Updates

The debut of CyberGeek has allowed ISPG to re-evaluate the way we publish and manage our core documents. CyberGeek is now the official ISPG website and serves as the single-source of truth for security and privacy at CMS.

The new website aims to provide: 

The Information Security and Privacy Group (ISPG) has updated the Acceptable Risk Safeguards (ARS) from ARS 5.01 to ARS 5.1. While this may seem like a major change that will impact how you manage your FISMA system, the changes are minor and should not impact your current system management practices.  

We’d like to welcome you to the brand-new CyberGeek! CyberGeek was designed by the CMS Information Security and Privacy Group (ISPG) to offer their customers a one-stop resource for information about security, privacy, and compliance. CyberGeek will: 

Purpose

This Memorandum informs CMS stakeholders of the best practices and security guidance for the use of Personally Identifiable Information / Personal Health Information (PII / PHI) and agency sensitive information when using CMS approved collaboration tools – specifically Zoom/WebEx, and Box.

This memo is rescinded as of January 3, 2022 with the publication of ARS 5.0 and its updates to the CMS POA&M standards, which align with the HHS POA&M standards.

The original memo is provided below for historical reference only.

This memo is rescinded as of January 3, 2022 with the publication of ARS 5.0 and its updates to the Access Control Family (AC)-02 Account Management Standard.

The original memo is provided below for historical reference only.