OCISO Inheritable Controls
Date signed: 6/9/2021
| PIA Question | PIA Answers |
|---|---|
| OPDIV: | CMS |
| PIA Unique Identifier: | P-5557805-018641 |
| Name: | OCISO Inheritable Controls |
| The subject of this PIA is which of the following? | General Support System |
| Identify the Enterprise Performance Lifecycle Phase of the system. | Operate |
| Is this a FISMA-Reportable system? | Yes |
| Does the system include a Website or online application available to and for the use of the general public? | No |
| Identify the operator: | Agency |
| Is this a new or existing system? | New |
| Does the system have Security Authorization (SA)? | Yes |
| Date of Security Authorization | 7/27/2022 |
| Describe the purpose of the system | The OCISO Inheritable Controls is a program that provides CMS applications the ability to inherit enterprise level policy controls. It is a program for the Security and Privacy of CMS Information Systems. This information system does not have a physical boundary. It was created for the inheritance of security and privacy controls and policy only. This is not a true system/major application however there is an Authorization to Operate (ATO) given for these controls which require a PIA. The goal is to primarily enable OCISO Inheritable Controls to be able to provide inheritance for the Privacy Controls therefore no PIA is required. This system serves to provide information for common controls related to CMS Policy and guidelines that regulate Information Security and Privacy for this agency. |
| Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements) | This system serves to provide information for common controls related to CMS Policy and guidelines that regulate Information Security and Privacy for this agency. No information is stored for the OCISO Inheritable Controls program. |
| Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily. | This system serves to provide information for common controls related to CMS Policy and guidelines that regulate Information Security and Privacy for this agency. |
| Does the system collect, maintain, use or share PII? | No |