|
Contractor Integrated Security Suite (CISS) (previously know as the CAST) is the tool utilized by Medicare Business Partners for performing annual information security self assessments and for updating the quarterly corrective action plans (CAP). CISS User Guide provides the step-by-step instructions for using the CISS tool. CMS Information Security Contingency Planning (CP) Template is the standard format required for documenting Application Contingency Plans for CMS information systems. The is a complementary document to the CMS IS Application Contingency Planning Procedure. All CMS General Support Systems (GSS) must use NIST SP 800-34 for Contingency Planning and reporting format. CMS Information Security Interconnection Security Agreement (ISA) Template is used to meet Federal policy requirements for agencies to develop ISAs between their information systems and networks and the external systems and networks to which they connect. NIST SP 800-47 states: "A system that is approved by an ISA for interconnection with one organization's system shall meet the protection requirements equal to, or greater than, those implemented by the other organization's system." The guidelines establish information security (IS) measures that shall be taken to protect the connected systems and networks and shared data. This is required, if applicable, to be included with the respective SSPs. CMS Information Security and Privacy Legislation Resource identifies the current and potential legal requirements facing CMS in information security. Implications of enacted and pending Bills for CMS have been included with each entry. CMS Information Security Guidebook for Audits is a compilation of the various types of audits and reviews which may be performed at CMS contractor locations. This guide is meant to provide additional information on site selection criteria, audit steps and objectives, documentation requirements, the types of employees which will need to be interviewed, as well as space and equipment requirements for CFO audits, Section 912 Reviews, SAS 70 type II audits and Penetration/EVA testing. CMS Information Security Memorandum of Understanding (MOU) Template is the required format for the interconnection of systems within the same secure network (i.e. within the same GSS). This is required, if applicable, to be included with the respective SSPs. CMS Information Security Plan of Action & Milestones (POA&M) Guidelines provides CMS management and Business Owners with the necessary information and instructions for developing, maintaining and reporting their weaknesses in IS as it relates to a specific information system. CMS Information Security System Compliance & Reference Chart provides a consolidated list of all the Artifacts/Activities that are required to be completed by a Business Owner of a CMS information system, the required frequency of such completion and links to the references and supporting documentation. CMS Information Security Terms & Definitions provides a consolidated listing of terms used by the CMS IS program. CMS Information Security Threat ID Resource presents examples of a broad view of the risk environment in which CMS operates today in order to assist system owners and developers in documenting an information system risk assessment. CMS Information Security Threat ID Workbook provides guidance in identifying some of the risks that may affect the development or modification of a CMS information system. CMS RA and SSP Guidance - explains and provides helpful tips and examples for completing the information security RA and SSP templates.
Page Last Modified: 12/10/2008 2:17:42 PM
Help with File Formats and Plug-Ins
Submit Feedback
|
Email
Print