Spotlight Information Security

Content Section

The CMS Information Security Program is constantly updating our Policies, Standards, Procedures, Tools and Templates in order to keep pace with the myriad of new Laws, Regulations, Policies and other Guidance which affects CMS' program. The items below are new or have been revised in the past 6 months. All of the documents may be found by clicking on the "Info Security Library" link on the left hand menu or the downloads section below.

Laws - none

Regulations - none

DHHS Policy/Standards/Procedures/Guides/Templates - none

CMS Policy - none

CMS Standards

3/19/2009 v4.0 Acceptable Risk Safeguards (ARS)
3/19/2009 v4.0 ARS Appendix A CMS Minimum Security Requirements (CMSR) High Impact level Data
3/19/2009 v4.0 ARS Appendix B CMS Minimum Security Requirements (CMSR) Moderate Impact Level Data
3/19/2009 v4.0 ARS Appendix C CMS Minimum Security Requirements (CMSR) Low Impact Level Data
3/19/2009 v.40 ARS Appendix D CMS Minimum Security Requirements (CMSR) e-Authentication Standard
5/26/2009 v3.1 Minimum Security Configuration Standards for Operating Systems

CMS Procedures

2/19/2009 v2.0 Assessment Procedure
3/19/2009 v5.0 Assessment Reporting Procedure
3/19/2009 v4.0 Information Security (IS) Risk Assessment (RA) Procedure
3/19/2009 v4.0 System Security Plan (SSP) Procedure

CMS Guidelines & Tools

1/15/2009 (loaded 7/10/2009) v1.6 Enterprise User Administration (EUA) CMS Access Administrator (CAA) Guide
3/19/2009 v4.0 System Security Plan (SSP) Workbook Main
3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix A High Impact Level Data
3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix B Moderate Impact Level Data
3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix C Low Impact Level Data
3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix D Level 1 e-Authentication
3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix E Level 2 e-Authentication
3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix F Level 3 e-Authentication
3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix G Level 4 e-Authentication
3/8/2009 v4.0 Terms, Definitions & Acronyms
3/8/2009 v2.0 White Paper 01 - Introduction
3/8/2009 v2.0 White Paper 02 - Logical Access
3/8/2009 v2.0 White Paper 03 - Entity Wide Security
3/8/2009 v2.0 White Paper 04 - Programmer Access
3/8/2009 v2.0 White Paper 05 - Change Management
3/8/2009 v2.0 White Paper 06 - Configuration Templates
White Paper 07 - retired
3/8/2009 v2.0 White Paper 08 - Direct Access
3/8/2009 v2.0 White Paper 09 - Mainframe Operating Systems
3/8/2009 v2.0 White Paper 10 - Resource Access Control Facility (RACF)
3/8/2009 v2.0 White Paper 11 - Access Control Facility (ACF) 2
3/8/2009 v2.0 White Paper 12 - Top Secret
3/8/2009 v2.0 White Paper 13 - System Control Facility (SCF) and SuperOp
3/8/2009 v2.0 White Paper 14 - User Access
3/8/2009 v2.0 White Paper 15 - Security violation Monitoring
3/8/2009 v2.0 White Paper 16 - Audits

CMS Forms & Templates

3/19/2009 v1.0 Application Finding Report Template
3/19/2009 v2.0 Assessment Plan Template
3/19/2009 v1.0 Infrastructure Finding Report Template
5/7/2009 v3.1 Information Security (IS) Risk Assessment (RA) Template
3/30/2009 ISSO Appointment Template
4/28/2009 v1.0 Memorandum of Understanding (MOU) Template
5/26/2009 v3.1 Rules of Behavior (ROB) for Connection to CMS
5/7/2009 v3.1 System Security Plan (SSP) Template
3/19/2009 v4.0 Test Scripts Main
3/19/2009 v4.0 Test Scripts Appendix A High Impact Level Data Assessments
3/19/2009 v4.0 Test Scripts Appendix B Moderate Impact Level Data Assessments
3/19/2009 v4.0 Test Scripts Appendix C Low Impact Level Data Assessments

Downloads
There are no downloads
Related Links Inside CMS
Info Security Library
Related Links Outside CMS
There are no Related Links Outside CMS

Page Last Modified: 07/10/2009 2:56:43 PM
Help with File Formats and Plug-Ins

Submit Feedback