CMS Access Control Handbook
Introduction
Access is the ability to make use of any system resource. Access Control (AC) is the process of granting or denying specific requests to:
ISPG will transition away from the Risk Management Handbook
The debut of CyberGeek has allowed ISPG to re-evaluate the way we publish and manage our core documents. CyberGeek is now the official ISPG website and serves as the single-source of truth for security and privacy at CMS.
The new website aims to provide:
CMS Threat Modeling Handbook
Disclaimer: The information and resources in this document are driven directly at and for CMS internal teams and ADOs to help them initiate and complete threat model exercises. While you may be viewing this document as a publicly available resource to anyone, any information excluded as well as context included is meant for CMS-specific audiences.
CMS Cybersecurity Integration Center (CCIC) Red Team Engagements
In today's digital landscape, organizations face an ever-evolving array of cyber threats that can compromise their critical data assets. As technology advances, so do the tactics employed by malicious actors seeking to infiltrate networks, steal sensitive information, and cause damage. To counter these threats, it is crucial for organizations to assess their security posture comprehensively and proactively. This is where the Red Team Engagements come into play.
Welcome to ISPG CyberGeek
We’d like to welcome you to the brand-new CyberGeek! CyberGeek was designed by the CMS Information Security and Privacy Group (ISPG) to offer their customers a one-stop resource for information about security, privacy, and compliance. CyberGeek will:
Executive Order on Improving the Nation’s Cybersecurity: What it means for you
What is the Executive Order?
The Executive Order on Improving the Nation's Cybersecurity (Executive Order 14028) is an important step forward in protecting Americans from cyber threats. The order, signed by President Biden on May 11, 2021, focuses on strengthening the cybersecurity of the federal government, critical infrastructure, and the private sector.
Zero Trust: what you need to know
Zero Trust is a cybersecurity model that offers protection for CMS systems, employees and beneficiaries through continuous validation at every stage of a digital interaction.
As CMS continues to modernize its systems and practices, the agency is implementing Zero Trust and its strong authentication methods, network segmentation, threat prevention, and “least access” policies to benefit everyone.
Transition from ARS 3.1 to 5.0: what you need to know
As CMS has transitioned from ARS 3.1 to ARS 5.0, there have been many questions about the implications of the transition. What does it mean for your system? How does it impact your current controls? What steps are being taken at CMS to ensure compliance?
ISPG’s response to the new National Cybersecurity Strategy for 2023
What is the National Cybersecurity Strategy?
The Biden-Harris Administration released a National Cybersecurity Strategy in March 2023, which outlines their vision for a secure and resilient digital environment for the United States.