Achieve LADMF ACAB Certification with Lazarus Alliance's NIST-aligned audits. Fast 6–10 week process, multi-framework savings, and NTIS Form FM100A submission. Call 888-896-7580.

Become DMF audit certified to access the Limited Access Death Master File (LADMF).

In 2016, the Social Security Administration began requiring security certification for companies accessing the SSA Death Master File. In response, Lazarus Alliance began offering companies ACAB DMF audit certification assessments. Today, we remain one of the most of experienced LADMF DMF audit certification firms in the nation.

Lazarus Alliance primarily uses the NIST Framework for Improving Critical Infrastructure Cybersecurity and the NTIS Limited Access Death Master File (LADMF) Certification Program Publication 100 as guidelines to satisfy the requirements of the rule.

Alternatively, we will also examine existing FedRAMP, StateRAMP, SOC 1, SOC 2, or ISO 27001 certifications and attestations in accordance with NTIS Limited Access Death Master File Certification Program Publication 100, Lazarus Alliance Security & Risk Services evaluates criteria to include:

  • Information Secure Storage
  • Restricting Access to LADMF Information
  • Disposing of Limited Access DMF Information
  • Information Security guidance in accordance with ACAB DMF audit requirements

Additionally, we conduct an initial scoping of the environment where we will determine, based on how and where the LADMF is handled, the extent to which we can “pull-forward” testing results from any previous assessments. Upon completion of the DMF audit assessment and upon the satisfactory completion of any associated remediation efforts, Lazarus Alliance submits a completed LADMF ACAB Systems Safeguards Attestation Form (Form NTIS FM100A) in accordance with NTIS procedures to the NTIS on our client’s behalf.

Limited Access Death Master File – NTIS/SSA Program

The LADMF program is the mandatory, audit-based certification required by NTIS since 2016 for any organization that needs ongoing, legal access to Social Security death records — without current certification, access is revoked, and penalties can reach $250,000 per year.

LADMF Compliance Audit & ACAB Certification Services | Lazarus Alliance

Audit Timeline: What to Expect with Lazarus Alliance

Achieving LADMF ACAB Certification doesn’t have to be complicated, stressful, or take months. When you partner with Lazarus Alliance, the entire process is structured, transparent, and typically completed in 6–10 weeks for most organizations.

Here’s exactly what the journey looks like from start to finish. Lazarus Alliance follows this structured 5-phase process (activities, typical durations, and deliverables are shown below):

Phase Activities Typical Duration Key Deliverables & Tools
Phase 0 – Pre-Engagement & Decision Initial consultation, scope discussion, NDA & engagement letter signing, team alignment 1–2 weeks (pre-kickoff) Signed SOW, project charter, and access to secure Continuum GRC portal
Phase 1 – Kickoff & Scoping Kickoff meeting, system boundary definition, LADMF data-flow mapping, control applicability determination Week 0–1 Finalized scope document, customized control list, document request list
Phase 2 – Evidence Collection & Readiness Upload policies, procedures, access logs, training records, previous audit reports; gap analysis & remediation support Weeks 1–4 Complete evidence package in Continuum GRC, gap remediation plan
Phase 3 – Assessment Fieldwork Interviews, system demonstrations, control testing, log & configuration review, evidence validation Weeks 4–7 Testing results, preliminary findings report, and status dashboards
Phase 4 – Reporting & Attestation Draft report review, findings resolution, final ACAB attestation preparation & submission Weeks 7–10 Final report, NTIS Form FM100A Systems Safeguards Attestation, direct submission to NTIS
Phase 5 – Certification & Ongoing Maintenance NTIS acceptance, certification issuance, and planning for annual self-assessment Immediate upon NTIS approval + ongoing Official 3-year LADMF ACAB certification, annual readiness roadmap

Why Clients Finish Faster with Lazarus Alliance

  • Proven methodology — We’ve been an active ACAB since 2017 and have streamlined the process for hundreds of organizations.
  • Continuum GRC platform — Secure, centralized evidence collection that cuts back-and-forth by up to 50%.
  • Multi-framework leverage — Existing SOC 2, ISO 27001, FedRAMP, or NIST 800-53 work is mapped and reused wherever possible.
  • Dedicated team — You work with the same experts from kickoff through attestation — no handoffs or surprises.

