Skip to main content
information-system-security-officer-isso

Information System Security Officer (ISSO)

Overseeing day-to-day compliance and risk management activities to protect the security and privacy of CMS information and systems

Contact: ISSO Support Team | 

As an Information System Security Officer (ISSO), you are the voice of authority for keeping information safe within your organization. Your work helps Business Owners manage their FISMA systems in a way that protects the personal and health information of the people who depend on CMS for benefits. 

You oversee the security and privacy posture of the system(s) entrusted to your care, coordinating all IT risk management activities and acting as your Business Owner’s “go-to person” for security questions and needs. You also help promote a "risk-based approach" to information security at CMS. This means not only ensuring compliance but also using tools and practices that continually evaluate system security so risks are spotted earlier.

Together, the ISSOs make up a supportive community working to ensure the success of the cybersecurity program at CMS. We are eager to help you get the training, connections, and skills you need to be successful in your role.

ISSO Handbook

This is the go-to resource for all ISSOs - both new and experienced. It contains everything you need for onboarding and for your daily work.

Go to the ISSO Handbook

Top documents and resources

  • Standards for the minimum security and privacy controls required to mitigate risk for CMS information systems

  • The IS2P2 defines how CMS protects and controls access to its information and systems. It outlines compliance activities and defines roles and responsibilities.

  • Procedures to help CMS staff and contractors implement federal policies and standards for information security and privacy

  • ISPG program that pairs CMS Information System Security Officers (ISSOs) with their peers for knowledge sharing and support

  • An official document that outlines the responsibilities to be completed by the ISSO on behalf of a specific FISMA System

  • Information about the testing and documenting of security compliance requirements for FISMA systems at CMS, so they can be authorized to operate

  • The ISSO Journal is a quarterly publication with helpful information for and by the cybersecurity community at CMS

See all resources

Filtered view of related content using CyberGeek Search