CMS Enterprise Data Encryption (CEDE)
How CMS satisfies federal requirements for the encryption of data to keep sensitive information safe
CMS Slack Channel- #ispg-sec_privacy-policy
Data encryption at CMS
CMS Enterprise Data Encryption (CEDE) is the initiative to bring CMS practices into compliance with federal requirements for data encryption, including Executive Order 14028 on Improving the Nation’s Cybersecurity and M-22-09 on Zero Trust Strategy.
Data encryption is a security method where information is encoded and can only be accessed or “decrypted” by people with special access or a secret key. Encrypting sensitive data helps us keep personal and health information safe for millions of Americans.
What are CMS requirements for data encryption?
Business Owners are required to encrypt sensitive information at rest and in transit for all CMS systems that store or transmit sensitive information. These standards also require specific protections where sensitive Personally Identifiable Information (PII) is present.
CIO Memo on data encryption
The CMS CIO released a memorandum that explains the specific requirements of data encryption at CMS. You need a CMS login to access this information, or you can request a copy from your COR or ISSO.
Related documents and resources
Defining how Protected Health Information (PHI) will be disclosed to organizations requesting data from CMS
Executive Order that requires the continuous verification of system users to promote system security