|
Contractor Integrated Security Suite (CISS) (previously know as the CAST) is the tool utilized by Medicare Business Partners for performing annual information security self assessments and for updating the quarterly corrective action plans (CAP). CISS User Guide provides the step-by-step instructions for using the CISS tool. CMS Information Security Interconnection Security Agreement (ISA) Template is used to meet Federal policy requirements for agencies to develop ISAs between their information systems and networks and the external systems and networks to which they connect. NIST SP 800-47 states: "A system that is approved by an ISA for interconnection with one organization's system shall meet the protection requirements equal to, or greater than, those implemented by the other organization's system." The guidelines establish information security (IS) measures that shall be taken to protect the connected systems and networks and shared data. CMS Contingency Planning (CP) Tabletop Testing is required to be done annually for each CMS application with the primary objective of the tabletop test to ensure designated personnel are knowledgeable and capable of performing the notification/activation requirements and procedures as outlined in the CP, in a timely manner. To assist in the development of a tabletop test, a comprehensive package for creating the test plan and recording its results in an after-action report is provided below. CMS Information Security and Privacy Legislation Resource identifies the current and potential legal requirements facing CMS in information security. Implications of enacted and pending Bills for CMS have been included with each entry. CMS Information Security Guidebook for Audits is a compilation of the various types of audits and reviews which may be performed at CMS contractor locations. This guide is meant to provide additional information on site selection criteria, audit steps and objectives, documentation requirements, the types of employees which will need to be interviewed, as well as space and equipment requirements for CFO audits, Section 912 Reviews, SAS 70 type II audits and Penetration/EVA testing. CMS Information Security Plan of Action & Milestones (POA&M) Guidelines provides CMS management and Business Owners with the necessary information and instructions for developing, maintaining and reporting their weaknesses in IS as it relates to a specific information system. CMS Information Security System Compliance & Reference Chart provides a consolidated list of all the Artifacts/Activities that are required to be completed by a Business Owner of a CMS information system, the required frequency of such completion and links to the references and supporting documentation. CMS Information Security Terms & Definitions provides a consolidated listing of terms used by the CMS IS program CMS Information Security Threat ID Resource presents examples of a broad view of the risk environment in which CMS operates today in order to assist system owners and developers in documenting an information system risk assessment. CMS Information Security Threat ID Workbook provides guidance in identifying some of the risks that may affect the development or modification of a CMS information system. CMS RA and SSP Guidance - explains and provides helpful tips and examples for completing the information security RA and SSP templates.
Page Last Modified: 08/26/2008 2:09:42 PM
Help with File Formats and Plug-Ins
Submit Feedback
|
Email
Print