Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

federal-policies-and-guidance

Federal Policies and Guidance

Information about the federal agencies, laws, and policies that govern security and privacy activities at CMS

Contact: CISO Team | CISO@cms.hhs.gov

At ISPG, our work to protect the security and privacy of CMS end users is directly influenced by several federal sources. Laws passed by Congress, Executive Orders from the White House, and regulations from other federal agencies must be referenced regularly to ensure that we're operating effectively. These federal policies impact how we manage FISMA systems, what tools we use, how we protect personal information, and the steps we take to keep our systems compliant. 

As our government continues to modernize its systems and change the way it does business, it's important for CMS staff and contractors to stay updated with the latest federal policies and guidance, provided below.

For a handy reference guide to the specific federal laws that shape security and privacy at CMS, check out the CMS Guide to Federal Laws, Regulations, and Policies -- a centralized repository you can reference anytime in your compliance-related work.

slack logoCMS Slack Channel
  • #ispg-sec_privacy-policy
  • #cms_fed_laws_policies

HHS OCIO policies

The majority of information security and privacy policies at CMS originate from the Department of Health and Human Services (HHS) Office of the Chief Information Officer (OCIO). You can access these policies at the link below if you are logged into the CMS/HHS intranet.

See security & privacy policies from HHS

Top documents and resources

See all resources

Filtered view of related content using CyberGeek Search

Related posts and updates

See all posts