Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Welcome to the CyberGeek blog — your one stop for the latest news and insights on cybersecurity and privacy at CMS.
Loading posts...
Learn the cyber essentials that will prevent critical breaches, eliminate misconfigurations, and build lasting, verifiable security with a Zero Trust approach.
CMS's ISPG offers a variety of 2026 training and events to help all personnel level up their cybersecurity awareness and build practical skills.
The System and Communications Protection (SC) control family is a core component of the CMS cybersecurity program. It safeguards how information is transmitted,
A vishing attack exposes modern Medicare scams that use AI to turn trust into theft.
Learn how to properly manage data quality in order to smooth the path to CDM onboarding and ensure that CMS systems and end users are protected.
CMS’s Access Control (AC) program helps protect sensitive systems and information by managing how access is requested, approved, granted, monitored, and removed
NIST's new co-developed SP 1800-44A DevSecOps framework marks a shift in federal cybersecurity guidance, with pros and cons noted by the industry
Learn about Authorization to Operate (ATO) requirements for CMS systems migrating to the Office of Information Technology (OIT) Hybrid Cloud environment
At CMS, protecting our information systems requires more than just strong defenses, it also demands a prepared, well-coordinated response when incidents occur.
Program Management (PM) requires strong governance, leadership, and oversight at the enterprise level.
