Skip to Main Content

Information Security and Privacy Library

The Information Security and Privacy Library is intended to serve as a one-stop resource for all of your information security needs.  The library contains a comprehensive listing of policy guidance, standards, regulations, laws, and other documentation related to the CMS Information Security and Privacy Program.  Use the convenient search tool below to quickly locate relevant policies, procedures and guidelines.

If you experience any difficulties in finding the appropriate document or have a general security question, please feel free to send an email to the CISO Team at CISO@cms.hhs.gov.

Loading

Title Version Date
ROB for Connection to CMS 7.2 2015-04-01
Business Partner System Security Manual (BPSSM) As Amended Current
SSP Procedure 1.1 08/31/2010
Security Certification Form Template 4.0 2015-10-16
RMH Vol III Standard 3-2 Cloud Computing 1.0 05/03/2011
RMH Vol III Standard 3-1 Authentication 1.3 2014-04-17
RMH Vol II Procedure 1-1 Accessing CFACTS 1.0 04/21/2011
Assessments - Application Finding Report Template 1.0 03/19/2009
Assessment Plan Template 2.0 03/19/2009
Authorization To Operate Package Guide N/A 2016-11-01
System Retirement Memo Template N/A 2016-12-07
Policy for Desktop-Laptop Resources 04-02 12/08/2008
Risk Assessment Procedure 1.0 03/19/2009
SSP Template N/A 2016-02-04
ISSO Appointment Template 1.0 2016-08-11
Risk Assessment Template 4.0 2016-03-14
Assessments - Infrastructure Finding Report Template 1.0 03/19/2009
Assessment Reporting Procedure 5.0 03/19/2009
Assessment Procedure 2.0 03/19/2009
Memorandum of Understanding (MOU) Template 1.1 2013-05-23
Interconnection Security Agreement (ISA)Template 1.1 2013-05-23
Application for Access to CMS Computer Systems 09/2005 09/01/2005
RMH Vol II Procedure 6-3 Security Information Review 1.0 2012-09-04
RMH Vol II Procedure 4-2 Documenting Security Controls in CFACTS 1.0 02/13/2012
RMH Vol II Procedure 5-6 Documenting Security Control Effectiveness in CFACTS 1.1 2013-09-18
RMH Vol II Procedure 7-3 CMS Annual Attestation Procedure 1.3 2014-02-03
CMS Information Security Risk Acceptance Template N/A 2016-10-05
RMH Vol I Chapter 10 CMS Risk Management Terms, Definitions, and Acronyms 1 2012-07-13
Tool: System Categorization Worksheet N/A 2013-05-03
RMH Vol II Procedure 7-8 Key Updates Procedure 1.0 08/17/2012
RMH Vol I Chapter 01 Risk Management in the XLC 1.0 2012-11-08
Tool: Breach Harm Assessment 1.0 2013-01-07
CMS Information Security Contract Clause / Provision 1.0 2013-04-09
Risk Management Framework Overview 1.0 2013-09-23
RMH Vol III Standard 4-3 Non-Standard Account Authenticator Management 1.0 2013-10-30
RMH Vol III Standard 4-4 Contingency Planning 1.0 2014-02-28
RMH Vol II Procedure 3-3 Common Control Identification 1.0 2014-06-25
RMH Vol III Standard 7-2 Security Impact Analysis 1.0 2014-06-25
CISO Memorandum 14-02 – CMS Cloud Computing and Federal Risk and Authorization Management Program Guidance N/A 2014-07-10
RMH Vol II Procedure 4-4 Contingency Plan Development 1.0 2014-11-06
RMH Vol II Procedure 4-5 Contingency Plan Exercise 1.0 2014-11-06
Policy for Cloud Computing N/A 2016-05-13
HHS Departmental Security Policy and Standard Waiver Form As Amended Current
OWA VPN FAQ 3.0 2015-07-02
HHS End of Life Operating Systems, Software, and Applications Policy, Updated N/A Current
RMH Vol III Standard 6-2 Plan of Action and Milestones Process Guide 1.0 2015-11-05
CMS Information Systems Security and Privacy Policy (IS2P2) 1.0 2016-04-26
HHS PIA/PTA Training N/A 2016-05-10
CIO Directive 16-02 CMS Security of Federal Tax Information N/A 2016-06-02
Use of Government Furnished Equipment (GFE) During Foreign Travel As Amended Current
HHS Standard for Encryption of Computing Devices and Information As Amended Current
RMH Chapter 08 Incident Response 1.1 2017-08-16
RMH Chapter 12 Security and Privacy Planning 1.0 1/31/2017
ARS 2.0 2.0 1/31/2017
Warning Banner N/A 2017-03-15
ARS 3.0 Moderate Differential Analysis 1.3 2017-04-26
ARS 3.0 High Differential Analysis 1.2 2017-04-26
ARS 3.0 Low Differential Analysis 1.1 2017-04-26
ISPG Training Calendar 1.5 2017-07-24
RMH Chapter 08 Incident Response Appendix K - Incident Report Template 1.2 2017-07-25
ARS 3.1 Publication 3.1 2017-11-21
CMS Required Control Baselines Quick Reference Guide (QRG) 1.1 2017-12-05