Information System Security Officer (ISSO)

​​​The ​​CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition. 

​The ​​CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition. 

The migration to AWS cloud is coming to completion. Here’s what you need to know about the new link and authentication flow for this new environment. 

The ​​CFACTS application is migrating to AWSCloud for better performance and efficiency. The updated system is known as CFACTS-Cloud. We will be posting updates regularly to help you navigate this transition. 

You can now explore CFACTS-Cloud, preview new enhancements, and test new features. 

Why is database scanning important?

CMS databases and large data stores are a prime target for attackers because of the volume of sensitive information stored on CMS systems. That includes personally identifiable information (PII), protected health information (PHI), provider and beneficiary information, and intellectual property. 

Scanning databases and large data stores helps protect the databases and mitigate risks, enhancing the overall security profile of CMS systems. This is part of the process known as Vulnerability Management (VM).

In the digital age, where every household gadget can connect to the internet, cybersecurity is no longer just an individual concern—it's a family affair. From toddlers who can navigate a tablet before they can walk to grandparents who've embraced video calling with gusto, everyone's online. This interconnectedness, while bringing families closer, also opens up new vulnerabilities to cyber-attacks. Here’s how families can navigate the complex web of digital safety together.
Understanding the Challenge

Background

Many federal laws, regulations, and policies play a pivotal role in managing security and privacy within CMS. They shape governance and compliance standards and are crucial in defining how security and privacy are upheld across the organization.

Why is the ISPG website (CyberGeek) open to the public?

When we set out to provide one authoritative home for CMS security and privacy information, ISPG leadership decided to make this information “public if possible”. That means instead of putting things behind a CMS login barrier by default, we go through a careful process to determine whether the information can safely be made public. If so, it is published here on our website. There are many benefits to this approach:

What is cryptographic agility?

Cryptographic agility, also called cryptoagility, is the ability for a system to quickly and easily change parts of their encryption mechanism(s).  This encompasses changing encryption keys, key lengths, encryption algorithms used, and even changing the libraries used to perform the encryption.  

How to submit a support request 

You can now submit an inquiry or support request by using the portal here. (Tip: Bookmark this page for easy access.) 

On the support portal, you’ll need to provide: 

The System Security and Privacy Plan (SSPP) is a collection of information associated with the FISMA system security. The SSPP provides an accurate, detailed description of the FISMA system itself, its security requirements, and the controls that are in place to protect the system.

We are announcing a subtle yet important change - the name has been updated from SSP to SSPP.