Security Operations
Overview
Security Operations at CMS is focused on identifying and responding to cyber threats or incidents, while helping CMS teams follow best practices in continuous monitoring, risk management, and cybersecurity.
The CMS Cybersecurity Integration Center (CCIC) and Security Operations Center (SOC) offer a variety of services and assessments to help your team comply with federal information security standards and make risk-based decisions to protect sensitive information.
All resources in Security Operations
General Information
Policies and Handbooks
Latest articles and updates
- 12/3/2025ArticlesFrom Zero Trust
Linking encryption to power Zero Trust
Linking network and data encryption with programmatic Key Management Service (KMS) alerts is essential for CMS to achieve advanced Zero Trust maturity
- 12/1/2025ArticlesFrom Zero Trust
Protecting CMS systems: Zero Trust security monitoring with Terraform Cloud
Learn how your team can level-up Zero Trust maturity and cloud security by implementing eleven essential CloudWatch compliance alarms
- 9/29/2025ArticlesFrom SCRM
Evolving expectations: ISSOs and Supply Chain Risk Management
Learn how federal requirements for SCRM have evolved over time, and how recent executive orders affect ISSO responsibilities.