Lock

Search | CMS Information Security and Privacy Program

General Information
Breach Response
The steps taken at CMS in response to a suspected breach of personally identifiable information (PII)Protecting sensitive information at CMS CMS systems contain the personal …
Tools / Services
Threat Modeling
Design practices that facilitate secure software development through organization and collaborationWhat is Threat Modeling? Threat modeling is a method of …
Policy Documents
Risk Management Handbook Chapter 8: Incident Response (IR)
This chapter (RMH Chapter 8) identifies the policies and standards for the Incident Response family of controlsIntroduction RMH Chapter 8 Incident Response documents the controls that …
Tools / Services
Penetration Testing (PenTesting)
Testing that mimics real-world attacks on a system to assess its security posture and identify gaps in protectionWhat is Penetration Testing? Penetration Testing, also known as PenTesting …
Tools / Services
CMS Cybersecurity Integration Center (CCIC)
The CCIC uses data to address incidents through risk management and monitoring activities across CMSWhat is the CCIC? The CMS Cybersecurity Integration Center (CCIC …
Topics
Security Operations
Programs and tools that ensure the security of CMS data through incident response, change management, and continuous risk assessmentSecurity Operations at CMS is focused on identifying and responding …
Articles
Privileged Access Management (PAM) at CMS
Least-privilege is critical to securely managing privileged access to data. CMS ADOs should manage privileged access (PAM) for humans and non-humans.What is Privileged Access Management (PAM)? Privileged Access Management (PAM …
Articles
Smart security with AI-driven Splunk
Improving CMS cybersecurity and enhancing SIEM performance with artificial intelligenceWhat is Splunk? Splunk is a Security Information and Event …
Articles
Using Zero Trust Identity principles to ensure security for AI-based services
Learn how best practices of the ZT Identity pillar hold the key to working securely with AI agents, and what steps your team can take to be prepared.AI agents and the identity challenge The digital landscape is …
Handbooks
CMS Breach Analysis Team (BAT) Handbook
Procedures for the Breach Analysis Team (BAT) to follow when a team is convened to address a breach of PII at CMSIntroduction Whenever there is an incident that has potentially compromised …

Authorization to Operate (ATO)

Ongoing Authorization (OA)

Assessments & Audits

CMS Policies and Guidance

Federal Policies and Guidance

Application Security

Security Operations

Risk Management and Reporting

Agreements

Privacy Activities

Privacy Resources

Reporting & Compliance

System Security

Tests & Assessments

Search Results

Web results with site links

Breach Response

Threat Modeling

Risk Management Handbook Chapter 8: Incident Response (IR)

Penetration Testing (PenTesting)

CMS Cybersecurity Integration Center (CCIC)

Security Operations

Privileged Access Management (PAM) at CMS

Smart security with AI-driven Splunk

Using Zero Trust Identity principles to ensure security for AI-based services

CMS Breach Analysis Team (BAT) Handbook