Federal Policies and Guidance
Overview
Security and privacy policies and practices at CMS are derived from federal requirements and regulatory bodies. These federal sources dictate how we manage risk for our systems and how we protect sensitive information.
As our government continues to modernize its systems and security standards, it's important for CMS staff and contractors to stay updated with the latest federal policies and guidance, provided below.
All resources in Federal Policies and Guidance
General Information
Policies and Handbooks
Tools and Services
No tools and services to display
Latest articles and updates
- 5/1/2025ArticlesFrom Zero Trust
Secure your web: How to keep URLs safe and compliant at CMS with HSTS
Learn about HTTP Strict Transport Security (HSTS), why it’s important, and how the Zero Trust team can help you comply with web security requirements.
- 9/16/2024ArticlesFrom Zero Trust
ZT Devices Pillar: Enforcing security policies and monitoring compliance
How ADOs can increase Zero Trust maturity within the Devices pillar using tools provided by CMS Hybrid Cloud
- 7/19/2024ArticlesFrom Zero Trust
Increase Zero Trust Maturity within the Devices Pillar
Increasing Zero Trust maturity using device threat protection capabilities with CMS provided tools.