Risk Management and Reporting
Information about programs and tools that support the continuous assessment and mitigation of potential security and privacy risks to CMS information and system
Cyber risk management and reporting at CMS is how we help ISSOs, Business Owners, and other stakeholders identify and mitigate security and privacy risks to FISMA systems. Our approach to risk management is part of a multi-year effort to modernize CMS’ overall approach to information system security. Instead of being focused solely on “compliance”, we are moving toward a proactive focus on continuous evaluation, identification, and management of risk.
Risk management and reporting activities include the use of targeted system assessments, real-time reporting tools, and the translation of policy requirements into concrete metrics that allow CMS components to gauge the overall security posture of their systems. Cyber risk management is a nonstop process that changes over time. The resources provided on this page will help stakeholders make smart, data-based decisions throughout the system security life cycle.
CMS Slack Channel- #cyber-risk-management
CMS Cyber Risk Management Plan
The CMS Cyber Risk Management Plan (CRMP) lays the foundation for modernizing our approach to identifying and mitigating security and privacy risks to CMS FISMA systems.
Top documents and resources
Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems
Supporting the continuous compliance and safety of FISMA systems through proactive, ongoing monitoring activities
Provides a federally-recognized standardized security framework for all cloud products and services
FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations
Reports and dashboards to help stakeholders of CMS FISMA systems identify risk-reduction activities and protect sensitive data from cyber threats
Filtered view of related content using CyberGeek Search
