eCBSV Applicants – SSA-157 with Certification Statement

eCBSV SSA-157 User Guide
For the initial rollout for eCBSV, we will be collecting
information using the SSA-157. In order to collect the
necessary information, we have created an example for
assistance. Please use the following example as a guide to
complete the SSA-157 for eCBSV purposes.

Form SSA-157 (02-2019)
Discontinue Prior Editions
Social Security Administration

Page 1 of 5
OMB No. 0960-0802

Data Exchange Request Form (DXRF)
Request for Information from SSA
Data Request
1. Name of organization requesting the data
exchange.

Include Company name, Doing Business As (DBA) Name

2. Indicate what type of organization you are.

Government

Non-Government

Federal

Commercial Entity

State & Local

Educational Institution

Foreign

Other (Please specify)

Indicate if you are a financial
institution in accordance with
P.L. 115-174 or other

Tribal
3. Briefly state the purpose for requesting this
information and tell us how your organization
will use the data.

Identify Reason: Mortgage service, banking service,
credit check, background check, licensing requirement,
or other (specify).

4. What specific information are you requesting
Foreign requesters can only request date and fact of death.
from SSA? (Social Security number verification,
eCBSV
benefit verification, disability payments, data
elements, etc.).
5. What data elements will you send to support
your request (e.g., SSN, name, date of birth),
if applicable?
6. Is your organization currently receiving this
information by another means (e.g., paper
reports, etc.)?

SSN, name, date of birth

Yes - Tell us how your organization identifies and collects this
data; be specific.
N/A
No

7. Describe the benefit to your organization of
receiving this data.
8. Is there any benefit to SSA?
For foreign requesters - is your organization willing
to enter into a reciprocal arrangement with SSA to
provide the same information we provide to you?
9. What is the impact to your organization if it
does not receive this data?

10. SSA generally requires that you pay for our
services. Are you willing to incur costs?

N/A

Yes - Explain.
N/A
No
N/A

Yes
No

11. Provide your legal authority allowing the
N/A
collection of this data from SSA. (Legal
authorities may include statutes, regulations,
and/or Executive Orders that explicitly require
or permit your agency to use SSNs in your
program(s) and request them from SSA, or get
other data from SSA as authorized by law.) If
you are a Federal agency, include information
related to applicable Privacy Act systems of
records in which you will maintain the
requested data.

Page 2 of 5

Form SSA-157 (02-2019)
12. List the organization and job functions/titles
List any permitted entities you will service
within the organization(s) that will have access
to SSA-provided information.
13. Do you plan to share the data with anyone
other than those listed in question 12?

Yes - List the organization that you will be sharing the data with, job
functions/titles, the form (identifiable, aggregate) in which you intend
to disclose information, and the authority for a third party disclosure.

No
14. How frequently do you want to receive
the data?

Daily

Monthly

Weekly

Yearly

Other (Explain)
15. Based on the frequency selected above,
provide an estimate of the number of records
you will submit for processing.
16. How will we exchange the data?

Provide annual estimated volume

Batch

Online

Both (Explain)
Other (Explain)
17. When do you expect this data exchange
to begin? (A typical data exchange takes 12
months or more to fully implement.)

N/A

Security
18. If you are a federal agency, does your
organization have documented information
security policies and procedures to safeguard
SSA-provided information from unauthorized
access and improper disclosure?

Yes - Skip to question 20.

19. If you are not a federal agency, does your
organization have documented information
security policies and procedures to reduce
information technology security risks to an
acceptable level in accordance with the
Federal Information Security Management
Act (FISMA)?

Yes

20. Will the information SSA provides be stored or
processed in an external commercial cloud?

Yes

a. What is the name of the Cloud Service
Provider (CSP)?
b. Is the CSP FedRAMP authorized?
(www.fedramp.gov)

No - Skip to question 20.
Not Applicable - Non-Federal Agency

No
Not Applicable - Federal Agency

No - Skip to question 22.

