CyberGeek
Date signed: 5/1/2025
| OPDIV: | CMS |
|---|---|
| PIA Unique Identifier: | P-8533980-981349 |
| Name: | CyberGeek |
| The subject of this PIA is which of the following? | Major Application |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | Yes |
| Identify the operator: | Agency |
| Is this a new or existing system? | New |
| Does the system have Security Authorization (SA)? | Yes |
| Date of Security Authorization | 5/27/2025 |
| Describe the purpose of the system | The CyberGeek website is provided by the CMS Information Security and Privacy Group (ISPG) as a one-stop resource for everything related to information security and privacy at CMS. The site is designed to be searchable and user-friendly, making cybersecurity more approachable for CMS stakeholders, contractors, and staff. |
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | The CyberGeek system does not collect, maintain, or share any Personally Identifiable Information (PII). Its primary purpose is to serve as a one-stop, user-friendly resource for CMS stakeholders, contractors, and staff to access information and guidance related to CMS's information security and privacy policies. The website provides publicly accessible content, including general cybersecurity tips, tools, and resources, and may allow navigation to specific CMS systems or contact information for support. However, no user-specific or sensitive information is collected, stored, or shared through the CyberGeek system. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | The CyberGeek website is provided by the CMS Information Security and Privacy Group (ISPG) as a one-stop resource for everything related to information security and privacy at CMS. The site is designed to be searchable and user-friendly, making cybersecurity more approachable for CMS stakeholders, contractors, and staff. The Acquia Cloud System is a FedRAMP authorized Cloud Service Provider system. Its platform is built on Amazon AWS and inherits infrastructure layer controls from Amazon. Amazon AWS has received a FedRAMP authorization for the infrastructure layer. Acquia Cloud utilizes Drupal website content management tool in order to provide support for the public with healthcare consumer information. To manage content on the backend of CyberGeek on Acquia Cloud, the following information is collected and maintained to create user accounts: Name, Email, Password. This system supports the CMS e-Government presence and the official public Agency websites for the Centers for Medicare & Medicaid Services. Acquia Cloud has a PIA in process. |
| Does the system collect, maintain, use or share PII? | No |
| |
| Identify the publicly-available URL: | CyberGeek |
| Does the website have a posted privacy notice? | Yes |
| Is the privacy policy available in a machine-readable format? | Yes |
| Does the website use web measurement and customization technology? | Yes |
| Select the type of website measurement and customization technologies is in use and if is used to collect PII. (Select all that apply) |
|
| Does the website have any information or pages directed at children under the age of thirteen? | No |
| Does the website contain links to non-federal government website external to HHS? | Yes |
| Is a disclaimer notice provided to users that follow external links to websites not owned or operated by HHS? | No |
Privacy Impact Assessment (PIA) published by CMS as an Operating Division of the U.S. Department of Health and Human Services