Transcription of CMS Information Security Requirements
{{id}} {{{paragraph}}}
1 CMS Information Security 1 Information Security The Federal Information Security Management Act of 2002 (Public Law 107-347) (FISMA) requires each agency to develop, document, and implement an agency-wide Information Security program to safeguard Information and Information systems that support the operations and assets of the agency, including those provided or managed by another agency, (including Subcontractors) or other source on behalf of an agency. That is, agency Information Security programs apply to all organizations (sources) which have physical or electronic access to a Federal agency s computer systems, networks, or IT infrastructure; or use Information systems to generate, store, process, or exchange data with a Federal agency, or on behalf of a Federal agency, regardless of whether the data resides on a Federal Agency or a Contractor s Information system.
Technology/InformationSecurity) is used to determine the information system security level. However, additional security control requirements may be required based on the specific type of data available within the system. For information identified as PII, PHI, and/or FTI, the additional security and privacy requirements listed in the ARS manual
Domain:
Source:
Link to this page:
Please notify us if you found a problem with this document:
{{id}} {{{paragraph}}}