CMS Acceptable Risk Safeguards (ARS)
Access the ARS
Current version of the ARS:
About the ARS
The Centers for Medicare & Medicaid Services (CMS) Information Security and Privacy Acceptable Risk Safeguards (ARS) provides the standard to CMS and its contractors as to the minimum acceptable level of required security and privacy controls.
CMS Breach Response Handbook
Introduction
This handbook defines actions that must be taken in response to a suspected breach of Personally Identifiable Information (PII) / Protected Health Information (PHI) / Federal Tax Information (FTI) at the CMS to meet federal requirements for breach response. The handbook includes roles and responsibilities, breach response deliverables and lines of communication, triggers for federal reporting requirements, and resources from HHS and other authorities.
RMH Chapter 16: System & Communications Protection
Introduction
The Risk Management Handbook Chapter 16: System and Communications Protection (SC) focuses on how the organization must: monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems; and employ architectural designs, software development techniques, and systems engineering principles that promote effective information security and privacy assurance within organizational information systems.
Risk Management Handbook Chapter 15: System & Services Acquisition
Introduction
The Risk Management Handbook Chapter 15, System and Services Acquisition, discusses how the organization must: