Published on: 2/18/2026
5 minute read
The Training and Awareness program within the Information Security and Privacy Group (ISPG) offers a variety of events and training to help everyone at CMS improve their cybersecurity awareness and build practical skills for cybersecurity personnel. Here’s a list of upcoming events in 2026.
Cyber Café: Tips for everyday cybersecurity
What it is: Previously called “Snack & Share,” the Cyber Café series offers valuable cyber conversations for all CMS personnel, with a fresh new vibe.
What you’ll learn: Practical tips for staying secure in the evolving digital landscape, including topics like AI, phishing, social engineering, data privacy, and more. We invite cyber experts to share their knowledge in ways you can start using right away.
When | Where | How to sign up |
Monthly meetings announced in the Slack channel - stay tuned! | Virtual | Join the CMS Slack channel #Cyber360 to learn about upcoming meetings and sign-up links
|
CFACTS Fundamentals
What it is: CFACTS Fundamentals supports risk management at CMS by providing participants with a core understanding of the CMS FISMA Continuous Tracking System (CFACTS) platform.
Who should attend: Individuals new to the CMS community within their first year. It is especially useful for ISSOs, Federal employees or contractors, and cybersecurity professionals who use CFACTS as part of their security or compliance responsibilities.
What you’ll learn: The course demonstrates how CFACTS supports system assessments, POA&M oversight, and ATO processes, while also showing how CFACTS data is used to evaluate risk, meet compliance requirements, and support authorization decisions across the system lifecycle.
Course structure: This course is offered several times per year as two 7-hour virtual trainings using CFACTS test accounts.
Prerequisite: Participants must complete the Cybersecurity Knowledge Assessment (CKA) prior to finalizing registration.
Contact: CMSISPGTrainers@cms.hhs.gov
When | Where | How to sign up |
Jan 27 & 29 Mar 24 & 26 May 19 & 21 Jul 28 & 30 Sep 15 & 17 Nov 17 & 19 Both days: 9:00am - 4:00pm ET | Virtual, via Microsoft Teams | Register for CFACTS Fundamentals via CMS LMS (requires login).
|
CFACTS Advanced
What it is: These are advanced virtual training sessions, using CFACTS test accounts. Limited seats available.
Who should attend: Recommended for individuals who require a deeper understanding of the CMS FISMA Continuous Tracking System (CFACTS) platform functionalities. Specifically, this training is perfect for ISSOs, ISSO Contract Support personnel, and anyone involved in the assessment, authorization, or management of CMS FISMA systems.
What you’ll learn: Check the table below for the 2026 topic schedule.
Course structure: Several course topics offered throughout the year as seven-hour virtual sessions.
Prerequisites: Before you can submit a registration request for CFACTS Advanced training, you must:
- Take the Cybersecurity Knowledge Assessment (CKA)
- Take the CFACTS Fundamentals Training Course
- Have been using CFACTS for at least one year (or six months if you have taken CFACTS Fundamentals already)
Contact: CMSISPGTrainers@cms.hhs.gov
When | Where | How to sign up |
February 26: Plan of Action and Milestones (POA&Ms) April 30: ATO Pre-Assessment Review June 23/25: Contingency Planning (CP) August 27: Privacy Impact Assessment (PIA) October 29: OMB M-21-31
Each session will be from 9:00am - 4:00pm ET | Virtual | Register for CFACTS Advanced via CMS LMS (requires login).
|
ISSO Boot Camp
What it is: The ISSO Boot Camp covers a broad range of topics that establish a strong foundation for being an effective Security and Privacy Officer at CMS.
Who should attend: Initially, session space is prioritized for Security and Privacy Officers who are newer to CMS (both federal and contractor). Later sessions will be open to all interested CMS employees.
What you’ll learn: Attendees learn the concepts and policies that underpin security and privacy compliance for CMS systems.
Course structure: Instructor-led training offered quarterly. Each Boot Camp consists of five sessions over three consecutive weeks.
When | Where | How to sign up |
February (10, 11, 18, 19, 24) May (7, 12, 13, 19, 20) August ( 11, 12, 18, 19, 25) October (13, 14, 20, 21, 27)
Hours: 9:00am - 12:30pm ET for each day | Virtual, via Microsoft Teams. | To express interest in attending, send an email to: ISSO@cms.hhs.gov
|
Advanced Cybersecurity Concepts
What it is: Advanced Cybersecurity Concepts is a concept-driven course designed to build on foundational security training offered at CMS.
Who should attend: ISSOs and Security Analysts seeking deeper technical and architectural proficiency, in addition to compliance partners or staff involved in secure design, testing and cloud architecture.
What you’ll learn: This training provides a comprehensive overview of essential cybersecurity domains and complements the ISSO Boot Camp by expanding into advanced methods, frameworks, and real-world reporting and remediation practices.
Course structure: Offered three times a year as three-hour virtual sessions over three consecutive days.
When | Where | How to sign up |
April 21, 22, 23
July 21, 22, 23
September 22, 23, 24 | 3-hour virtual training sessions (3) | Register for Advanced Cybersecurity Concepts via CMS LMS (requires login).
Contact: ISSO@cms.hhs.gov |
ISSO Mentorship Program
What it is: The ISSO Mentorship Program improves CMS ISSO readiness by pairing experienced mentors with developing mentees to share knowledge and strengthen skills. The ISSO Support Team works with interested individuals to find an appropriate partner for a mentorship engagement based on the goals and desired outcomes of both parties.
What you’ll learn: Participants gain valuable insights, guidance, and support tailored to their individual growth goals.
Prerequisites: Prerequisites vary depending on your role:
When | Where | How to sign up |
Flexible and based on the specific needs of mentors and mentees. | The mentor and mentee decide how they will work together and for how long. | Email ISSO@cms.hhs.gov with Mentorship in the subject line.
You can also ask questions in #cms-isso in CMS Slack |
