The Cyber Risk Corner (CRC) forum continuously serves as an important space for sharing updates and progress across CMS cybersecurity initiatives. The most recent session highlighted ongoing efforts to strengthen security operations, improve enterprise visibility, and incorporate user feedback into platform enhancements. Topics included updates to CMS FISMA Controls Tracking System (CFACTS), progress on enterprise security platform transitions, and insights gathered through a recent user survey focused on CRM dashboards and reporting. These discussions reflected CMS's continued commitment of CMS to improving the tools and processes that support day-to-day operations across the enterprise.

Supporting Assessment and Authorization Activities Through CFACTS Enhancements  

Recent enhancements to CFACTS reflect a continued focus on improving assessment workflows, supporting authorization activities, and simplifying user navigation. During the forum, Kallah Hatcherian (Project Coordinator, CFACTS Team) shared updates on several improvements designed to better align the platform with evolving CMS authorization requirements and user needs. 

• Assessment Artifact Organization: Assessment artifacts for projects in production are now organized by artifact type, making it easier for users to filter and locate required documentation, such as CSRAP artifacts and categorized assessment materials. This organizational improvement enhances navigation and overall clarity within active project records.  
• Configuration Management Plan (CMP) Tab: A new CMP tab has been added to support authorization activities. The CMP is a required artifact for moderate and high systems and represents an initial step in the ATO process. By enabling CMP completion directly within the ATO request record, this enhancement supports smoother progression through authorization workflows. 
• CSRAP Scheduling Updates: Allow users to cancel assessment requests, releasing selected dates back into the scheduler and reducing abandoned records. Date selection is also being simplified by consolidating primary and secondary date fields into a single entry. 
• ServiceNow Integration: CFACTS is now integrating with ServiceNow, enabling users to submit helpdesk and enhancement requests, track ticket status, and communicate through a familiar platform. 

• Terminology Update: The transition from Contingency Plan (CP) to Information System Contingency Plan (ISCP) clarifies system-specific contingency planning under ISPG while distinguishing it from broader organizational continuity planning managed under COOP.

   

Enterprise Transition to CrowdStrike Endpoint Security 

CMS continues its ongoing transition to CrowdStrike as the enterprise Endpoint Detection and Response (EDR) solution, marking an important milestone in strengthening endpoint security across the organization. Latasha Grier highlighted key milestones, onboarding expectations, and available support resources to assist throughout the migration.  

• Migration Timeline and Onboarding: CMS systems are transitioning to CrowdStrike with a target completion date of June 30, 2026. To support this effort, monthly town halls will be held on the third Thursday of each month from February through June, providing high- level overviews of platform capabilities, training opportunities, and guidance on access and permissions. 

• Support and Issue Management: System-specific questions and technical issues will continue to be managed through established ticketing channels to ensure appropriate tracking, responses, and follow-up.

   

Strengthening Vulnerability Management with TenableOne 

As part of broader efforts to modernize vulnerability management capabilities, CMS is progressing through its transition to the TenableOne platform. Latasha Grier also highlighted the rollout being approached through a phased strategy designed to maintain continuity while expanding visibility.  

• Phased Migration and Continuity: CMS is progressing through planning and preparation activities, with upcoming phases dedicated to migrating existing repositories and vulnerability data flows. Migration efforts will occur in parallel with onboarding new systems to preserve existing scanning, monitoring, and reporting capabilities throughout the transition. 

• Onboarding and Adoption: Onboarding will continue throughout the year, including managed scanning and datacenter adoption. This approach allows CMS to gradually expand platform use of the platform while minimizing disruption to systems already in production. Once fully adopted, TenableOne will support enhanced consistency and scalability in vulnerability monitoring, strengthening enterprise-wide visibility in support of Continuous Security Monitoring (CSM) and risk management activities.

   

User Survey Insights on CRM Dashboards 

User feedback plays a crucial role in shaping enhancements to the CRM dashboard enhancements. A recent user survey was conducted to enhance the understanding of the use of the CRM Dashboards and to gather input on how they can be improved to better support cybersecurity activities across CMS. Using a Human-Centered Design approach, the survey gathered insights to ensure future enhancements align with user needs as shared by Allison Schiller (Human Centered Design Specialist).   

• Dashboard Usage and Accessibility: Survey results showed that most respondents actively use Tableau dashboards at work and know where to find the information they need to support their responsibilities. Tables and bar charts, particularly those with trend lines, were identified as the most effective visualization formats. 
• Cyber Risk Reports Metrics: For the first time, users were asked directly about metrics included in the monthly Cyber Risk Reports (CRRs), with responses highlighting a desire for clearer, more actionable metrics to help identify areas requiring attention. 

• Performance and Engagement Trends: Dashboard performance rating showed improvement compared to the previous survey, while usage trends reflected a temporary decline from October through December, likely influenced by the government shutdown. Despite this dip, the landing portal continued to see steady growth, offering valuable insight into which dashboards receive the most traffic and where future engagement efforts can be focused.

   

The CRC forum highlighted ongoing progress across CMS initiatives to strengthen cybersecurity operations, expand enterprise visibility, and enhance the tools that support daily security activities. Recent updates to CFACTS, coordinated transitions to enterprise security platforms, and insights gathered through user feedback demonstrate a sustained focus on usability, consistency, and transparency. As these efforts continue to mature, they will further enable informed decision‑making and reinforce CMS’s overall security posture.