CMS Policy & Guidance | ISPG CyberGeek

CMS Information Systems Security & Privacy Policy (IS2P2)

Read more about CMS Information Systems Security & Privacy Policy (IS2P2)

Purpose

As required under the Federal Information Security Modernization Act (FISMA) of 2014 (44 U.S.C. Chapter 35), and in compliance with the updated requirements of the National Institute of Standards and Technology's (NIST) Special Publications (SP) 800-53, Revision 5, and other federal requirements, this Policy defines the framework for protecting and controlling the confidentiality, integrity, and availability of CMS information and information systems.

SaaS Governance (SaaSG)

Read more about SaaS Governance (SaaSG)

Role Based Training (RBT)

Read more about Role Based Training (RBT)

ISSO Appointment Letter

Read more about ISSO Appointment Letter

Email Encryption Requirements at CMS

Read more about Email Encryption Requirements at CMS

CMS Enterprise Data Encryption (CEDE)

Read more about CMS Enterprise Data Encryption (CEDE)

CMS Security and Privacy Handbooks

Read more about CMS Security and Privacy Handbooks

CMS Interconnection Security Agreement (ISA)

Read more about CMS Interconnection Security Agreement (ISA)

Acronyms

Read more about Acronyms

CMS Acceptable Risk Safeguards (ARS)

Read more about CMS Acceptable Risk Safeguards (ARS)

Access the ARS

Current version of the ARS:

ARS 5.1

About the ARS

The Centers for Medicare & Medicaid Services (CMS) Information Security and Privacy Acceptable Risk Safeguards (ARS) provides the standard to CMS and its contractors as to the minimum acceptable level of required security and privacy controls.

Subscribe to CMS Policy & Guidance