CMS Privacy Impact Assessment (PIA) Handbook
What is the purpose of a Privacy Impact Assessment (PIA)?
A Privacy Impact Assessment (PIA) is an analysis of how personally identifiable information (PII) is collected, used, shared, and maintained. The purpose of a PIA is to demonstrate that system owners have consciously incorporated privacy protections within their systems for information supplied for by the public.
CMS Plan of Action and Milestones (POA&M) Handbook
What is a POA&M?
A Plan of Action and Milestones (POA&M) is a corrective action plan that tracks system weakness and allows System Owners and ISSOs to create a plan to resolve the identified weaknesses over time. A POA&M provides details about the personnel, technology, and funding required to accomplish the elements of the plan, milestones for correcting the weaknesses, and scheduled completion dates for the milestones.
CMS Information System Security Officer (ISSO) Handbook
Introduction
This handbook gives practical guidance to Information System Security Officers (ISSO)s at CMS when performing their necessary tasks. It helps new ISSOs get started and explains the responsibilities, resources, and organizational relationships needed for an ISSO to be successful.