Zero Trust: what you need to know
Zero Trust is a cybersecurity model that offers protection for CMS systems, employees and beneficiaries through continuous validation at every stage of a digital interaction.
As CMS continues to modernize its systems and practices, the agency is implementing Zero Trust and its strong authentication methods, network segmentation, threat prevention, and “least access” policies to benefit everyone.
Executive Order on Improving the Nation’s Cybersecurity: What it means for you
What is the Executive Order?
The Executive Order on Improving the Nation's Cybersecurity (Executive Order 14028) is an important step forward in protecting Americans from cyber threats. The order, signed by President Biden on May 11, 2021, focuses on strengthening the cybersecurity of the federal government, critical infrastructure, and the private sector.
CMS Privacy Program Plan
Privacy program at CMS
Use and disclosure
As authorized by statute, regulation, or Executive Order, CMS conducts activities involving the collection, use, and disclosure of Protected Health Information (PHI) and Personally Identifiable Information (PII). CMS collects, uses, and discloses PII/PHI for payment and health care operations if and only if CMS can identify a statute or Executive Order that provides CMS with the authority for that action.
A history of CMS’ continued pursuit of Cyber Risk Management modernization
Navigating the vast digital ocean of today's ever-changing information technology can feel akin to leading a fleet of ships to a faraway destination. In a large government organization, the challenge is managing this fleet to safely journey through a sea teeming with potential cyber threats. The Centers for Medicare and Medicaid Services (CMS) has been charting a course for the last decade and has become adept at ensuring safe passage for its FISMA systems.
Transition from ARS 3.1 to 5.0: what you need to know
As CMS has transitioned from ARS 3.1 to ARS 5.0, there have been many questions about the implications of the transition. What does it mean for your system? How does it impact your current controls? What steps are being taken at CMS to ensure compliance?
CMS Information System Contingency Plan (ISCP) Exercise Handbook
Contingency Planning at CMS
Contingency planning at the Center for Medicare and Medicaid Services (CMS) is essential for protecting the organization from potential risks and ensuring the continuity of its operations. An Information System Contingency Plan (ISCP) is the cornerstone document of contingency planning for information systems, and every CMS FISMA system must have one in place.
ISPG’s response to the new National Cybersecurity Strategy for 2023
What is the National Cybersecurity Strategy?
The Biden-Harris Administration released a National Cybersecurity Strategy in March 2023, which outlines their vision for a secure and resilient digital environment for the United States.