Skip to main content

ISSO As A Service

The ISSOaaS program provides security experts to help Business Owners (BOs) manage system security when CMS ISSOs aren't available. BOs request support via email; the ISSOaaS team assigns ISSOs to assist with compliance and risk tasks.

Last Reviewed: 2/18/2026

Contact: ISSO Support Team | ISSO@cms.hhs.gov

What is ISSO As A Service (ISSOaaS)?

Information System Security Officers (ISSO) serve as the front line of information security and privacy for CMS systems. Their role is critical for keeping CMS data safe throughout a system’s life cycle. But sometimes, there is not a trained CMS ISSO available within a component to perform key security tasks.

To address this need, the CMS Information Security and Privacy Group (ISPG) provides the ISSO As A Service (ISSOaas) program to deploy skilled ISSOs where they are most needed to support CMS Business Owners in maintaining information security and privacy for their system(s).

ISPG works with a contractor organization to onboard and train professional ISSOs in CMS-specific policies and frameworks so they are equipped to provide industry-certified security and compliance support, allowing Business Owners to focus on their business mission.

Service ISSOs operate in direct liaison with ISPG as well as their assigned system teams and Business Owner. This ensures consistency and shared visibility into system security throughout the engagement.

How it works

ISSO As A Service requires coordination among multiple stakeholders. There is a structured process to ensure the selected ISSO can effectively meet the needs of the component and system(s).

  • Initial request: The Business Owner requests ISSOaaS support by emailing ISSO@cms.hhs.gov.
  • Consultation meeting: The ISSOaaS team schedules a consultation with the Business Owner and other key stakeholders. Together they determine the requirements and types of skills needed to effectively support the component and system(s).
  • Service ISSO onboarding: Once a Service ISSO is identified, they are onboarded to their assigned team and provided with any orientation or training needed.
  • ISSOaaS engagement: The Service ISSO provides support to their assigned team according to the contract specifications.

Request a Service ISSO

To get started with ISSO As A Service, send an email to ISSO@cms.hhs.gov. The ISSOaaS team will work with you to assess requirements and find an ISSO that can support your needs.