CMS Information System Contingency Plan (ISCP) Exercise Handbook
Contingency Planning at CMS
Contingency planning at the Center for Medicare and Medicaid Services (CMS) is essential for protecting the organization from potential risks and ensuring the continuity of its operations. An Information System Contingency Plan (ISCP) is the cornerstone document of contingency planning for information systems, and every CMS FISMA system must have one in place.
CMS Acceptable Risk Safeguards (ARS)
Access the ARS
Current version of the ARS:
About the ARS
The Centers for Medicare & Medicaid Services (CMS) Information Security and Privacy Acceptable Risk Safeguards (ARS) provides the standard to CMS and its contractors as to the minimum acceptable level of required security and privacy controls.
Risk Management Handbook Chapter 14: Risk Assessment (RA)
Introduction
The Centers for Medicare & Medicaid Services (CMS) Risk Management Handbook (RMH) Chapter 14: Risk Assessment provides the procedures for implementing the requirements of the CMS Information Systems Security and Privacy Policy (IS2P2) and the CMS Acceptable Risk Safeguards (ARS). This document describes procedures that facilitate the implementation of security controls associated with the Risk Assessment (RA) family of controls. To promote consistency among all RMH Chapters, CMS intends for Chapter 14.
Risk Management Handbook Chapter 13: Personnel Security (PS)
Introduction
The Risk Management Handbook Chapter 13: Personnel Security discusses how the organization must: ensure that individuals occupying positions of responsibility within organizations (including third-party service providers) are trustworthy and meet established security criteria for those positions prior to issuing any security credentials or providing authorized access to Federal information systems; ensure that organizational information and information systems are protected during and after personnel actions such as terminations and transfers; and employ formal sanction
Risk Management Handbook Chapter 5: Configuration Management (CM)
Introduction
This Handbook outlines procedures to help CMS staff and contractors implement the Configuration Management family of controls taken from the National Institute of Standards and Technology (NIST) Special Publication 800-53 and tailored to the CMS environment in the CMS Acceptable Risk Safeguards (ARS). For more guidance on how to implement CMS policies and standards across many cybersecurity topics, see the CMS Security and Privacy Handbooks.