Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

cyber-risk-advisor-cra

Cyber Risk Advisor (CRA)

Supporting the compliance and security of CMS FISMA systems through risk management expertise

Contact: CISO Team | CISO@cms.hhs.gov

Cyber Risk Advisors (CRAs) are involved in almost every security and privacy requirement for information systems at CMS. As the subject matter experts on risk management and compliance for CMS systems, they advise ISSOs and Business Owners on the appropriate actions to take – and what to avoid – when managing FISMA systems. 

CRAs scour policy documents and procedural handbooks to extract relevant information and translate high-level policy jargon into actions that can be completed to mitigate risk on all levels. They also provide guidance for their colleagues on compliance activities like ATOs, POA&Ms, Penetration Tests, and ACT assessments.

Together, the Cyber Risk Advisors make up a team of experts who play an indispensable role in making sure CMS information and systems are secure and safe. This page contains resources useful to CRAs and to people who are looking to engage with a CRA. To see which CRAs are assigned to which CMS portfolio, see the diagram on this page (internal link requiring CMS login).

slack logoCMS Slack Channel
  • #cra-help
  • #ispg-sec_privacy-policy
  • #cyber-risk-management

Get in touch with a CRA

Visit the #cra-help channel in CMS Slack to reach the CRA team with general questions. You should contact your assigned CRA directly with specific questions related to compliance or risk management activities for your system.

Top documents and resources

See all resources

Filtered view of related content using CyberGeek Search

Related posts and updates

See all posts