Security Operations
Information about the programs and tools that ensure the security of CMS data through incident response, change management, and continuous risk assessment
When it comes to managing the fallout from cyber incidents, time is of the essence. It's critical that system teams fully understand the who, what, when, where, and how so they can make important decisions to strengthen system security and protect user data.
Similarly, proactive and continuous testing of CMS FISMA systems helps to guard against cyber threats and show where vulnerabilities exist. Knowing how to prioritize security improvements helps Business/System Owners make smart, risk-based decisions with the resources they have.
The Security Operations resources and tools provided here are designed to improve incident response, continuous monitoring, and overall compliance efforts. Using data and information collected by the CMS Cybersecurity Integration Center (CCIC) and Security Operations Center (SOC), teams can respond to threats quickly, and better understand their system’s vulnerabilities. Together, we can improve incident response and testing efforts for systems throughout the enterprise.
Report a security or privacy incident
CMS staff and contractors should use ServiceNOW to report a suspected or confirmed security or privacy incident within one hour of discovery.
Top documents and resources
Testing that mimics real-world attacks on a system to assess its security posture and identify gaps in protection
The CCIC uses data to address incidents through risk management and monitoring activities across CMS
Information and resources for teams to help them complete their annual Information System Contingency Plan (ISCP) exercise
This chapter (RMH Chapter 8) identifies the policies and standards for the Incident Response family of controls
Filtered view of related content using CyberGeek Search
