CISO Memo: Guidance for using collaborative tools
Purpose
This Memorandum informs CMS stakeholders of the best practices and security guidance for the use of Personally Identifiable Information / Personal Health Information (PII / PHI) and agency sensitive information when using CMS approved collaboration tools – specifically Zoom/WebEx, and Box.
CISO Memo: Implementing the updated HHS POA&M standard
This memo is rescinded as of January 3, 2022 with the publication of ARS 5.0 and its updates to the CMS POA&M standards, which align with the HHS POA&M standards.
The original memo is provided below for historical reference only.
CISO Memo: Changes to the Access Control (AC) Account Management Standard
This memo is rescinded as of January 3, 2022 with the publication of ARS 5.0 and its updates to the Access Control Family (AC)-02 Account Management Standard.
The original memo is provided below for historical reference only.