CMS Information Security Acronyms is the reference document containing all the commonly used information security acronyms at the CMS.

CMS Information Security and Privacy Legislation Resource identifies the current and potential legal requirements facing CMS in information security.  Implications of enacted and pending Bills for CMS have been included with each entry. 

CMS Information Security Guidebook for Audits is a compilation of the various types of audits and reviews which may be performed at CMS contractor locations.  This guide is meant to provide additional information on site selection criteria, audit steps and objectives, documentation requirements, the types of employees which will need to be interviewed, as well as space and equipment requirements for CFO audits, Section 912 Reviews, SAS 70 type II audits and Penetration/EVA testing.

CMS Information Security Plan of Action & Milestones (POA&M) Guidelines provides CMS management and Business Owners with the necessary information and instructions for developing, maintaining and reporting their weaknesses in IS as it relates to a specific information system.

CMS Information Security System Compliance & Reference Chart provides a consolidated list of all the Artifacts/Activities that are required to be completed by a Business Owner of a CMS information system, the required frequency of such completion and links to the references and supporting documentation.  

CMS Information Security Terms & Definitions provides a consolidated listing of terms used by the CMS IS program.

CMS Integrated Security Suite (CISS) (previously know as the CAST) is the tool utilized by Medicare Business Partners for performing annual information assessments and for updating the quarterly corrective action plans (CAP).

CISS User Guide provides the step-by-step instructions for using the CISS tool.  

FIPS 199 Crosswalk - CMS Security Categories by Information Type - CMS has defined twelve data information types processed by CMS information systems. For each information type, CMS has used FIPS Publication 199 to determine its associated security category by evaluating the potential impact value, e.g. High, Moderate or Low, for each of the three security objectives, namely, confidentiality, integrity and availability. The resultant security categorization is leveraged to establish a high water mark, i.e., CMS System Security Level, for each of these information types. The CMS System Security Level for each FISMA system family is established by the highest application system security level processed within the family.

Downloads
All Downloads are available in the "Info Security Library" link on the left hand menu
Related Links Inside CMS
Info Security Library
Related Links Outside CMS
There are no Related Links Outside CMS

Page Last Modified: 05/27/2009 3:18:11 PM
Help with File Formats and Plug-Ins