Skip to Main Content

Information Security and Privacy Library

The Information Security and Privacy Library is intended to serve as a one-stop resource for all of your information security needs.  The library contains a comprehensive listing of policy guidance, standards, regulations, laws, and other documentation related to the CMS Information Security and Privacy Program.  Use the convenient search tool below to quickly locate relevant policies, procedures and guidelines.

If you experience any difficulties in finding the appropriate document or have a general security question, please feel free to send an email to the CISO Team at CISO@cms.hhs.gov.

Loading

Title Version Date
ROB for Connection to CMS 7.2 2015-04-01
Business Partner System Security Manual (BPSSM) As Amended Current
SSP Procedure 1.1 08/31/2010
SSP Workbook App G Level 4 e-Authentication 1.5 07/31/2012
SSP Workbook App F Level 3 e-Authentication 1.5 07/31/2012
SSP Workbook App E Level 2 e-Authentication 1.5 07/31/2012
SSP Workbook App D Level 1 e-Authentication 1.5 07/31/2012
Security Certification Form Template 3.0 2014-04-08
ARS Appendix A CMSR High Impact Level Data 2.0 2013-09-20
Master Security Plan 6.0 06/25/2010
Policy for the Information Security Program 4.0 08/31/2010
ARS 2.0 2013-09-20
ARS Appendix B CMSR Moderate Impact Level Data 2.0 2013-09-20
ARS Appendix D CMSR e-Authentication Standard 2.0 2013-09-20
ARS Appendix C CMSR Low Impact Level Data 2.0 2013-09-20
SSP Workbook Main 1.5 07/31/2012
RMH Vol III Standard 3-2 Cloud Computing 1.0 05/03/2011
RMH Vol III Standard 3-1 Authentication 1.3 2014-04-17
RMH Vol II Procedure 1-1 Accessing CFACTS 1.0 04/21/2011
Incident Handling Template .22 2015-03-25
Assessments - Application Finding Report Template 1.0 03/19/2009
Assessment Plan Template 2.0 03/19/2009
Authorization To Operate Package Guide 3.0 12/01/2011
System Retirement Memo Template N/A 07/26/2012
Tool: CFACTS Intake Form 1.0 2012-11-02
Policy for Desktop-Laptop Resources 04-02 12/08/2008
Risk Assessment Procedure 1.0 03/19/2009
SSP Template 3.1 05/07/2009
ISSO Appointment Template N/A 09/04/2012
Risk Assessment Template 3.1 05/07/2009
Assessments - Infrastructure Finding Report Template 1.0 03/19/2009
Assessment Reporting Procedure 5.0 03/19/2009
Assessment Procedure 2.0 03/19/2009
Memorandum of Understanding (MOU) Template 1.1 2013-05-23
Interconnection Security Agreement (ISA)Template 1.1 2013-05-23
Application for Access to CMS Computer Systems 09/2005 09/01/2005
Policy for Information Security and Privacy 02 04/11/2013
RMH Vol II Procedure 2-6 Information System Description 1.0 2012-09-14
RMH Vol II Procedure 6-3 Security Information Review 1.0 2012-09-04
RMH Vol II Procedure 4-2 Documenting Security Controls in CFACTS 1.0 02/13/2012
RMH Vol II Procedure 5-6 Documenting Security Control Effectiveness in CFACTS 1.1 2013-09-18
RMH Vol II Procedure 6-2 POA&M Management 1.01 07/17/2012
RMH Vol II Procedure 7-3 CMS Annual Attestation Procedure 1.3 2014-02-03
CMS Information Security Risk Acceptance Template As Amended Current
RMH Vol I Chapter 10 CMS Risk Management Terms, Definitions, and Acronyms 1 2012-07-13
Tool: System Categorization Worksheet N/A 2013-05-03
RMH Vol II Procedure 2-3 Categorizing an Information System 1.2 2013-04-23
RMH Vol II Procedure 7-8 Key Updates Procedure 1.0 08/17/2012
RMH Vol I Chapter 01 Risk Management in the XLC 1.0 2012-11-08
RMH Vol III Standard 7-1 Incident Handling 1.0 2012-12-06
RMH Vol II Procedure 7-2 Incident Handling Procedure 1.0 2012-12-06
Tool: Breach Harm Assessment 1.0 2013-01-07
CMS Information Security Contract Clause / Provision 1.0 2013-04-09
Risk Management Framework Overview 1.0 2013-09-23
RMH Vol III Standard 4-3 Non-Standard Account Authenticator Management 1.0 2013-10-30
ARS Current Version UNOFFICIAL Redlines 2.0 2013-09-20
RMH Vol III Standard 4-4 Contingency Planning 1.0 2014-02-28
ISPG Awareness and Training Calendar 1.9 2015-05-05
RMH Vol II Procedure 3-3 Common Control Identification 1.0 2014-06-25
RMH Vol III Standard 7-2 Security Impact Analysis 1.0 2014-06-25
CISO Memorandum 14-02 – CMS Cloud Computing and Federal Risk and Authorization Management Program Guidance N/A 2014-07-10
Information Systems Security and Privacy Awareness Training 2014 2014-11-06
RMH Vol II Procedure 4-4 Contingency Plan Development 1.0 2014-11-06
RMH Vol II Procedure 4-5 Contingency Plan Exercise 1.0 2014-11-06
Policy for Cloud Computing 1.0 2014-11-12
HHS Departmental Security Policy and Standard Waiver Form As Amended Current
OWA VPN FAQ 3.0 2015-07-02