N/A

Yes

21. Is the cloud provider contractually required to
enforce security policies and procedures that
will safeguard the information SSA provides
from unauthorized access and improper
disclosure?

Yes

22. Will the information SSA provides be stored
off-shore: i.e., in a foreign country?

Yes

No

No

No

Page 3 of 5

Form SSA-157 (02-2019)
23. List any current or previous data exchanges
your organization has with SSA (i.e., by SSA
agreement number or description).

Identify if you are a current CBSV user.

Only complete questions 24-29 if you are a state agency.
24. If your agency already has an existing
agreement with SSA to receive SSA data, are
there any other programs or purposes for
requesting SSA data that you wish to add to
the current agreement?

Yes
No

25. Name the programs your agency administers
for which you are requesting SSA data.
26. Indicate whether the programs are federallyfunded (either fully or partially) or state-funded.
(If the program is not state funded but locally
funded, i.e., at the city or county level, please
specify.)
27. List the benefits or services provided under
these programs.

28. Does your staff take applications or
determine eligibility for TANF, Medicaid, or
SNAP for any of the programs listed in
question 25?
29. How is the requested SSA data relevant to
determining entitlement/eligibility to benefits
or services under the programs your agency
administers?

Yes - Name the program.
No

Only complete questions 30-35 if your request is for research and statistical purposes only.
30. Indicate if this is a request for a new project
within a current agreement.
31. Indicate the form of data needed to
accomplish the purposes of your study.
Options include tabulations, statistical
outputs, micro data from SSA's program
records for individuals, and SSA data for
individuals that have been linked to other
sources of data.
32. Describe other sources of data to which you
will be linking SSA data (if applicable).
33. Describe any plans to publish or release the
research results including whether any
supporting documentation will be made
available in identifiable form.
34. Include the length of time you need to retain
the data in and the location where the data will
be housed.

Reminder: We normally release information in the form of tabulations,
statistical outputs or individual data that cannot be associated with an
individual, and only in rare instances do we release micro data.

Page 4 of 5

Form SSA-157 (02-2019)
35. Include your planned final disposition of the
SSA data to include the date when the data
will be destroyed.
36. Additional comments:

Provide your Employer Identification Number (EIN) here.

Provide your Dun & Bradstreet (D-U-N-S) Number here.
In accordance with (PL)115-174, 215(b), I certify, as the
approving authority for (ENTER PERMITTED ENTITY NAME) that:
a.

(ENTER PERMITTED ENTITY NAME) is a permitted entity.

b.
(ENTER PERMITTED ENTITY NAME) is in compliance with
(PL)115-174, section 215.
c.
(ENTER PERMITTED ENTITY NAME) is, and will remain, in
compliance with its privacy and data security requirements,
as described in title V of the Gramm-Leach-Bliley Act (15
U.S.C. 6801 et seq.), with respect to information the entity
receives from the Commissioner pursuant to this section.
d.
(ENTER PERMITTED ENTITY NAME) will retain sufficient
records to demonstrate its compliance with its certification
and this section for a period of not less than 2 years.

Points of Contact
37. Approving authority contact information for
the person signing the agreement for the
agency requesting the data.

Name:
Title:
Address:
Phone #1:
Phone #2:
Email address:

38. Requester contact information for the agency.

Name:
Title:
Address:
Phone #1:
Phone #2:
Email address:

Form SSA-157 (02-2019)

Page 5 of 5

Paperwork Reduction Act Statement - This information collection meets the requirements of 44 U.S.C. §
3507, as amended by section 2 of the Paperwork Reduction Act of 1995. You do not need to answer these
questions unless we display a valid Office of Management and Budget (OMB) control number. We estimate
that it will take about 30 minutes to read the instructions, gather the facts, and answer the questions. Send
only comments relating to our time estimate above to: SSA, 6401 Security Blvd, Baltimore, MD
21235-6401.