LADMF Compliance Audit Services: Achieve ACAB Certification with NIST-Aligned Assessments. Call +1 (888) 896-7580 today.
Table of Contents
Toggle
Become DMF audit certified to access the Limited Access Death Master File (LADMF).
In 2016, the Social Security Administration began requiring security certification for companies accessing the SSA Death Master File. In response, Lazarus Alliance began offering companies ACAB DMF audit certification assessments. Today, we remain one of the most of experienced LADMF DMF audit certification firms in the nation.
Lazarus Alliance primarily uses the NIST Framework for Improving Critical Infrastructure Cybersecurity and the NTIS Limited Access Death Master File (LADMF) Certification Program Publication 100 as guidelines to satisfy the requirements of the rule.
Alternatively, we will also examine existing FedRAMP, StateRAMP, SOC 1, SOC 2, or ISO 27001 certifications and attestations in accordance with NTIS Limited Access Death Master File Certification Program Publication 100, Lazarus Alliance Security & Risk Services evaluates criteria to include:
- Information Secure Storage
- Restricting Access to LADMF Information
- Disposing of Limited Access DMF Information
- Information Security guidance in accordance with ACAB DMF audit requirements
Additionally, we conduct an initial scoping of the environment where we will determine, based on how and where the LADMF is handled, the extent to which we can “pull-forward” testing results from any previous assessments. Upon completion of the DMF audit assessment and upon the satisfactory completion of any associated remediation efforts, Lazarus Alliance submits a completed LADMF ACAB Systems Safeguards Attestation Form (Form NTIS FM100A) in accordance with NTIS procedures to the NTIS on our client’s behalf.
Limited Access Death Master File – NTIS/SSA Program
The LADMF program is the mandatory, audit-based certification required by NTIS since 2016 for any organization that needs ongoing, legal access to Social Security death records — without current certification, access is revoked, and penalties can reach $250,000 per year.
Basic LADMF Certification Timeline
(For a typical mid-sized organization working with an experienced ACAB like Lazarus Alliance)
| Phase | Timeline (from kickoff) | Key Activities & Milestones |
|---|---|---|
| Phase 0 – Decision & Prep | –4 to –2 weeks | • Decide to pursue certification • Select ACAB (Lazarus Alliance) • Sign engagement letter & NDA |
| Phase 1 – Kickoff & Scoping | Week 0–1 | • Kickoff call • Define audit scope & systems • Assign client + Lazarus Alliance team members • Receive document request list |
| Phase 2 – Document Collection & Readiness | Week 1–4 | • Upload policies, procedures, system diagrams, access logs, training records, etc. to secure portal (Continuum GRC) • Complete self-assessment questionnaire • Optional: Lazarus Alliance performs gap/remediation assistance |
| Phase 3 – On-Site / Remote Fieldwork | Week 4–7 | • Interviews with key personnel • System demonstrations & screen shares • Sampling of access logs, training records, penetration test reports, etc. • Evidence review and control testing |
| Phase 4 – Reporting & Attestation | Week 7–10 | • Draft report issued for review (usually <5 findings for prepared clients) • Client responds to any findings • Final attestation letter issued • Submit attestation to NTIS (client or Lazarus Alliance) |
| Certification effective immediately | ||
| Post-Certification | Week 10+ | • 3-year certification period begins • Annual self-assessment due each interim year • Many clients schedule annual readiness review to keep effort low for next triennial |
Frequently Asked Questions
What is LADMF and why do organizations need an ACAB audit for it?
The Limited Access Death Master File (LADMF) is the restricted version of the Social Security Administration’s Death Master File (DMF) made available through NTIS. Only organizations that pass a rigorous independent audit by an Accredited Conformity Assessment Body (ACAB) are certified to access it. Without current ACAB certification, access is revoked, and organizations face penalties up to $250,000 per year.
Who needs to complete an LADMF (NTIS) certification audit?
Any person or organization (including financial institutions, insurance companies, pension funds, investigative firms, credit bureaus, and fraud prevention teams) that needs ongoing access to Social Security death data for legitimate business purposes required or authorized by law must be certified every three years by an approved ACAB.
How often is an LADMF compliance audit required?
NTIS requires a full independent attestation every three years, with annual self-assessments and system reviews in the interim years. Many organizations choose annual third-party audits to stay audit-ready and reduce triennial audit effort.
What are the main differences between Full DMF and Limited Access DMF (LADMF)?
Full DMF access was discontinued in 2016. LADMF is the only version now available and is restricted to certified entities. It contains the same death records, but access is tightly controlled with strict security, access-logging, and purpose-limitation requirements enforced through the ACAB audit process.
How long does the ACAB LADMF certification process typically take?
When working with an experienced ACAB like Lazarus Alliance, most clients complete the full audit and receive their attestation letter in 6–10 weeks. Organizations using our Continuum GRC platform and critical-path methodology routinely finish 40–50% faster than the industry average.
What are the penalties for accessing or using the Death Master File without current certification?
NTIS can impose civil monetary penalties of $1,000 for each unauthorized disclosure, up to a maximum of $250,000 per calendar year. Criminal penalties may also apply for willful violations.
Can LADMF compliance controls be mapped to SOC 2, ISO 27001, NIST 800-53, or FedRAMP?
