Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Published: 4/19/2024

Introducing the CMS Guide to Federal Laws, Regulations, and Policies

by GRC Team

A new resource from ISPG takes the guesswork out of compliance by mapping all Federal laws and policies that shape security and privacy requirements at CMS


Many federal laws, regulations, and policies play a pivotal role in managing security and privacy within CMS. They shape governance and compliance standards and are crucial in defining how security and privacy are upheld across the organization.

Announcing a new resource!

The ISPG Policy Team and the Governance, Risk, and Compliance (GRC) Team collaborated to compile a comprehensive list of CMS-applicable laws, regulations, and policies, bringing all this vital information together in one centralized repository. You can see the new resource here: CMS Guide to Federal Laws, Regulations, and Policies.

Why is this important?

Navigating the intricate network of federal laws, regulations, and policies that influence CMS governance is challenging due to its complexity and breadth. Even the most seasoned professionals can find it difficult to filter through the vast array of regulations and identify those specifically relevant to CMS governance while also staying aware of changes or updates to federal policy.  

However, it is essential to be familiar with the federal regulations that impact security and privacy policy and practices at CMS. Compliance with federal laws and regulations is a legal requirement and essential for ensuring the security and privacy of sensitive information within CMS. Effective governance requires a clear understanding of the regulatory landscape to establish robust policies, procedures, and controls.

Your compliance companion

That is why we provide the handy CMS Guide to Federal Laws, Regulations, and Policies, a centralized repository you can reference anytime in your compliance-related work. This consolidated reference point streamlines compliance efforts, eliminating the need to navigate disjointed and contradictory sources of information.


If you have questions about federal laws, regulations and policies that shape security and privacy at CMS, reach out to the experts on CMS Slack at #cms_fed_laws_policies who can help you get the answers you need.

About the publisher:

Governance, Risk, and Compliance at CMS is a framework made up of programs, processes, and tools designed to identify and mitigate security and privacy risks to FISMA systems. The GRC Team works across all ISPG programs to modernize and streamline our overall approach to proactive system security.