CMS Enterprise Services and System Management
Date signed: 9/7/2022
| PIA Questions | PIA Answers |
|---|---|
OPDIV: | CMS |
PIA Unique Identifier: | P-9567236-224699 |
Name: | CMS Enterprise Services and System Management |
The subject of this PIA is which of the following? | Major Application |
Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
Is this a FISMA-Reportable system? | Yes |
Does the system include a Website or online application available to and for the use of the general public? | No |
Identify the operator: | Agency |
Is this a new or existing system? | New |
Does the system have Security Authorization (SA)? | Yes |
Date of Security Authorization | 5/13/2022 |
Describe the purpose of the system | The CMS Enterprise Services and System (ESSM) is created to manage end user services and systems across the enterprise in accordance with the Office of Management and Budget (OMB) Federal Information Security Management Act (FISMA). The purpose of this FISMA system is to encompass CMS end user requirements for auditing purposes and maintaining standardized compliance. |
Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | The CMS-ESSM does not directly collect, maintain, or disseminate any information. PII information used for authentication to the system is managed by Enterprise User Administration (EUA), which is covered by its own PIA. CMS-ESSM does not share this information with other systems. |
Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | The CMS Exchange Hybrid environment will provide CMS full autonomy of their own mail system, including email configurations for approximately 10,000 users, 15,000 mailboxes, and 1,500 Distribution Lists. This PII is obtained through Lightweight Directory Access Protocol (LDAP) which is linked with EUA. The attributes are obtained from the EUA system for authentication purposes. |
Does the system collect, maintain, use or share PII? | No |
Administrators Explanation: | Administrators do not have access to PII data. If need to know arise, the information can be provided by external FISMA systems to support administrator efforts. |
Contractors Explanation: | Direct contractors that manage and support the CMS-ESSM and other external support do not have access to PII nor are they provided PII. Information is provided by external FISMA systems to supporting contractors if need to know arise. |