Yes. Lazarus Alliance routinely maps and tests LADMF requirements alongside SOC 2 Trust Services Criteria, ISO 27001 Annex A controls, NIST 800-53 rev5, and FedRAMP Moderate/High baselines, allowing clients to combine audits and significantly reduce cost and effort.
How much does an ACAB LADMF audit cost, and are there ways to reduce the expense?
Costs vary by organization size and complexity, but clients who perform proactive annual readiness assessments with Lazarus Alliance typically reduce their triennial audit cost by 40–60% and avoid last-minute remediation expenses.
Benefits of LA DMF Certification
LADMF certification isn’t just a regulatory checkbox — it protects your access to critical death data, eliminates six-figure penalties, cuts long-term audit costs by up to 60%, and lets you leverage one audit to satisfy SOC 2, ISO 27001, FedRAMP, and more — all while strengthening fraud prevention and regulatory trust.
- Legal, ongoing access to SSA death data: Without current certification, NTIS instantly revokes access. Certification is the only way to keep using the LADMF for fraud prevention, beneficiary verification, or required regulatory reporting.
- Avoid massive penalties: NTIS civil penalties = $1,000 per unauthorized disclosure, capped at $250,000 per calendar year. Criminal penalties are possible for willful violations. Certification eliminates this risk.
- 40–60% lower audit costs over time: Organizations that perform proactive annual readiness reviews (instead of cramming every 3 years) routinely cut triennial audit fees and remediation costs by nearly half.
- Dramatic reduction in audit time and disruption: Clients using Lazarus Alliance + Continuum GRC platform typically finish the full ACAB audit in 6–10 weeks and reduce internal effort by 40–50% compared to the industry average.
- Single audit satisfies multiple frameworks: LADMF controls map directly to SOC 2, ISO 27001, NIST 800-53, FedRAMP, HIPAA, PCI, etc. One combined audit = compliance with 5–10 frameworks at once → huge cost and time savings.
- Stronger fraud prevention and accuracy: Immediate identification of deceased individuals listed on the DMF reduces improper payments, pension overpayments, identity theft losses, and insurance fraud (many clients report 6- and 7-figure annual savings).
- Improved customer trust and regulatory relations: Being able to prove you are a certified, audited entity enhances reputation with regulators, auditors, state insurance commissioners, and federal agencies (especially for government contractors).
- Future-proof compliance program: Annual or biennial third-party reviews keep policies, logs, access controls, and training continuously mature instead of scrambling every triennial cycle.
More In-Depth Program Information
The LADMF, or Limited Access Death Master File, contains sensitive information that cannot be disclosed during the three-year period following an individual’s death, including:
- Social Security Number
- Name
- Date of Birth
- Date of Death
Effective November 28, 2016, organizations face a more stringent certification process to be granted access to the DMF. To access the DMF, an individual or entity must:
- Have a legitimate fraud prevention interest; or
- Have a legitimate business purpose for a law, government rule, regulation, or fiduciary duty
The main changes that organizations need to be prepared for are:
- Annual recertification by the organization seeking access
- Third-party conformity attestation every three years
- Agreement to schedule and unscheduled audits, conducted by the National Technical Information Service (NTIS) or the Accredited Conformity Assessment Body (ACAB) at the request of NTIS
- Fines up to $250,000 per year for noncompliance
The entity wishing to access the DMF must submit a written attestation from an ACAB to prove that the appropriate systems, facilities, and procedures are in place to safeguard information and maintain the confidentiality, security, and appropriate use of the information.
To better understand the requirement, organizations can find the sample certification forms here:
- Subscriber Certification Form – Sample
- Accredited Conformity Assessment Body Systems Safeguards Attestation Form – Sample
- State or Local Government Auditor General or Inspector General Systems Safeguards Attestation Form – Sample
Subscriber Certification must be completed annually. The LADMF Systems Safeguards Attestation Form must be completed every three years.
The U.S. Department of Commerce’s National Technical Information Service (NTIS), the governing body behind the DMF, can conduct both scheduled and unscheduled compliance audits and fine organizations up to $250,000 for noncompliance, with even higher penalties for willful violations. Due to the potential for substantial fines, it is important that entities be able to implement the appropriate systems, facilities, and procedures to safeguard the information.
How Lazarus Alliance Can Help
Lazarus Alliance is an ACAB that can attest to organizations’ systems and procedures in place. Lazarus Alliance utilizes various published information security standards, including the NIST 800-53, AICPA SOC 2, and ISO 27001, to satisfy the rule’s audit requirements.
Lazarus Alliance has been a leading ACAB firm for 8+ years. — Michael Peters, CEO & Founder
Since 2017, Lazarus Alliance has been working to help our clients meet their DMF audit requirements and has successfully submitted the appropriate attestation forms to NTIS, resulting in certification for our clients. We have extensive experience testing the controls required by LADMF and understand the certification process and requirements.
Credentials You Can Count On
American Association for Laboratory Accreditation (A2LA) ISO/IEC 17020 accredited certification number 3822.01
Talk with one of our experts
Our Lazarus Alliance Cybervisor™ teams have experience performing thousands of assessments for organisations providing services to clients around the world.
We're here to answer any questions you may have.