Most clients describe the experience as “surprisingly smooth” and “far less painful than expected.”

Ready to get started? Call us today at +1 (888) 896-7580 or fill out the form below to schedule your free LADMF scoping call. We’ll give you a realistic timeline based on your organization’s size and current compliance posture within 24 hours.

LADMF Compliance Audit & ACAB Certification Services | Lazarus Alliance

Frequently Asked Questions

Any person or organization (including financial institutions, insurance companies, pension funds, investigative firms, credit bureaus, and fraud prevention teams) that needs ongoing access to Social Security death data for legitimate business purposes required or authorized by law must be certified every three years by an approved ACAB.

NTIS requires a full independent attestation every three years, with annual self-assessments and system reviews in the interim years. Many organizations choose annual third-party audits to stay audit-ready and reduce triennial audit effort.

Full DMF access was discontinued in 2016. LADMF is the only version now available and is restricted to certified entities. It contains the same death records, but access is tightly controlled with strict security, access-logging, and purpose-limitation requirements enforced through the ACAB audit process.

When working with an experienced ACAB like Lazarus Alliance, most clients complete the full audit and receive their attestation letter in 6–10 weeks. Organizations using our Continuum GRC platform and critical-path methodology routinely finish 40–50% faster than the industry average.

NTIS can impose civil monetary penalties of $1,000 for each unauthorized disclosure, up to a maximum of $250,000 per calendar year. Criminal penalties may also apply for willful violations.

Yes. Lazarus Alliance routinely maps and tests LADMF requirements alongside SOC 2 Trust Services Criteria, ISO 27001 Annex A controls, NIST 800-53 rev5, and FedRAMP Moderate/High baselines, allowing clients to combine audits and significantly reduce cost and effort.

Costs vary by organization size and complexity, but clients who perform proactive annual readiness assessments with Lazarus Alliance typically reduce their triennial audit cost by 40–60% and avoid last-minute remediation expenses.

LADMF Compliance Audit & ACAB Certification Services | Lazarus Alliance

Credentials You Can Count On

American Association for Laboratory Accreditation (A2LA) ISO/IEC 17020 accredited certification number 3822.01

In any jurisdiction and in all industries. We are your global partner in compliance, risk, policy, security testing, financial audit and Cybervisor® services.

 

Talk with one of our experts

Our Lazarus Alliance Cybervisor™ teams have experience performing thousands of assessments for organisations providing services to clients around the world.

We're here to answer any questions you may have.

Download our company brochure.

Achieve LADMF ACAB Certification with Lazarus Alliance's NIST-aligned audits. Fast 6–10 week process, multi-framework savings, and NTIS Form FM100A submission. Call 888-896-7580.

Benefits of LA DMF Certification

LADMF certification isn’t just a regulatory checkbox — it protects your access to critical death data, eliminates six-figure penalties, cuts long-term audit costs by up to 60%, and lets you leverage one audit to satisfy SOC 2, ISO 27001, FedRAMP, and more — all while strengthening fraud prevention and regulatory trust.

