|
The CMS Information Security Program is constantly updating our Policies, Standards, Procedures, Tools and Templates in order to keep pace with the myriad of new Laws, Regulations, Policies and other Guidance which affects CMS' program. The items below are new or have been revised in the past 6 months. All of the documents may be found by clicking on the "Info Security Library" link on the left hand menu or the downloads section below. Laws - none Regulations - none DHHS Policy/Standards/Procedures/Guides/Templates - none CMS Policy - none CMS Standards - 8/31/2010 v1.0 Acceptable Risk Safeguards (ARS)
- 8/31/2010 v1.0 ARS Appendix A CMS Minimum Security Requirements (CMSR) High Impact level Data
- 8/31/2010 v1.0 ARS Appendix B CMS Minimum Security Requirements (CMSR) Moderate Impact Level Data
- 8/31/2010 v1.0 ARS Appendix C CMS Minimum Security Requirements (CMSR) Low Impact Level Data
- 8/31/2010 v1.0 ARS Appendix D CMS Minimum Security Requirements (CMSR) e-Authentication Standard
- 2/04/2010 v4.0 Minimum Security Configuration Standards for Operating Systems
CMS Procedures - 2/19/2009 v2.0 Assessment Procedure
- 3/19/2009 v5.0 Assessment Reporting Procedure
- 3/19/2009 v4.0 Information Security (IS) Risk Assessment (RA) Procedure
- 3/19/2009 v4.0 System Security Plan (SSP) Procedure
CMS Guidelines & Tools - 1/15/2009 (loaded 7/10/2009) v1.6 Enterprise User Administration (EUA) CMS Access Administrator (CAA) Guide
- 3/19/2009 v4.0 System Security Plan (SSP) Workbook Main
- 3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix A High Impact Level Data
- 3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix B Moderate Impact Level Data
- 3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix C Low Impact Level Data
- 3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix D Level 1 e-Authentication
- 3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix E Level 2 e-Authentication
- 3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix F Level 3 e-Authentication
- 3/19/2009 v4.0 System Security Plan (SSP) Workbook Appendix G Level 4 e-Authentication
- 3/8/2009 v4.0 Terms, Definitions & Acronyms
- 3/8/2009 v2.0 White Paper 01 - Introduction
- 3/8/2009 v2.0 White Paper 02 - Logical Access
- 3/8/2009 v2.0 White Paper 03 - Entity Wide Security
- 3/8/2009 v2.0 White Paper 04 - Programmer Access
- 3/8/2009 v2.0 White Paper 05 - Change Management
- 3/8/2009 v2.0 White Paper 06 - Configuration Templates
- White Paper 07 - retired
- 3/8/2009 v2.0 White Paper 08 - Direct Access
- 3/8/2009 v2.0 White Paper 09 - Mainframe Operating Systems
- 3/8/2009 v2.0 White Paper 10 - Resource Access Control Facility (RACF)
- 3/8/2009 v2.0 White Paper 11 - Access Control Facility (ACF) 2
- 3/8/2009 v2.0 White Paper 12 - Top Secret
- 3/8/2009 v2.0 White Paper 13 - System Control Facility (SCF) and SuperOp
- 3/8/2009 v2.0 White Paper 14 - User Access
- 3/8/2009 v2.0 White Paper 15 - Security violation Monitoring
- 3/8/2009 v2.0 White Paper 16 - Audits
CMS Forms & Templates - 3/19/2009 v1.0 Application Finding Report Template
- 3/19/2009 v2.0 Assessment Plan Template
- 3/19/2009 v1.0 Infrastructure Finding Report Template
- 5/7/2009 v3.1 Information Security (IS) Risk Assessment (RA) Template
- 3/30/2009 ISSO Appointment Template
- 4/28/2009 v1.0 Memorandum of Understanding (MOU) Template
- 5/26/2009 v3.1 Rules of Behavior (ROB) for Connection to CMS
- 5/7/2009 v3.1 System Security Plan (SSP) Template
- 3/19/2009 v4.0 Test Scripts Main
- 3/19/2009 v4.0 Test Scripts Appendix A High Impact Level Data Assessments
- 3/19/2009 v4.0 Test Scripts Appendix B Moderate Impact Level Data Assessments
- 3/19/2009 v4.0 Test Scripts Appendix C Low Impact Level Data Assessments
| Downloads | There are no downloads
| | Related Links Inside CMS |
Info Security Library
| | Related Links Outside CMS |  |
There are no Related Links Outside CMS
|
Page Last Modified: 07/22/2011 1:44:48 PM
Help with File Formats and Plug-Ins
Submit Feedback
|
