Links are provided below for the following CMS information security procedures documents. CMS Information Security Application Contingency Plan Procedure - is promulgated under the legislative requirements set forth in the FISMA and the guidelines established by the NIST SP 800-34. The completion of a CP applies to all CMS applications except where an application is included as part of a General Support System (GSS) CP and/or GSS Disaster Recovery Plan (DRP). The Business Owner of every application within the CMS enterprise is required to ensure that a CP is implemented and maintained to reduce risks to reasonable and appropriate levels and to comply with business continuity priorities, applicable laws, regulations, and policies. CMS Information Security Certification & Accreditation (C&A) Procedure - provides the procedures that ensure consistency in the evaluation of security controls, facilitates security accreditation decisions and identifies and defines principle IS C&A roles and responsibilities. The CMS IS C&A procedures is independent of the Life-Cycle status of the system. CMS Information Security Incident Handling Procedure - provides the systematic approach for handling information or information system suspected or actual incidents and the steps for resuming business operations while still preserving the incident's forensic information for further analysis and potential law enforcement/legal action. CMS Information Security Testing Approach establishes a formal standard for the scoping, planning, performing, documenting and managing of information security testing of all CMS information systems conducted by CMS personnel and / or contractors.
Page Last Modified: 11/25/2008 5:06:34 PM
Help with File Formats and Plug-Ins
Submit Feedback
|