Data Guardian

What is the RMF?

The Risk Management Framework (RMF) from NIST provides a structured yet flexible process for managing risk throughout a system’s life cycle. It plays a key role in the steps we take at CMS to authorize and continuously monitor our information systems and keep them safe. The specific ways we apply these steps at CMS is known as the CMS Risk Management Framework (RMF).

Why we have an MP policy

The ISPG Policy team published the new Media Protection (MP) Handbook early in September 2024.

Media Protection exists to protect media within an organization, and the definition of media is fairly broad: all physical devices, writing surfaces, and communication channels that include storage capabilities. Whether the communication is digital or in print and on paper, the MP policy covers proper handling and governance.

In today's cybersecurity landscape, protecting sensitive information is crucial, especially for organizations working with the Centers for Medicare & Medicaid Services (CMS). GitHub Secret Scanning has emerged as a valuable tool in this effort, not only enhancing security but also aiding in meeting various requirements within the Zero Trust Applications Pillar and the Acceptable Risk Safeguards (ARS) controls.

The ISPG Policy team regularly revisits the CMS Information Systems Security & Privacy Policy (IS2P2) to incorporate new information, update language, and keep the document up to date.

The most recent revisions came out in June 2024. We’ve called out and clearly identified the six big changes so you can quickly and easily understand what’s new and how it might affect your work.

List of updates

The IS2P2 updates address several gaps:

Tips for online financial security

This month, Cyber360 at CMS is focused on financial security. As we move more of our financial lives online, from banking to investing, the need for strong cybersecurity has never been greater. Here are some ways you can protect yourself and your finances.

Tap payments: A smarter way to pay

Background

The cybersecurity field is ever-evolving, with new threats and technologies emerging constantly. Staying informed about these trends is crucial for protecting our systems and data at CMS.

What is the News?

In this post, we'll explore the top 5 emerging trends in cybersecurity that are transforming how we defend against cyber threats. Understanding these trends will help you stay ahead in the rapidly changing digital security landscape.

Tips for families to stay safe online

This month's focus for Cyber360 is navigating cybersecurity as a family. In the digital age, where every household gadget can connect to the internet, cybersecurity is no longer just an individual concern—it's a family affair. From toddlers who can navigate a tablet before they can walk to grandparents who've embraced video calling with gusto, everyone's online. This interconnectedness, while bringing families closer, also opens up new vulnerabilities to cyber-attacks.

Background

Many federal laws, regulations, and policies play a pivotal role in managing security and privacy within CMS. They shape governance and compliance standards and are crucial in defining how security and privacy are upheld across the organization.