Application Security

Evaluating Threat Modeling Methodologies

Read more about Evaluating Threat Modeling Methodologies

In today's increasingly digital world, cybersecurity has become an essential component of any organization's risk management strategy. Threat modeling is a key technique used by cybersecurity professionals to identify, prioritize, and mitigate potential threats and vulnerabilities in their systems and applications. There are various threat modeling methodologies used in the industry, but three of the most commonly used are STRIDE, DREAD, and PASTA.

CMS Threat Modeling Handbook

Read more about CMS Threat Modeling Handbook

Disclaimer: The information and resources in this document are driven directly at and for CMS internal teams and ADOs to help them initiate and complete threat model exercises. While you may be viewing this document as a publicly available resource to anyone, any information excluded as well as context included is meant for CMS-specific audiences.

Read more about Application Security

Software Bill of Materials (SBOM)

Read more about Software Bill of Materials (SBOM)

SaaS Governance (SaaSG)

Read more about SaaS Governance (SaaSG)

Threat Modeling

Read more about Threat Modeling

RMH Chapter 16: System & Communications Protection

Read more about RMH Chapter 16: System & Communications Protection

Introduction

The Risk Management Handbook Chapter 16: System and Communications Protection (SC) focuses on how the organization must: monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems; and employ architectural designs, software development techniques, and systems engineering principles that promote effective information security and privacy assurance within organizational information systems.

Risk Management Handbook Chapter 15: System & Services Acquisition

Read more about Risk Management Handbook Chapter 15: System & Services Acquisition

Introduction

The Risk Management Handbook Chapter 15, System and Services Acquisition, discusses how the organization must:

Risk Management Handbook Chapter 9: Maintenance (MA)

Read more about Risk Management Handbook Chapter 9: Maintenance (MA)

Introduction

This Handbook outlines procedures to help CMS staff and contractors implement the Maintenance family of controls taken from the National Institute of Standards and Technology (NIST) Special Publication 800-53 and tailored to the CMS environment in the CMS Acceptable Risk Safeguards (ARS). For more guidance on how to implement CMS policies and standards across many cybersecurity topics, see the CMS Security and Privacy Handbooks.

CMS Cloud Services

Read more about CMS Cloud Services

Subscribe to Application Security