ZT Devices Pillar: Enforcing security policies and monitoring compliance
Policy Enforcement and Compliance Monitoring is a function within the Devices pillar described in the Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model (ZTMM).
What the IS2P2's new Rapid Cloud Review (RCR) requirement means for you
When the Policy team updated the IS2P2 in June 2024, one big change came from a clarification about requirements for cloud service implementation at CMS. Now, all SaaS products used at CMS that do not have FedRAMP authorization must go through a Rapid Cloud Review (RCR) process.
If your SaaS product is currently FedRAMP authorized, you don't need to do anything more — you have satisfied the new requirement.
Introducing the CMS Guide to Federal Laws, Regulations, and Policies
Background
Many federal laws, regulations, and policies play a pivotal role in managing security and privacy within CMS. They shape governance and compliance standards and are crucial in defining how security and privacy are upheld across the organization.
CMS Guide to Federal Laws, Regulations, and Policies
There are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.
DISCLAIMER:
The 7 Tenets of Zero Trust for ISSOs and ADOs
As part of their white paper on Zero Trust SP-800-207, NIST identified Seven Tenets that form the foundation of Zero Trust. The Zero Trust Workgroup at CMS has applied these tenets to CMS IT. CMS has many initiatives that support Zero Trust architecture, so engaging with those early can set your project up for a more mature Zero Trust architecture in the future and increase security now.
Zero Trust Maturity Model, Version 2: now with less trust!
In April 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released version two of their Zero Trust Maturity Model (ZTMM). This version incorporates feedback from experts and the community in response to their initial June 2021 draft. CISA has kept its conceptual view of a Zero Trust Architecture (ZTA), incorporating five pillars and three cross-cutting capabilities. However, it has significantly reviewed the functions that build each pillar and capability.
Executive Order on Improving the Nation’s Cybersecurity: What it means for you
What is the Executive Order?
The Executive Order on Improving the Nation's Cybersecurity (Executive Order 14028) is an important step forward in protecting Americans from cyber threats. The order, signed by President Biden on May 11, 2021, focuses on strengthening the cybersecurity of the federal government, critical infrastructure, and the private sector.
Zero Trust: what you need to know
Zero Trust is a cybersecurity model that offers protection for CMS systems, employees and beneficiaries through continuous validation at every stage of a digital interaction.
As CMS continues to modernize its systems and practices, the agency is implementing Zero Trust and its strong authentication methods, network segmentation, threat prevention, and “least access” policies to benefit everyone.
ISPG’s response to the new National Cybersecurity Strategy for 2023
What is the National Cybersecurity Strategy?
The Biden-Harris Administration released a National Cybersecurity Strategy in March 2023, which outlines their vision for a secure and resilient digital environment for the United States.