Search | CMS Information Security and Privacy Program

Skip to main content

Policy Documents
CMS Cyber Risk Management Plan (CRMP)
A plan that defines the overarching strategy for managing risk associated with the operation of CMS FISMA systems.
Introduction The Centers for Medicare & Medicaid Services (CMS) operates …
Policy Documents
CMS Privacy Program Plan
A plan designed to help CMS staff understand the specific requirements of the Privacy Program at CMS
Privacy program at CMS Use and disclosure As authorized …
Policy Documents
CMS Acceptable Risk Safeguards (ARS)
Standards for the minimum security and privacy controls required to mitigate risk for CMS information systems
Access the ARS Current version of the ARS: ARS 5 …
Policy Documents
CMS Information Systems Security & Privacy Policy (IS2P2)
The IS2P2 defines how CMS protects and controls access to its information and systems. It outlines compliance activities and defines roles and responsibilities.
Purpose As required under the Federal Information Security Modernization Act …
Policy Documents
RMH Chapter 16: System & Communications Protection
RMH Chapter 16 identifies the System & Communications Protection (SC) family of controls that monitor, control, and protect organizational communication at CMS
Introduction The Risk Management Handbook Chapter 16: System and Communications …
Policy Documents
Risk Management Handbook Chapter 15: System & Services Acquisition
RMH Chapter 15 provides procedures for the use of controls related to System Lifecycles, documentation, and acquisition
Introduction The Risk Management Handbook Chapter 15, System and Services …
Policy Documents
Risk Management Handbook Chapter 13: Personnel Security (PS)
RMH Chapter 13 outlines policies to ensure that employees and contractors are safely accessing systems
Introduction The Risk Management Handbook Chapter 13: Personnel Security discusses …
Policy Documents
Risk Management Handbook Chapter 12: Security & Privacy Planning (PL)
RMH Chapter 12 provides information about the Security & Privacy Planning (PL) control family for use during a new ATO cycle
Introduction This Handbook outlines procedures to help CMS staff and …
Policy Documents
Risk Management Handbook Chapter 9: Maintenance (MA)
RMH Chapter 9 provides information about the Maintenance family of controls that provide rules for the maintenance of CMS systems
Introduction This Handbook outlines procedures to help CMS staff and …
Policy Documents
Risk Management Handbook Chapter 8: Incident Response (IR)
This chapter (RMH Chapter 8) identifies the policies and standards for the Incident Response family of controls
Introduction RMH Chapter 8 Incident Response documents the controls that …