Welcome to ISPG CyberGeek
We’d like to welcome you to the brand-new CyberGeek! CyberGeek was designed by the CMS Information Security and Privacy Group (ISPG) to offer their customers a one-stop resource for information about security, privacy, and compliance. CyberGeek will:
CMS Cyber Risk Management Plan (CRMP)
Introduction
The Centers for Medicare & Medicaid Services (CMS) operates information technology (IT) systems that process personally identifiable information (PII) of more than 140 million Americans. The CMS Information Security and Privacy Group (ISPG) is responsible for defining the overarching strategy for managing risk associated with the operation of these information systems. This CMS Cyber Risk Management Plan (CRMP) outlines that strategy.
Zero Trust: what you need to know
Zero Trust is a cybersecurity model that offers protection for CMS systems, employees and beneficiaries through continuous validation at every stage of a digital interaction.
As CMS continues to modernize its systems and practices, the agency is implementing Zero Trust and its strong authentication methods, network segmentation, threat prevention, and “least access” policies to benefit everyone.
Executive Order on Improving the Nation’s Cybersecurity: What it means for you
What is the Executive Order?
The Executive Order on Improving the Nation's Cybersecurity (Executive Order 14028) is an important step forward in protecting Americans from cyber threats. The order, signed by President Biden on May 11, 2021, focuses on strengthening the cybersecurity of the federal government, critical infrastructure, and the private sector.
CMS Privacy Program Plan
Privacy program at CMS
Use and disclosure
As authorized by statute, regulation, or Executive Order, CMS conducts activities involving the collection, use, and disclosure of Protected Health Information (PHI) and Personally Identifiable Information (PII). CMS collects, uses, and discloses PII/PHI for payment and health care operations if and only if CMS can identify a statute or Executive Order that provides CMS with the authority for that action.
A history of CMS’ continued pursuit of Cyber Risk Management modernization
Navigating the vast digital ocean of today's ever-changing information technology can feel akin to leading a fleet of ships to a faraway destination. In a large government organization, the challenge is managing this fleet to safely journey through a sea teeming with potential cyber threats. The Centers for Medicare and Medicaid Services (CMS) has been charting a course for the last decade and has become adept at ensuring safe passage for its FISMA systems.
Transition from ARS 3.1 to 5.0: what you need to know
As CMS has transitioned from ARS 3.1 to ARS 5.0, there have been many questions about the implications of the transition. What does it mean for your system? How does it impact your current controls? What steps are being taken at CMS to ensure compliance?
CMS Information System Contingency Plan (ISCP) Exercise Handbook
Contingency Planning at CMS
Contingency planning at the Center for Medicare and Medicaid Services (CMS) is essential for protecting the organization from potential risks and ensuring the continuity of its operations. An Information System Contingency Plan (ISCP) is the cornerstone document of contingency planning for information systems, and every CMS FISMA system must have one in place.