CMS Information Security and Privacy Overview

CMS Information Security and Privacy Overview

"Holding Ourselves to a Higher Standard"

What is the Information Security and Privacy Group (ISPG)?

The Information Security and Privacy Group (ISPG) is within the CMS Office of Information Technology (OIT). ISPG provides the policies, programs, and services that support system authorization and compliance, cyber risk management, and a security awareness culture at CMS. It’s our job to protect the sensitive data provided to CMS by the millions of Americans who entrust us with their personal and healthcare information.


At ISPG we serve as the gatekeepers of information security, working with many people across CMS (both federal employees and contractors) throughout a system’s lifecycle – from the moment a new system idea is submitted for consideration, all the way through to its authorization, operation, and retirement. It’s our goal to help you along the way – not to slow you down – as you work on your piece of the innovative service delivery that CMS provides to the public.


In 2023, ISPG launched CyberGeek, a website designed to be a one-stop resource for everything related to information security and privacy at CMS. The site was created to be searchable and user-friendly, making cybersecurity more approachable for CMS stakeholders, contractors, and staff. The site includes:


  • Compliance requirements and security policies specific to CMS FISMA systems
  • Handbooks and procedural guidance to help people accomplish their tasks
  • Innovative programs that support a proactive risk management approach at CMS
  • Role-based information to help our various customers quickly find what they need
  • Links to related programs, tools, and services (both from ISPG and other groups)
  • Latest news, events, and updates on CMS security and privacy topics
Page Last Modified:
11/21/2023 06:29 PM