Federal Policies and Guidance
Overview
Security and privacy policies and practices at CMS are derived from federal requirements and regulatory bodies. These federal sources dictate how we manage risk for our systems and how we protect sensitive information.
As our government continues to modernize its systems and security standards, it's important for CMS staff and contractors to stay updated with the latest federal policies and guidance, provided below.
All resources in Federal Policies and Guidance
General Information
Policies and Handbooks
Tools and Services
No tools and services to display
Latest articles and updates
- 2/23/2026ArticlesFrom Zero Trust
Core cyber essentials for a resilient digital environment
Learn the cyber essentials that will prevent critical breaches, eliminate misconfigurations, and build lasting, verifiable security with a Zero Trust approach.
- 1/13/2026ArticlesFrom SCRM
Federal DevSecOps guidance: Why NIST’s new model matters
NIST's new co-developed SP 1800-44A DevSecOps framework marks a shift in federal cybersecurity guidance, with pros and cons noted by the industry
- 5/1/2025ArticlesFrom Zero Trust
Secure your web: How to keep URLs safe and compliant at CMS with HSTS
Learn about HTTP Strict Transport Security (HSTS), why it’s important, and how the Zero Trust team can help you comply with web security requirements.