Search | CMS Information Security and Privacy Program

General Information
CMS Information Security Advisory Board (CISAB)
A volunteer board comprised of ISPG staff and the ISSO community designed to promote collaboration on cybersecurity and privacy issuesWhat is the CMS Information Security Advisory Board (CISAB)? The …
General Information
Ongoing Authorization (OA)
Supporting the continuous compliance and safety of FISMA systems through proactive, ongoing monitoring activitiesWhat is Ongoing Authorization (OA)? All FISMA systems must be …
Tools / Services
ISSO As A Service
ISPG program that provides skilled Information System Security Officers (ISSOs) to CMS components in need of professional security and privacy supportWhat is ISSO As A Service (ISSOaaS)? Information System Security …
General Information
Security Impact Analysis (SIA)
A process to determine the effect(s) a change can cause to the security posture of a FISMA systemWhat is a Security Impact Analysis (SIA) A Security Impact …
General Information
ISSO Appointment Letter
An official document that outlines the responsibilities to be completed by the ISSO on behalf of a specific FISMA SystemWhat is the ISSO Appointment Letter? The Information System Security …
Tools / Services
Continuous Diagnostics and Mitigation (CDM)
Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systemsWhat is Continuous Diagnostics and Mitigation (CDM)? Continuous Diagnostics and …
General Information
System Security and Privacy Plan (SSPP)
Documentation of a FISMA system’s features and security requirements, along with controls and procedures for information protectionWhat is a System Security and Privacy Plan (SSPP)? The …
General Information
CMS Interconnection Security Agreement (ISA)
Defining the relationship between CMS information systems and external systemsWhat is an Interconnection Security Agreement (ISA)? An Interconnection Security …
General Information
Security Controls Assessment (SCA)
A compliance-based assessment to determine if a system's security and privacy controls are implemented correctlyWhat is a Security Control Assessment (SCA)? The Security Control …
Policy Documents
Risk Management Handbook Chapter 12: Security & Privacy Planning (PL)
RMH Chapter 12 provides information about the Security & Privacy Planning (PL) control family for use during a new ATO cycleIntroduction This Handbook outlines procedures to help CMS staff and …

Search Results

Web results with site links

CMS Information Security Advisory Board (CISAB)

Ongoing Authorization (OA)

ISSO As A Service

Security Impact Analysis (SIA)

ISSO Appointment Letter

Continuous Diagnostics and Mitigation (CDM)

System Security and Privacy Plan (SSPP)

CMS Interconnection Security Agreement (ISA)

Security Controls Assessment (SCA)

Risk Management Handbook Chapter 12: Security & Privacy Planning (PL)