How CMS satisfies federal requirements for the encryption of data to keep sensitive information safe
Data encryption at CMS
CMS Enterprise Data Encryption (CEDE) is the initiative to bring CMS practices into compliance with federal requirements for data encryption, including Executive Order 14028 on Improving the Nation’s Cybersecurity and M-22-09 on Zero Trust Strategy.
Data encryption is a security method where information is encoded and can only be accessed or “decrypted” by people with special access or a secret key. Encrypting sensitive data helps us keep personal and health information safe for millions of Americans.
What are CMS requirements for data encryption?
Business Owners are required to encrypt sensitive information at rest and in transit for all CMS systems that store or transmit sensitive information. These standards also require specific protections where sensitive Personally Identifiable Information (PII) is present.
The CMS CIO released a memorandum that explains the specific requirements of data encryption at CMS. You need a CMS login to access this information, or you can request a copy from your COR or ISSO.