Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Welcome to the CyberGeek blog — your one stop for the latest news and insights on cybersecurity and privacy at CMS.
Loading posts...
CMS’s Access Control (AC) program helps protect sensitive systems and information by managing how access is requested, approved, granted, monitored, and removed
Learn about Authorization to Operate (ATO) requirements for CMS systems migrating to the Office of Information Technology (OIT) Hybrid Cloud environment
At CMS, protecting our information systems requires more than just strong defenses, it also demands a prepared, well-coordinated response when incidents occur.
Program Management (PM) requires strong governance, leadership, and oversight at the enterprise level.
All CMS cloud resources must be enrolled in the enterprise Cloud-Native Application Protection Platform (CNAPP) by June 30, 2026
New guidance is published for the SI control family, provided by the CMS Information Security and Privacy Program.
A new informational guide is published for the IA control family, provided by the CMS Information Security and Privacy Program.
CISO Memorandum 25-01: Updated Best Practices and Guidance for the Use of Approved CMS Collaboration Tools
The Policy team updated the IS2P2 in June 2024. Here we’re spotlighting the key changes to make it easy for you to see what’s new.
CyberGeek is publicly accessible to best serve our customers — but there’s also due process to ensure information security
