publicdata/cms-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cms-gov/security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts
Scott Williams b906a0e722 Initial commit
2025-02-28 14:41:14 -05:00

3 lines
No EOL
389 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" as="image" href="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg" fetchPriority="high"/><link rel="stylesheet" href="/_next/static/css/ef46db3751d8e999.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/0759e90f4fecfde7.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-182b67d00f496f9d.js"/><script src="/_next/static/chunks/fd9d1056-ad09c71b7719f2fb.js" async=""></script><script src="/_next/static/chunks/23-260042deb5df7a88.js" async=""></script><script src="/_next/static/chunks/main-app-6de3c3100b91a0a9.js" async=""></script><script src="/_next/static/chunks/30-49b1c1429d73281d.js" async=""></script><script src="/_next/static/chunks/317-0f87feacc1712b2f.js" async=""></script><script src="/_next/static/chunks/223-bc9ed43510898bbb.js" async=""></script><script src="/_next/static/chunks/app/layout-9fc24027bc047aa2.js" async=""></script><script src="/_next/static/chunks/972-6e520d137ef194fb.js" async=""></script><script src="/_next/static/chunks/app/page-cc829e051925e906.js" async=""></script><script src="/_next/static/chunks/app/template-d264bab5e3061841.js" async=""></script><script src="/_next/static/chunks/e37a0b60-b74be3d42787b18d.js" async=""></script><script src="/_next/static/chunks/904-dbddf7494c3e6975.js" async=""></script><script src="/_next/static/chunks/549-c87c1c3bbacc319f.js" async=""></script><script src="/_next/static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js" async=""></script><link rel="preload" href="/assets/javascript/uswds-init.min.js" as="script"/><link rel="preload" href="/assets/javascript/uswds.min.js" as="script"/><title>CMS FISMA Continuous Tracking System (CFACTS) | CMS Information Security &amp; Privacy Group</title><meta name="description" content="CFACTS is a CMS database that tracks application security deficiencies and POA&amp;Ms, and supports the ATO process"/><link rel="canonical" href="https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts"/><meta name="google-site-verification" content="GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M"/><meta property="og:title" content="CMS FISMA Continuous Tracking System (CFACTS) | CMS Information Security &amp; Privacy Group"/><meta property="og:description" content="CFACTS is a CMS database that tracks application security deficiencies and POA&amp;Ms, and supports the ATO process"/><meta property="og:url" content="https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts"/><meta property="og:image:type" content="image/jpeg"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta property="og:image" content="https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts/opengraph-image.jpg?d21225707c5ed280"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="CMS FISMA Continuous Tracking System (CFACTS) | CMS Information Security &amp; Privacy Group"/><meta name="twitter:description" content="CFACTS is a CMS database that tracks application security deficiencies and POA&amp;Ms, and supports the ATO process"/><meta name="twitter:image:type" content="image/jpeg"/><meta name="twitter:image:width" content="1200"/><meta name="twitter:image:height" content="630"/><meta name="twitter:image" content="https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts/opengraph-image.jpg?d21225707c5ed280"/><link rel="icon" href="/favicon.ico" type="image/x-icon" sizes="48x48"/><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds-init.min.js",{}])</script><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body><a class="usa-skipnav" href="#main">Skip to main content</a><section class="usa-banner" aria-label="Official website of the United States government"><div class="usa-accordion"><header class="usa-banner__header"><div class="usa-banner__inner"><div class="grid-col-auto"><img aria-hidden="true" alt="" loading="lazy" width="16" height="11" decoding="async" data-nimg="1" class="usa-banner__header-flag" style="color:transparent" srcSet="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=16&amp;q=75 1x, /_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75 2x" src="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75"/></div><div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"><p class="usa-banner__header-text">An official website of the United States government</p><p class="usa-banner__header-action">Here&#x27;s how you know</p></div><button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default-default"><span class="usa-banner__button-text">Here&#x27;s how you know</span></button></div></header><div class="usa-banner__content usa-accordion__content" id="gov-banner-default-default" hidden=""><div class="grid-row grid-gap-lg"><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-dot-gov.3e9cb1b5.svg"/><div class="usa-media-block__body"><p><strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States.</p></div></div><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-https.e7f1a222.svg"/><div class="usa-media-block__body"><p><strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> (<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"><title id="banner-lock-title-default">Lock</title><desc id="banner-lock-description-default">Locked padlock icon</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"></path></svg></span>) or <strong>https://</strong> means you&#x27;ve safely connected to the .gov website. Share sensitive information only on official, secure websites.