ultimately were established through a final rule published on November 28, 2016. The new rule prohibits the Secretary of Commerce from disclosing DMF information during the three-calendar-year period following an individual’s death LADMF. The only entities who can access this data must be certified to receive that information.

In short, organizations requesting access to LADMF data must:

1. Attest to the security of the systems and processes utilized in the acquisition and management of this data.
2. Gain an assessment by a reputable independent party, otherwise known as an Accredited Conformity Assessment Body (ACAB), against an established cybersecurity standard.
3. The submitted assessment must be in line with security control requirements documented in the LADMF Certification Program (Publication 100). Security controls listed in Publication 100 are “not intended to be prescriptive” and that results of an assessment against other established standards or in the course of satisfying other regulations, can satisfy the LADMF security and safeguard requirements.
4. Then the assessor will submit an attestation form to the NTIS on behalf of the applicant after which, subject to acceptance of the attestation and associated fees, the applicant is provided access to LADMF data.

Fortunately, this assessment can be addressed as a component of other security assessment programs and, according to the NTIS website, must only be completed every three years in addition to annual certification and fee requirements.

LBMC Cybersecurity is an Accredited Conformity Assessment Body. To request a private briefing, or for questions about the NTIS LADMF certification program, contact us today.