Risk Management Handbook Chapter 14: Risk Assessment (RA)
Introduction
The Centers for Medicare & Medicaid Services (CMS) Risk Management Handbook (RMH) Chapter 14: Risk Assessment provides the procedures for implementing the requirements of the CMS Information Systems Security and Privacy Policy (IS2P2) and the CMS Acceptable Risk Safeguards (ARS). This document describes procedures that facilitate the implementation of security controls associated with the Risk Assessment (RA) family of controls. To promote consistency among all RMH Chapters, CMS intends for Chapter 14.
Risk Management Handbook Chapter 13: Personnel Security (PS)
Introduction
The Risk Management Handbook Chapter 13: Personnel Security discusses how the organization must: ensure that individuals occupying positions of responsibility within organizations (including third-party service providers) are trustworthy and meet established security criteria for those positions prior to issuing any security credentials or providing authorized access to Federal information systems; ensure that organizational information and information systems are protected during and after personnel actions such as terminations and transfers; and employ formal sanction
Risk Management Handbook Chapter 12: Security & Privacy Planning (PL)
Introduction
This Handbook outlines procedures to help CMS staff and contractors implement the Security & Privacy Planning family of controls taken from the National Institute of Standards and Technology (NIST) Special Publication 800-53 and tailored to the CMS environment in the CMS Acceptable Risk Safeguards (ARS). For more guidance on how to implement CMS policies and standards across many cybersecurity topics, see the CMS Security and Privacy Handbooks.
RMH Chapter 11: Physical & Environmental Protection
Introduction
This Handbook outlines procedures to help CMS staff and contractors implement the Physical and Environmental Protection family of controls taken from the National Institute of Standards and Technology (NIST) Special Publication 800-53 and tailored to the CMS environment in the CMS Acceptable Risk Safeguards (ARS). For more guidance on implementing CMS policies and standards across many cybersecurity topics, see the CMS Security and Privacy Handbooks.
Risk Management Handbook Chapter 9: Maintenance (MA)
Introduction
This Handbook outlines procedures to help CMS staff and contractors implement the Maintenance family of controls taken from the National Institute of Standards and Technology (NIST) Special Publication 800-53 and tailored to the CMS environment in the CMS Acceptable Risk Safeguards (ARS). For more guidance on how to implement CMS policies and standards across many cybersecurity topics, see the CMS Security and Privacy Handbooks.
Risk Management Handbook Chapter 8: Incident Response (IR)
Introduction
RMH Chapter 8 Incident Response documents the controls that focus on how the organization must: establish an operational incident handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities; and track, document, and report incidents to appropriate organizational officials and/or authorities. Procedures addressed include incident response training, incident response testing, incident handling, monitoring and reporting, and information spillage response.
Risk Management Handbook Chapter 5: Configuration Management (CM)
Introduction
This Handbook outlines procedures to help CMS staff and contractors implement the Configuration Management family of controls taken from the National Institute of Standards and Technology (NIST) Special Publication 800-53 and tailored to the CMS environment in the CMS Acceptable Risk Safeguards (ARS). For more guidance on how to implement CMS policies and standards across many cybersecurity topics, see the CMS Security and Privacy Handbooks.
RMH Chapter 4: Security Assessment & Authorization
Introduction
This chapter of the Risk Management Handbook (RMH) covers the Security Assessment and Authorization family of controls. It describes procedures that help you meet the security and privacy requirements for this control family. Each procedure is labeled with the associated NIST controls using the control number from the CMS ARS.
Risk Management Handbook Chapter 2: Awareness and Training (AT)
Introduction
This chapter of the Risk Management Handbook (RMH) covers the Awareness and Training (AT) family of controls. It describes procedures that help you meet the security and privacy requirements for this control family. Each procedure is labeled with the associated NIST controls using the control number from the CMS IS2P2.