New handbook: Media Protection (MP)
Why we have an MP policy
The ISPG Policy team published the new Media Protection (MP) Handbook early in September 2024.
Media Protection exists to protect media within an organization, and the definition of media is fairly broad: all physical devices, writing surfaces, and communication channels that include storage capabilities. Whether the communication is digital or in print and on paper, the MP policy covers proper handling and governance.
Top 5 cybersecurity trends for 2024
Background
The cybersecurity field is ever-evolving, with new threats and technologies emerging constantly. Staying informed about these trends is crucial for protecting our systems and data at CMS.
What is the News?
In this post, we'll explore the top 5 emerging trends in cybersecurity that are transforming how we defend against cyber threats. Understanding these trends will help you stay ahead in the rapidly changing digital security landscape.
Learn about Purple Team Engagements from CCIC
In the ever-evolving landscape of cybersecurity, organizations continuously seek effective methods to bolster their defenses against potential threats. One such method gaining traction is the concept of Purple Team engagements. This blog post aims to provide a high-level understanding of what a Purple Team is, the teams involved, and the overarching purpose of these engagements, specifically within the Centers for Medicare and Medicaid Services (CMS).
What is a Purple Team?
Avoid database breaches with ISPG’s free vulnerability scanning service
Why is database scanning important?
CMS databases and large data stores are a prime target for attackers because of the volume of sensitive information stored on CMS systems. That includes personally identifiable information (PII), protected health information (PHI), provider and beneficiary information, and intellectual property.
How to use MITRE ATT&CK in conjunction with Threat Modeling
Cyber resilience is difficult to quantify, implement, and measure. What we definitely know is it breaks down into proactive and reactive approaches to security. Reactive resilience is what happens after the incident: how quickly can we identify, contain, eradicate, and recover from the attack? Proactive resilience addresses understanding the attack surface and the ability to identify and thwart attacks before they happen.
Did you miss the July 2023 Threat Modeling Office Hours?
Did you miss the July 2023 Threat Modeling Office Hours? Catch up on important information, news, and updates from the CMS Threat Modeling Team.
CMS Threat Modeling Handbook
Disclaimer: The information and resources in this document are driven directly at and for CMS internal teams and ADOs to help them initiate and complete threat model exercises. While you may be viewing this document as a publicly available resource to anyone, any information excluded as well as context included is meant for CMS-specific audiences.
CMS Cybersecurity Integration Center (CCIC) Red Team Engagements
In today's digital landscape, organizations face an ever-evolving array of cyber threats that can compromise their critical data assets. As technology advances, so do the tactics employed by malicious actors seeking to infiltrate networks, steal sensitive information, and cause damage. To counter these threats, it is crucial for organizations to assess their security posture comprehensively and proactively. This is where the Red Team Engagements come into play.