Information System Security Officer (ISSO)

Why is database scanning important?

CMS databases and large data stores are a prime target for attackers because of the volume of sensitive information stored on CMS systems. That includes personally identifiable information (PII), protected health information (PHI), provider and beneficiary information, and intellectual property. 

Tips for families to stay safe online

This month's focus for Cyber360 is navigating cybersecurity as a family. In the digital age, where every household gadget can connect to the internet, cybersecurity is no longer just an individual concern—it's a family affair. From toddlers who can navigate a tablet before they can walk to grandparents who've embraced video calling with gusto, everyone's online. This interconnectedness, while bringing families closer, also opens up new vulnerabilities to cyber-attacks.

Background

Many federal laws, regulations, and policies play a pivotal role in managing security and privacy within CMS. They shape governance and compliance standards and are crucial in defining how security and privacy are upheld across the organization.

Why is the ISPG website (CyberGeek) open to the public?

When we set out to provide one authoritative home for CMS security and privacy information, ISPG leadership decided to make this information “public if possible”. That means instead of putting things behind a CMS login barrier by default, we go through a careful process to determine whether the information can safely be made public. If so, it is published here on our website. There are many benefits to this approach:

What is cryptographic agility?

Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s).  This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.  

How to submit a support request 

You can now submit an inquiry or support request by using the portal here. (Tip: Bookmark this page for easy access.) 

On the support portal, you’ll need to provide: 

The System Security and Privacy Plan (SSPP) is a collection of information associated with the FISMA system security. The SSPP provides an accurate, detailed description of the FISMA system itself, its security requirements, and the controls that are in place to protect the system.

We are announcing a subtle yet important change - the name has been updated from SSP to SSPP.

What’s changing? 

ARCHER is the underlying application behind CFACTS. ARCHER is being upgraded to 6.14 which will move the top navigation to the lefthand side of the page. This allows for easier access to pages like Assessment & Authorization (A&A), Federal Enterprise Management, and Work Request Management with additional quick access to subpages. Also, the left panel can be collapsed by clicking the round menu button on the right-hand side. 

The future of ACT (now CSRAP)

As we stand on the threshold of 2024, it's imperative to reflect on the accomplishments of the past year and anticipate the evolution of our cybersecurity efforts.

​The ​​CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition. 

Do I need a new job code? 

There will be new job codes for accessing CFACTS-Cloud.