Summary: Pursuant to a congressional request, GAO reviewed the software change controls at the Social Security Administration (SSA), focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems and involved foreign nationals in these efforts.
GAO noted that: (1) in January 1998, GAO reported that SSA had established a goal to achieve a level 2, or repeatable, software process maturity based on the Carnegie Mellon University Software Engineering Institute's Capability Maturity Model for Software as part of its initiative to improve software processes; and (2) SSA's software process improvement initiatives include several activities related to improving software change controls: (a) the software maintenance activity process will be improved; (b) a process for assessment and implementation of software tools to manage software through its life cycle and control movement of program code will be established; and (c) a Configuration Control Board process and procedures will be developed.