Physical & Environmental Protection (PE)
Understanding Physical and Environmental Protection (PE)
The Physical and Environmental (PE) control family explains how CMS must protect information systems by limiting who can physically access them, their equipment, and the environments where they operate. It also covers the need to protect the buildings and infrastructure that support these systems, ensure necessary utilities are available, and safeguard the systems from environmental dangers.
RM Guidelines for the Risk Assessment Control (RA)
Risk Assessment (RA) Informational Guide
Risk Assessment is the process of evaluating an organization’s defense mechanism against potential threats by identifying vulnerabilities, estimating or analyzing the likelihood and impact of potential threats and prioritizing risks to organizational operations (i.e., mission, functions, image and reputation), organizational assets and individuals, resulting from operating its information systems and the associated processing, storage, or transmission of information by those systems.
System and Information Integrity (SI)
What is System and Information Integrity (SI)
An information system is a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information. The integrity of an information system means the data within the information system is complete, trustworthy and has not been modified or accidentally altered by an unauthorized user.
Announcing a step-by-step guide to the CMS Risk Management Framework
What is the RMF?
The Risk Management Framework (RMF) from NIST provides a structured yet flexible process for managing risk throughout a system’s life cycle. It plays a key role in the steps we take at CMS to authorize and continuously monitor our information systems and keep them safe. The specific ways we apply these steps at CMS is known as the CMS Risk Management Framework (RMF).
New handbook: Audit and Accountability (AU)
Why we have an AU policy
Early in December, the ISPG Policy Team published a new Audit and Accountability (AU) handbook as part of the growing collection of security and privacy handbooks on CyberGeek.
CMS Risk Management Framework (RMF): Assess Step
What is the Risk Management Framework (RMF)?
The National Institute of Standards and Technology (NIST) created the RMF to provide a structured, flexible process to manage risk throughout a system’s life cycle. Using the RMF process helps CMS authorize and monitor our information systems and keep them safe.
The RMF is made up of 7 steps:
CMS Risk Management Framework (RMF): Prepare Step
What is the Risk Management Framework (RMF)?
The National Institute of Standards and Technology (NIST) created the RMF to provide a structured, flexible process to manage risk throughout a system’s life cycle. Using the RMF process helps CMS authorize and monitor our information systems and keep them safe.
The RMF is made up of 7 steps:
CMS Risk Management Framework (RMF): Monitor Step
What is the Monitor Step?
The purpose of the Monitor step is to maintain an ongoing situational awareness about the security and privacy posture of the information system and the organization in support of risk management decisions.
Task M-1 System and Environment Changes
CMS Risk Management Framework (RMF): Authorize Step
What is the Risk Management Framework (RMF)?
The National Institute of Standards and Technology (NIST) created the RMF to provide a structured, flexible process to manage risk throughout a system’s life cycle. Using the RMF process helps CMS authorize and monitor our information systems and keep them safe.
The RMF is made up of 7 steps: