CMS Policies and Guidance
Information about CMS policies, guidance, and procedures that support security and privacy for FISMA systems
CMS works daily to improve access to healthcare services for millions of Americans. Within the broader CMS community, ISPG plays a critical role for keeping systems and sensitive data safe. Our staff works daily to provide in-depth cybersecurity and privacy policy analysis, as well as compliance and oversight activities for CMS FISMA systems.
To provide clarity for all of ISPG's activities, we have documents that guide our work. These documents include:
Policies and standards, which are enterprise level directives and the details for how they must be implemented. Our policies and standards are the CMS Information System Security and Privacy Policy (IS2P2) and the CMS Acceptable Risk Safeguards (ARS).
Program plans, which explain how the high-level security and privacy programs at CMS uphold the policies and standards, laying out a roadmap for all ISPG activities. Our program plans include the Privacy Program Plan and the CMS Cyber Risk Management Plan (CRMP).
Procedural handbooks, which give practical guidance about how to implement the requirements found within the policies, standards, and program plans. Our procedural handbooks are the CMS Security and Privacy Handbooks – a go-to resource for anyone who does the work of keeping CMS systems and data safe.
CMS Slack Channel- #ispg-sec_privacy-policy
CMS Security and Privacy Handbooks
These procedural handbooks help CMS staff and contractors follow federal policies and standards for security and privacy. They provide practical guidance for implementing the requirements of the ARS and IS2P2. You can use the search function on this website to see all the Handbooks.
Top documents and resources
Standards for the minimum security and privacy controls required to mitigate risk for CMS information systems
The IS2P2 defines how CMS protects and controls access to its information and systems. It outlines compliance activities and defines roles and responsibilities.
Procedures to help CMS staff and contractors implement federal policies and standards for information security and privacy
A plan designed to help CMS staff understand the specific requirements of the Privacy Program at CMS
A plan that defines the overarching strategy for managing risk associated with the operation of CMS FISMA systems.
A comprehensive list of the federal laws, regulations, and policies that shape how information security and privacy are managed at CMS
Filtered view of related content using CyberGeek Search
