Public if possible: ISPG’s commitment to customers
Why is the ISPG website (CyberGeek) open to the public?
When we set out to provide one authoritative home for CMS security and privacy information, ISPG leadership decided to make this information “public if possible”. That means instead of putting things behind a CMS login barrier by default, we go through a careful process to determine whether the information can safely be made public. If so, it is published here on our website. There are many benefits to this approach:
CFACTS How-To: Submit a support request
How to submit a support request
You can now submit an inquiry or support request by using the portal here. (Tip: Bookmark this page for easy access.)
On the support portal, you’ll need to provide:
The SSP is now the SSPP: Here’s Why
The System Security and Privacy Plan (SSPP) is a collection of information associated with the FISMA system security. The SSPP provides an accurate, detailed description of the FISMA system itself, its security requirements, and the controls that are in place to protect the system.
We are announcing a subtle yet important change - the name has been updated from SSP to SSPP.
CFACTS Update: ARCHER 6.14 coming to CFACTS
What’s changing?
ARCHER is the underlying application behind CFACTS. ARCHER is being upgraded to 6.14 which will move the top navigation to the lefthand side of the page. This allows for easier access to pages like Assessment & Authorization (A&A), Federal Enterprise Management, and Work Request Management with additional quick access to subpages. Also, the left panel can be collapsed by clicking the round menu button on the right-hand side.
Embracing Change: Transitioning from ACT to CSRAP in 2024
The future of ACT (now CSRAP)
As we stand on the threshold of 2024, it's imperative to reflect on the accomplishments of the past year and anticipate the evolution of our cybersecurity efforts.
CFACTS Cloud migration update: Job codes
The CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition.
Do I need a new job code?
There will be new job codes for accessing CFACTS-Cloud.
The CMS Information Security and Privacy Library is retired: 3 things to do now
The Information Security and Privacy Group (ISPG) has a new website — known as “CyberGeek” — that is now your first stop for security and privacy information! Visit CyberGeek at security.cms.gov to learn about the policies, programs, and tools that help keep CMS information and systems safe.
CMS Guide to Federal Laws, Regulations, and Policies
There are federal laws, regulations, and policies outside of CMS that shape how security and privacy is managed inside CMS. This page contains a comprehensive list of these external requirements, and shows how they relate to the security and privacy policies and guidance at CMS.
DISCLAIMER:
CFACTS Update: Improvements to ATO Request workflow
Getting an Authorization to Operate (ATO) is a lot of work. The CFACTS team is dedicated to making the process smoother for ISSOs and other ATO stakeholders. We have made updates to the ATO Request workflow in CFACTS, which are summarized below.
Completing tasks in CFACTS is easy with "CFACTS How-To" videos
You may have noticed several changes in how system information and documents are stored in the CMS FISMA Continuous Tracking System (CFACTS). To help you navigate these changes, the CFACTS Team has been busy making "how-to" videos designed to help Information System Security Officers (ISSOs), System/Business Owners, and Cyber Risk Advisors (CRAs) complete tasks in CFACTS.