Risk Management Handbook Chapter 12: Security & Privacy Planning (PL)
Introduction
This Handbook outlines procedures to help CMS staff and contractors implement the Security & Privacy Planning family of controls taken from the National Institute of Standards and Technology (NIST) Special Publication 800-53 and tailored to the CMS environment in the CMS Acceptable Risk Safeguards (ARS). For more guidance on how to implement CMS policies and standards across many cybersecurity topics, see the CMS Security and Privacy Handbooks.
RMH Chapter 4: Security Assessment & Authorization
Introduction
This chapter of the Risk Management Handbook (RMH) covers the Security Assessment and Authorization family of controls. It describes procedures that help you meet the security and privacy requirements for this control family. Each procedure is labeled with the associated NIST controls using the control number from the CMS ARS.
CMS Plan of Action and Milestones (POA&M) Handbook
What is a POA&M?
A Plan of Action and Milestones (POA&M) is a corrective action plan that tracks system weakness and allows System Owners and ISSOs to create a plan to resolve the identified weaknesses over time. A POA&M provides details about the personnel, technology, and funding required to accomplish the elements of the plan, milestones for correcting the weaknesses, and scheduled completion dates for the milestones.