Security Operations

Information about the programs and tools that ensure the security of CMS data through incident response, change management, and continuous risk assessment

Contact: CISO Team | CISO@cms.hhs.gov

When it comes to managing the fallout from cyber incidents, time is of the essence. It's critical that system teams fully understand the who, what, when, where, and how so they can make important decisions to strengthen system security and protect user data.

Similarly, proactive and continuous testing of CMS FISMA systems helps to guard against cyber threats and show where vulnerabilities exist. Knowing how to prioritize security improvements helps Business/System Owners make smart, risk-based decisions with the resources they have.

The Security Operations resources and tools provided here are designed to improve incident response, continuous monitoring, and overall compliance efforts. Using data and information collected by the CMS Cybersecurity Integration Center (CCIC) and Security Operations Center (SOC), teams can respond to threats quickly, and better understand their system’s vulnerabilities. Together, we can improve incident response and testing efforts for systems throughout the enterprise.

Report a security or privacy incident

CMS staff and contractors should use ServiceNOW to report a suspected or confirmed security or privacy incident within one hour of discovery.

Report an incident

Information System Security Officer (ISSO)

Data Guardian

Cyber Risk Advisor (CRA)

Business / System Owner (BO/SO)

Authorization to Operate (ATO)

Ongoing Authorization (OA)

Assessments & Audits

CMS Policy & Guidance

Federal Policy & Guidance

Application Security