  1. Legal, ongoing access to SSA death data: Without current certification, NTIS instantly revokes access. Certification is the only way to keep using the LADMF for fraud prevention, beneficiary verification, or required regulatory reporting.
  2. Avoid massive penalties: NTIS civil penalties = $1,000 per unauthorized disclosure, capped at $250,000 per calendar year. Criminal penalties are possible for willful violations. Certification eliminates this risk.
  3. 40–60% lower audit costs over time: Organizations that perform proactive annual readiness reviews (instead of cramming every 3 years) routinely cut triennial audit fees and remediation costs by nearly half.
  4. Dramatic reduction in audit time and disruption: Clients using Lazarus Alliance + Continuum GRC platform typically finish the full ACAB audit in 6–10 weeks and reduce internal effort by 40–50% compared to the industry average.
  5. Single audit satisfies multiple frameworks: LADMF controls map directly to SOC 2, ISO 27001, NIST 800-53, FedRAMP, HIPAA, PCI, etc. One combined audit = compliance with 5–10 frameworks at once → huge cost and time savings.
  6. Stronger fraud prevention and accuracy: Immediate identification of deceased individuals listed on the DMF reduces improper payments, pension overpayments, identity theft losses, and insurance fraud (many clients report 6- and 7-figure annual savings).
  7. Improved customer trust and regulatory relations: Being able to prove you are a certified, audited entity enhances reputation with regulators, auditors, state insurance commissioners, and federal agencies (especially for government contractors).
  8. Future-proof compliance program: Annual or biennial third-party reviews keep policies, logs, access controls, and training continuously mature instead of scrambling every triennial cycle.

LADMF Compliance Audit & ACAB Certification Services | Lazarus Alliance

More In-Depth Program Information

The LADMF, or Limited Access Death Master File, contains sensitive information that cannot be disclosed during the three-year period following an individual’s death, including:

  • Social Security Number
  • Name
  • Date of Birth
  • Date of Death

Effective November 28, 2016, organizations face a more stringent certification process to be granted access to the DMF. To access the DMF, an individual or entity must:

  • Have a legitimate fraud prevention interest; or
  • Have a legitimate business purpose for a law, government rule, regulation, or fiduciary duty

The main changes that organizations need to be prepared for are:

  • Annual recertification by the organization seeking access
  • Third-party conformity attestation every three years
  • Agreement to schedule and unscheduled audits, conducted by the National Technical Information Service (NTIS) or the Accredited Conformity Assessment Body (ACAB) at the request of NTIS
  • Fines up to $250,000 per year for noncompliance

The entity wishing to access the DMF must submit a written attestation from an ACAB to prove that the appropriate systems, facilities, and procedures are in place to safeguard information and maintain the confidentiality, security, and appropriate use of the information.

To better understand the requirement, organizations can find the sample certification forms here:

  • Subscriber Certification Form – Sample
  • Accredited Conformity Assessment Body Systems Safeguards Attestation Form – Sample
  • State or Local Government Auditor General or Inspector General Systems Safeguards Attestation Form – Sample

Subscriber Certification must be completed annually. The LADMF Systems Safeguards Attestation Form must be completed every three years.

The U.S. Department of Commerce’s National Technical Information Service (NTIS), the governing body behind the DMF, can conduct both scheduled and unscheduled compliance audits and fine organizations up to $250,000 for noncompliance, with even higher penalties for willful violations. Due to the potential for substantial fines, it is important that entities be able to implement the appropriate systems, facilities, and procedures to safeguard the information.

How Lazarus Alliance Can Help

Lazarus Alliance is an ACAB that can attest to organizations’ systems and procedures in place. Lazarus Alliance utilizes various published information security standards, including the NIST 800-53, AICPA SOC 2, and ISO 27001, to satisfy the rule’s audit requirements.

Lazarus Alliance has been a leading ACAB firm for 8+ years. — Michael Peters, CEO & Founder

Since 2017, Lazarus Alliance has been working to help our clients meet their DMF audit requirements and has successfully submitted the appropriate attestation forms to NTIS, resulting in certification for our clients. We have extensive experience testing the controls required by LADMF and understand the certification process and requirements.

LADMF Compliance Audit & ACAB Certification Services | Lazarus Alliance

We want to be your partner and LADMF ACAB Third-Party Accredited Conformity Assessment Body (ACAB) compliance audit assessor of choice! For additional information, please call +1 (888) 896-7580.