Security Operations
Overview
Security Operations at CMS is focused on identifying and responding to cyber threats or incidents, while helping CMS teams follow best practices in continuous monitoring, risk management, and cybersecurity.
The CMS Cybersecurity Integration Center (CCIC) and Security Operations Center (SOC) offer a variety of services and assessments to help your team comply with federal information security standards and make risk-based decisions to protect sensitive information.
All resources in Security Operations
General Information
Policies and Handbooks
Latest articles and updates
- 6/29/2026UpdatesFrom Policy
CMS Acceptable Risk Safeguards (ARS) 5.2 Is Now Available
Update from 5.1 to 5.2 ARS. Updates to IS2P2.
- 3/11/2026UpdatesFrom CRM
What You Need to Know About the CrowdStrike and Tenable One Enterprise Rollout
CMS boosts cybersecurity with CrowdStrike EDR and Tenable One, improving threat detection, visibility, and alignment with federal requirements.
- 1/13/2026ArticlesFrom SCRM
Federal DevSecOps guidance: Why NIST’s new model matters
NIST's new co-developed SP 1800-44A DevSecOps framework marks a shift in federal cybersecurity guidance, with pros and cons noted by the industry