Search | CMS Information Security and Privacy Program

General Information
Breach Response
The steps taken at CMS in response to a suspected breach of personally identifiable information (PII)Protecting sensitive information at CMS CMS systems contain the personal …
Tools / Services
Threat Modeling
Design practices that facilitate secure software development through organization and collaborationWhat is Threat Modeling? Threat modeling is a method of …
Tools / Services
Penetration Testing (PenTesting)
Testing that mimics real-world attacks on a system to assess its security posture and identify gaps in protectionWhat is Penetration Testing? Penetration Testing, also known as PenTesting …
Articles
Federal DevSecOps guidance: Why NIST’s new model matters
NIST's new co-developed SP 1800-44A DevSecOps framework marks a shift in federal cybersecurity guidance, with pros and cons noted by the industryIntroduction The National Institute of Standards and Technology’s (NIST …
Articles
Linking encryption to power Zero Trust
Linking network and data encryption with programmatic Key Management Service (KMS) alerts is essential for CMS to achieve advanced Zero Trust maturityIntroduction In the Centers for Medicare & Medicaid Services (CMS) cloud …
Articles
Protecting CMS systems: Zero Trust security monitoring with Terraform CloudWatch
Learn how your team can level-up Zero Trust maturity and cloud security by implementing eleven essential CloudWatch compliance alarmsIntroduction As we work to increase Zero Trust (ZT) maturity …
General Information
CMS Vulnerability Disclosure Program (VDP)
CMS VDP and Bug Bounty programs allow security researchers to report vulnerabilities, ensuring stronger cybersecurity and compliance with federal mandates.What is the Vulnerability Disclosure Program (VDP)? The CMS Vulnerability …
Tools / Services
CMS Cybersecurity Integration Center (CCIC)
The CCIC uses data to address incidents through risk management and monitoring activities across CMSWhat is the CCIC? The CMS Cybersecurity Integration Center (CCIC …
Articles
Evolving expectations: ISSOs and Supply Chain Risk Management
Learn how federal requirements for SCRM have evolved over time, and how recent executive orders affect ISSO responsibilities.In today’s interconnected world, the security of Information and …
Topic Pages
Security Operations
Programs and tools that ensure the security of CMS data through incident response, change management, and continuous risk assessmentSecurity Operations at CMS is focused on identifying and responding …

Search Results

Web results with site links

Breach Response

Threat Modeling

Penetration Testing (PenTesting)

Federal DevSecOps guidance: Why NIST’s new model matters

Linking encryption to power Zero Trust

Protecting CMS systems: Zero Trust security monitoring with Terraform CloudWatch

CMS Vulnerability Disclosure Program (VDP)

CMS Cybersecurity Integration Center (CCIC)

Evolving expectations: ISSOs and Supply Chain Risk Management

Security Operations