System / Business Owner

The Centers for Medicare & Medicaid Services (CMS) Information Security and Privacy Acceptable Risk Safeguards (ARS) provides the standard to CMS and its contractors as to the minimum acceptable level of required security and privacy controls.

CMS Breach Response Handbook

Read more about CMS Breach Response Handbook

Introduction

This handbook defines actions that must be taken in response to a suspected breach of Personally Identifiable Information (PII) / Protected Health Information (PHI) / Federal Tax Information (FTI) at the CMS to meet federal requirements for breach response. The handbook includes roles and responsibilities, breach response deliverables and lines of communication, triggers for federal reporting requirements, and resources from HHS and other authorities.

Breach Response

CMS Security and Privacy Handbooks

Continuous Diagnostics and Mitigation (CDM)

Zero Trust

CMS Interconnection Security Agreement (ISA)

CMS Computer Matching Agreement (CMA)

CMS Acceptable Risk Safeguards (ARS)

Access the ARS

About the ARS

CMS Breach Response Handbook

Introduction

Threat Modeling

System Audits