Articles

Why we have an MP policy

The ISPG Policy team published the new Media Protection (MP) Handbook early in September 2024.

Media Protection exists to protect media within an organization, and the definition of media is fairly broad: all physical devices, writing surfaces, and communication channels that include storage capabilities. Whether the communication is digital or in print and on paper, the MP policy covers proper handling and governance.

This blog is part of a series of updates about the changes coming to the CFACTS application. The UI is being revised to better reflect the RMF (Risk Management Framework) process. We will be posting updates regularly to help you navigate this transition.

We are giving a sneak peek starting on 11/1/2024 for users to check out the new changes, suggest any modifications, and become familiar with the new layout. You can see the new and improved layout in the implementation environment.

Goodbye RMH chapter 6, hello ISCP Handbook

Late in July 2024, the ISPG Policy team published a new handbook: the CMS Information System Contingency Plan (ISCP) Handbook.

This blog is part of a series of updates about the changes coming to the CFACTS application. The UI is being revised to better reflect the RMF (Risk Management Framework) process. We will be posting updates regularly to help you navigate this transition.

Join in some spooky fun!

Create an original Zoom Background with the theme “Scary Security Issues” in honor of Cybersecurity Awareness Month.  Highlight a security issue or named vulnerability while also celebrating the best holiday of the year – Halloween!  Show it off at the October 22, 2024, Zero Trust Ambassadors Office Hours and be entered to win a prize!

 Policy Enforcement and Compliance Monitoring is a function within the Devices pillar described in the Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model (ZTMM).

Tips for keeping yourself safe in the digital world

In today's increasingly digital world, cybersecurity attacks have become a pervasive threat that can have serious personal consequences for individuals. From identity theft to financial fraud, the impact of these attacks can be far-reaching and long-lasting. Understanding the nature of these threats and taking proactive steps to safeguard our digital lives is crucial in protecting ourselves from the dangers of cybercrime.

The rise of cybersecurity attacks

GTL Stakeholder field

In the stakeholder section, you can now add the government task lead (GTL) stakeholder to the authorization package.  The GTL will need the CFACTS_USER_PRD job code added in EUA before they can be added to the field in CFACTS. 

Deleting ISRAs

Previously, users could not delete duplicate or incorrect ISRA records from the authorization package and would need to create a support request ticket to have the CFACTS team delete the ISRA record. We’ve given users the ability to now go in and delete ISRA records. 

This blog is part of a series of updates about the changes coming to the CFACTS application. The UI is being revised to better reflect the RMF (Risk Management Framework) process. We will be posting updates regularly to help you navigate this transition.

In today's cybersecurity landscape, protecting sensitive information is crucial, especially for organizations working with the Centers for Medicare & Medicaid Services (CMS). GitHub Secret Scanning has emerged as a valuable tool in this effort, not only enhancing security but also aiding in meeting various requirements within the Zero Trust Applications Pillar and the Acceptable Risk Safeguards (ARS) controls.