Articles

Why is the ISPG website (CyberGeek) open to the public?

When we set out to provide one authoritative home for CMS security and privacy information, ISPG leadership decided to make this information “public if possible”. That means instead of putting things behind a CMS login barrier by default, we go through a careful process to determine whether the information can safely be made public. If so, it is published here on our website. There are many benefits to this approach:

What is cryptographic agility?

Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s).  This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.  

How to submit a support request 

You can now submit an inquiry or support request by using the portal here. (Tip: Bookmark this page for easy access.) 

On the support portal, you’ll need to provide: 

The System Security and Privacy Plan (SSPP) is a collection of information associated with the FISMA system security. The SSPP provides an accurate, detailed description of the FISMA system itself, its security requirements, and the controls that are in place to protect the system.

We are announcing a subtle yet important change - the name has been updated from SSP to SSPP.

What’s changing? 

ARCHER is the underlying application behind CFACTS. ARCHER is being upgraded to 6.14 which will move the top navigation to the lefthand side of the page. This allows for easier access to pages like Assessment & Authorization (A&A), Federal Enterprise Management, and Work Request Management with additional quick access to subpages. Also, the left panel can be collapsed by clicking the round menu button on the right-hand side. 

​The ​​CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition. 

Do I need a new job code? 

There will be new job codes for accessing CFACTS-Cloud. 

The CMS Assessment and Audit Tracking (CAAT) spreadsheet is used to track system vulnerabilities following any assessment, audit, or penetration testing. The CAAT is entered into CFACTS and used to help ISSOs start preparing a Plan of Action and Milestones (POA&M) to remediate system weaknesses. 

Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s).  This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.  

Getting an Authorization to Operate (ATO) is a lot of work. The CFACTS team is dedicated to making the process smoother for ISSOs and other ATO stakeholders. We have made updates to the ATO Request workflow in CFACTS, which are summarized below. 

You may have noticed several changes in how system information and documents are stored in the CMS FISMA Continuous Tracking System (CFACTS). To help you navigate these changes, the CFACTS Team has been busy making "how-to" videos designed to help Information System Security Officers (ISSOs), System/Business Owners, and Cyber Risk Advisors (CRAs) complete tasks in CFACTS.