Skip to main content

DMF Certification: Navigating Access to the Death Master File

By NDB
29 October 2024
DMF Certification

Need a Compliance Expert? Let's Talk.

800-277-5415 x706

Talk with NDB
800-277-5415 x706

Want to learn more on how to achieve Cyber Resilience?

TALK WITH AN EXPERT

Death Master File Certification

Since late 2016, the process for organizations seeking access to the Death Master File (DMF) has become more stringent. The DMF, which has been maintained by the United States Social Security Administration (SSA) since 1962, is a crucial database that contains information about deceased individuals.

This sensitive file includes important details such as names, birth and death dates, social security numbers, last known zip codes, and whether death certificates have been verified. Access to this personally identifiable information (PII) is particularly restricted within three years of a person's death, underscoring the need for careful handling of this data.

Navigating the DMF Certification Process

Organizations wishing to access the DMF must prove a legitimate purpose, such as fraud prevention or a valid business need as defined by relevant laws and regulations. If they meet these requirements, they must follow a multi-step certification process.

DMF Certification Process

1. Compliance Testing

The first step involves passing tests to ensure adherence to either SOC 2 or NIST 800 series standards, which assess the security and operational measures in place to protect sensitive information.

2. Payment of Fees

Organizations must then visit the National Technical Information Service (NTIS) website to pay required fees, which will provide them with a processing number. These fees are separate from costs associated with attestation by an Accredited Conformity Assessment Body (ACAB).

3. Attestation Form Submission

After payment, organizations must download the FM100A attestation form from the NTIS site and provide their auditing firm with the processing number to facilitate the completion of the attestation.

4. Documentation Filing with NTIS

The auditing firm will submit the necessary attestation documentation to NTIS. The auditor will notify the organization upon submission and will reach out only if there are issues. If everything is in order, NTIS will contact the organization directly with approval and certification updates.

Ongoing Obligations for DMF Certification

DMF certification is not a one-time task; organizations must prepare for these ongoing responsibilities

  • Annual Recertification

    To retain access rights, organizations must undergo an annual recertification process.

  • Third-Party Verification

    Every three years, a third-party attestation is required to confirm ongoing compliance with relevant standards.

  • Audit Requirements

    Organizations must consent to both scheduled and unscheduled audits, which may be conducted by NTIS or the ACAB as requested by NTIS.

  • Consequences of Noncompliance

    Failing to comply with these requirements can result in severe penalties, potentially up to $250,000 annually, with increased fines for intentional violations.


Standards for Certification

To secure DMF certification, organizations can align their compliance efforts with established standards such as SOC 2 and the NIST 800 series.

  • SOC 2

    This reporting standard reassures clients regarding the effectiveness of a service organization’s controls, specifically those that do not impact clients’ internal controls over financial reporting. The SOC 2 report is essential for stakeholders—such as customers, regulators, and business partners—offering insights into the organization’s internal control environment.

  • NIST 800-53

    Published by the National Institute of Standards and Technology (NIST), this framework outlines security controls within the Risk Management Framework (RMF) and is designed for federal information systems. It aligns with security requirements outlined in the Federal Information Processing Standard (FIPS) 200.

DMF Certification With NDB

Dedicated to assisting organizations with DMF audit requirements

Since 2015, NDB has helped clients navigate the complexities of the certification process, ensuring compliance with relevant standards, particularly the AICPA SOC 2 framework.

With extensive experience in evaluating the necessary controls for DMF access, NDB can support your organization in navigating the certification journey, helping you implement effective systems and practices to protect sensitive information while maintaining regulatory compliance.

Learn More About NDB's Death Master Services

Please contact Christopher Nickell at This email address is being protected from spambots. You need JavaScript enabled to view it. or at 850-295-0808
to learn more about NDB's Death Master audit and advisory services.

Navigate Regulatory Compliance with NDB

We take the stress out of complex policies and requirements

What you need to know

Our Top Compliance FAQs

How can organizations guard against phishing attacks?
Phishing attacks remain a prevalent threat in cybersecurity. FAQs in this category might cover topics such as how to recognize phishing emails, common tactics used by cybercriminals, and the importance of cybersecurity awareness training. Additionally, users might inquire about the effectiveness of email filters and other technological solutions in preventing phishing attacks.
How can businesses protect themselves from ransomware attacks?
Ransomware attacks pose a significant threat to businesses, and FAQs in this category might address topics such as the common entry points for ransomware, the importance of regular data backups, and the role of employee training in recognizing and avoiding potential ransomware threats. Users may also inquire about the steps to take in the event of a ransomware attack and the potential impact on business continuity.
What cybersecurity measures are essential for securing e-commerce platforms and customer data?
With the increasing reliance on e-commerce, businesses must prioritize the security of online transactions and customer information. Frequently asked questions on this topic might cover secure payment gateways, the importance of SSL/TLS encryption for data in transit, strategies for protecting customer login credentials, and compliance with industry standards such as PCI DSS. Users may also seek guidance on addressing emerging threats specific to the e-commerce sector.
How can businesses balance user convenience and cybersecurity in implementing access controls?
Access controls are critical for limiting unauthorized access to sensitive information, but businesses also need to consider user convenience. FAQs in this area might explore topics such as the implementation of role-based access controls, the use of single sign-on solutions, and strategies for ensuring secure yet user-friendly authentication methods. Users may also seek advice on mitigating insider threats through effective access management.

Build resilience, gain compliance, and prevent disruption in your business.

Talk With An Expert

Read the Latest from NDB

MERS Compliance Auditors and Auditing Services Atlanta, GA | NDB Accountants

Outsourced Internal Audit Services Atlanta, GA | Auditors, Risk Assessment Services

ACH Atlanta, GA Auditors and Audit Services | NACHA | Appendix Eight Rule Compliance

Need to speak with a Regulatory Compliance expert? Let's Talk.

(800) 277-5415