Skip to main content

Security Control Orchestration, Utilities, and Tooling

View all CMS PIAs

Date signed: 4/13/2021

PIA Information for Security Control Orchestration, Utilities, and Tooling
PIA QuestionsPIA Answers
OPDIV:CMS
PIA Unique Identifier:P-1201852-574435
Name:Security Control Orchestration, Utilities, and Tooling
The subject of this PIA is which of the following?Major Application
Identify the Enterprise Performance Lifecycle Phase of the system.Operate
Is this a FISMA-Reportable system?Yes
Does the system include a Website or online application available to and for the use of the general public?No
Identify the operator:Agency
Is this a new or existing system?Existing
Does the system have Security Authorization (SA)?Yes
Date of Security Authorization4/12/2024
Indicate the following reason(s) for updating this PIA. Choose from the following options. 
Describe in further detail any changes to the system that have occurred since the last PIA.There is no change. 
Describe the purpose of the system

Security Control Orchestration, Utilities, and Tools (SCOUT) is a tool, available only 
to CMS personnel and Application Development Organization (ADO) staff.  
It is designed to both facilitate the Adaptive Capabilities Testing (ACT) 
preparation work and help streamline the assessment process. It does this 
by storing relevant Private Implementation Details, inheritance details, and 
individual tests of each NIST 800-53 controls and enhancements (and how 
they are implemented and tested by CMS – see also CMS Acceptable Risk Safeguards 

ARS documentation). 

Describe the type of information the system will collect, maintain (store), or share. (Subsequent questions will identify if this information is PII and ask about the specific data elements)

SCOUT is fully integrated with the Mini-Orange Single sign on (SSO). Mini-Orange is integrated with CMS Enterprise User Administration (EUA).

SCOUT uses and stores the CMS employee roles and username ID from Mini-Orange from Enterprise User Administration (EUA) which has a separate PIA.

Mini-Orange is part of Enterprise Website Supporting Tool (EWST) system which  also has its own PIA . SCOUT collects and stores documentation and evidence of NIST 800-53 compliance. No PII is collected. 

Provide an overview of the system and describe the information it will collect, maintain (store), or share, either permanently or temporarily.Security Control Orchestration, Utilities, and Tools (SCOUT) is a tool, available only to CMS personnel and Application Development Organization (ADO) staff.  It is designed to both facilitate the Adaptive Capabilities Testing (ACT) preparation work and help streamline the assessment process. This system will collect documentation, and evidence of NIST 800-53 compliance. No PII is collected. 
Does the system collect, maintain, use or share PII?No