System Teams | ISPG CyberGeek

Cryptographic agility in the zeitgeist

Read more about Cryptographic agility in the zeitgeist

Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s). This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.

CFACTS Update: Improvements to ATO Request workflow

Read more about CFACTS Update: Improvements to ATO Request workflow

Getting an Authorization to Operate (ATO) is a lot of work. The CFACTS team is dedicated to making the process smoother for ISSOs and other ATO stakeholders. We have made updates to the ATO Request workflow in CFACTS, which are summarized below.

CMS CyberWorks

Read more about CMS CyberWorks

CMS Technical Reference Architecture (TRA)

Read more about CMS Technical Reference Architecture (TRA)

CMS Key Management Handbook

Read more about CMS Key Management Handbook

Background

This handbook aligns with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-57 series, the CMS IS2P2, and the CMS Acceptable Risk Safeguards (ARS).

Read the CMS ISSO Journal

Read more about Read the CMS ISSO Journal

What is the ISSO Journal?

The ISSO Journal was established to share knowledge among CMS Information System Security Officers (ISSOs) and promote ongoing role-based education. As the publication evolved over time, it now serves the entire CMS cybersecurity community with the latest insights on security and privacy topics. It provides information about cybersecurity trends and developments at CMS to support ISSOs and decision makers alike.

Template management is changing at ISPG: what you need to know

Read more about Template management is changing at ISPG: what you need to know

The debut of CyberGeek has allowed ISPG to re-evaluate the way we publish and manage our core documents. CyberGeek is now the official ISPG website and serves as the single-source of truth for security and privacy at CMS that provides:

ISPG Innovation Lab

Read more about ISPG Innovation Lab

Zero Trust Maturity Model, Version 2: now with less trust!

Read more about Zero Trust Maturity Model, Version 2: now with less trust!

In April 2023, the Cybersecurity and Infrastructure Security Agency (CISA) released version two of their Zero Trust Maturity Model (ZTMM). This version incorporates feedback from experts and the community in response to their initial June 2021 draft. CISA has kept its conceptual view of a Zero Trust Architecture (ZTA), incorporating five pillars and three cross-cutting capabilities. However, it has significantly reviewed the functions that build each pillar and capability.

Evaluating Threat Modeling Methodologies

Read more about Evaluating Threat Modeling Methodologies

In today's increasingly digital world, cybersecurity has become an essential component of any organization's risk management strategy. Threat modeling is a key technique used by cybersecurity professionals to identify, prioritize, and mitigate potential threats and vulnerabilities in their systems and applications. There are various threat modeling methodologies used in the industry, but three of the most commonly used are STRIDE, DREAD, and PASTA.

Subscribe to System Teams