Information System Security Officer (ISSO)
Overseeing day-to-day compliance and risk management activities to protect the security and privacy of CMS information and systems
As an Information System Security Officer (ISSO), you are the voice of authority for keeping information safe within your organization. Your work helps Business Owners manage their FISMA systems in a way that protects the personal and health information of the people who depend on CMS for benefits.
You oversee the security and privacy posture of the system(s) entrusted to your care, coordinating all IT risk management activities and acting as your Business Owner’s “go-to person” for security questions and needs. You also help promote a "risk-based approach" to information security at CMS. This means not only ensuring compliance but also using tools and practices that continually evaluate system security so risks are spotted earlier.
Together, the ISSOs make up a supportive community working to ensure the success of the cybersecurity program at CMS. We are eager to help you get the training, connections, and skills you need to be successful in your role.
ISSO Handbook
This is the go-to resource for all ISSOs - both new and experienced. It contains everything you need for onboarding and for your daily work.
Top documents and resources
Standards for the minimum security and privacy controls required to mitigate risk for CMS information systems
The IS2P2 defines how CMS protects and controls access to its information and systems. It outlines compliance activities and defines roles and responsibilities.
Procedures to help CMS staff and contractors implement federal policies and standards for information security and privacy
Guidance to help ISSOs in their daily work, including role descriptions, resources, points of contact, and training
ISPG program that pairs CMS Information System Security Officers (ISSOs) with their peers for knowledge sharing and support
An official document that outlines the responsibilities to be completed by the ISSO on behalf of a specific FISMA System
Information about the testing and documenting of security compliance requirements for FISMA systems at CMS, so they can be authorized to operate
The ISSO Journal is a quarterly publication with helpful information for and by the cybersecurity community at CMS
Filtered view of related content using CyberGeek Search
