Assessments & Audits

Why we have an AU policy

Early in December, the ISPG Policy Team published a new Audit and Accountability (AU) handbook as part of the growing collection of security and privacy handbooks on CyberGeek.

Why is database scanning important?

CMS databases and large data stores are a prime target for attackers because of the volume of sensitive information stored on CMS systems. That includes personally identifiable information (PII), protected health information (PHI), provider and beneficiary information, and intellectual property. 

The System Security and Privacy Plan (SSPP) is a collection of information associated with the FISMA system security. The SSPP provides an accurate, detailed description of the FISMA system itself, its security requirements, and the controls that are in place to protect the system.

We are announcing a subtle yet important change - the name has been updated from SSP to SSPP.

The future of ACT (now CSRAP)

As we stand on the threshold of 2024, it's imperative to reflect on the accomplishments of the past year and anticipate the evolution of our cybersecurity efforts.

In today's digital landscape, organizations face an ever-evolving array of cyber threats that can compromise their critical data assets. As technology advances, so do the tactics employed by malicious actors seeking to infiltrate networks, steal sensitive information, and cause damage. To counter these threats, it is crucial for organizations to assess their security posture comprehensively and proactively. This is where the Red Team Engagements come into play.