What the IS2P2's new Rapid Cloud Review (RCR) requirement means for you
When the Policy team updated the IS2P2 in June 2024, one big change came from a clarification about requirements for cloud service implementation at CMS. Now, all SaaS products used at CMS that do not have FedRAMP authorization must go through a Rapid Cloud Review (RCR) process.
If your SaaS product is currently FedRAMP authorized, you don't need to do anything more — you have satisfied the new requirement.
GitHub Secret Scanning: Enhancing security, ARS compliance, and Zero Trust
In today's cybersecurity landscape, protecting sensitive information is crucial, especially for organizations working with the Centers for Medicare & Medicaid Services (CMS). GitHub Secret Scanning has emerged as a valuable tool in this effort, not only enhancing security but also aiding in meeting various requirements within the Zero Trust Applications Pillar and the Acceptable Risk Safeguards (ARS) controls.
CMS Information System Contingency Plan (ISCP) Handbook
What is an Information System Contingency Plan?
Contingency planning at the Center for Medicare and Medicaid Services (CMS) is essential for protecting the organization from potential risks and ensuring the continuity of its operations. An Information System Contingency Plan (ISCP) is the cornerstone document of contingency planning, and every CMS system must have one in place.
New IS2P2 updates: What you need to know
The ISPG Policy team regularly revisits the CMS Information Systems Security & Privacy Policy (IS2P2) to incorporate new information, update language, and keep the document up to date.
The most recent revisions came out in June 2024. We’ve called out and clearly identified the six big changes so you can quickly and easily understand what’s new and how it might affect your work.
List of updates
The IS2P2 updates address several gaps:
Cyber360 July - Enhancing financial security
Tips for online financial security
This month, Cyber360 at CMS is focused on financial security. As we move more of our financial lives online, from banking to investing, the need for strong cybersecurity has never been greater. Here are some ways you can protect yourself and your finances.
Tap payments: A smarter way to pay
CMS Cybersecurity and Privacy Training Handbook
Introduction
At CMS, we prioritize the security of our data, systems, and your work environment. Every person here is part of our effort to keep CMS information and beneficiary data safe. Security and privacy are everyone's job. Being aware of cyber threats is an ongoing responsibility that we all share.
Top 5 cybersecurity trends for 2024
Background
The cybersecurity field is ever-evolving, with new threats and technologies emerging constantly. Staying informed about these trends is crucial for protecting our systems and data at CMS.
What is the News?
In this post, we'll explore the top 5 emerging trends in cybersecurity that are transforming how we defend against cyber threats. Understanding these trends will help you stay ahead in the rapidly changing digital security landscape.
CFACTS Cloud migration update: Say hello to CFACTS-Cloud!
The CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition.
The migration to AWS cloud is now complete, here’s what you need to know about the new link and authentication flow for this new environment.
CFACTS Cloud migration update: Sneak peek
The CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition.
You can now explore CFACTS-Cloud, preview new enhancements, and test new features.