U S Department of Health and Human Services Improving the health, safety and well-being of America
  CMS Home > Research, Statistics, Data and Systems > Information Security > Standards

Standards

These standards document the actions which must be followed by all CMS information Business Owners.  Any standards which cannot be followed due to technical constraints, lack of resources, etc., must be documented in the CMS IS RA for the system and the mitigating controls associated with the vulnerability must also be documented.  See the "Info Security Library" link below to retrieve any of the listed documents.

CMS Information Security Acceptable Risk Safeguards (ARS) contains a broad set of CMS security controls based upon NIST requirements.  The ARS is periodically revised as a result of the mandate for the annually review of NIST Special Publication (SP) 800-53, Recommended Security Controls for Federal Information Systems.  With the release of the Version 4.0 dated March 19, 2009, the ARS has been reformed similar to the Core Security Requirements (CSRs) which were contained in the Business Partner System Security Manual (BPSSM).  They have been renamed to CMS Minimum Security Requirements (CMSR) and the CSRs will no longer be contained in the BPSSM version 10, due for release in the 3rd quarter of Fiscal Year 2009.  The ARS has the following four (4) Appendices:

        Appendix A CMSR for High Impact Level Data

        Appendix B CMSR for Moderate Impact Level Data

        Appendix C CMSR for Low Impact Level Data

        Appendix D e-Authentication Standard

Compliance with the standards must be documented in the respective System Security Plan and partial or non-compliance with these standards must be documented in the system's IS RA. The ARS also includes the standards for the HIPAA, IRS 1075 (Federal Tax Information) and Personally Identifiable Information (PII).

CMS System Security Levels - establishes common criteria for security levels by information category.  

Downloads

Select the "Info Security Library" link below for the downloads

Related Links Inside CMS

Info Security Library

Related Links Outside CMSExternal Linking Policy

There are no Related Links Outside CMS

 

Page Last Modified: 07/10/2009 2:43:12 PM
Help with File Formats and Plug-Ins

Submit Feedback




www4