</p></div></div></div></div></div></section><div class="usa-overlay"></div><header class="usa-header usa-header--extended"><div class="bg-primary-dark"><div class="usa-navbar"><div class="usa-logo padding-y-4 padding-right-3" id="CyberGeek-logo"><a title="CMS CyberGeek Home" href="/"><img alt="CyberGeek logo" fetchPriority="high" width="298" height="35" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a></div><button aria-label="Open menu" type="button" class="usa-menu-btn" data-cy="menu-button">Menu</button></div></div><nav aria-label="Primary navigation" class="usa-nav padding-0 desktop:width-auto bg-white grid-container float-none"><div class="usa-nav__inner"><button type="button" class="usa-nav__close margin-0"><img alt="Close" loading="lazy" width="24" height="24" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/close.1fafc2aa.svg"/></button><ul class="usa-nav__primary usa-accordion"><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="roles"><span>Roles</span></button><ul id="roles" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Roles</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/information-system-security-officer-isso">Information System Security Officer (ISSO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook"><span>ISSO Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos"><span>Getting started (for new ISSOs)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-mentorship-program"><span>ISSO Mentorship Program</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#training"><span>ISSO Training</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/data-guardian">Data Guardian</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/data-guardian-handbook"><span>Data Guardian Handbook</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cyber-risk-advisor-cra">Cyber Risk Advisor (CRA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters"><span>Risk Management Handbook (RMH)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/business-system-owner">Business / System Owner (BO/SO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity and Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-service"><span>ISSO As A Service</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="compliance-authorization"><span>Compliance &amp; Authorization</span></button><ul id="compliance-authorization" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Compliance &amp; Authorization</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/authorization-operate-ato">Authorization to Operate (ATO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato"><span>About ATO at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#types-of-authorizations"><span>Types of authorizations</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#ato-stakeholders"><span>ATO stakeholders</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#related-documents-and-resources"><span>ATO tools and resources</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-technical-reference-architecture-tra"><span>CMS Technical Reference Architecture (TRA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/ongoing-authorization-oa">Ongoing Authorization (OA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa"><span>About OA at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa"><span>OA eligibility requirements</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Assessments &amp; Audits</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/security-impact-analysis-sia"><span>Security Impact Analysis (SIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-audits"><span>System Audits</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="policy-guidance"><span>Policy &amp; Guidance</span></button><ul id="policy-guidance" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Policy &amp; Guidance</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cms-policies-and-guidance">CMS Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-acceptable-risk-safeguards-ars"><span>CMS Acceptable Risk Safeguards (ARS)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-systems-security-privacy-policy-is2p2"><span>CMS Information Security and Privacy Policy (IS2P2)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-risk-management-framework-rmf"><span>CMS Risk Management Framework (RMF)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/email-encryption-requirements-cms"><span>CMS Email Encryption</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/federal-policies-and-guidance">Federal Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/national-institute-standards-and-technology-nist"><span>National Institute of Standards and Technology (NIST)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/federal-information-security-modernization-act-fisma"><span>Federal Information Security Modernization Act (FISMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/fedramp"><span>Federal Risk and Authorization Management Program (FedRAMP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="system-security"><span>System Security</span></button><ul id="system-security" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">System Security</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/application-security">Application Security</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/software-bill-materials-sbom"><span>Software Bill of Materials (SBOM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/security-operations">Security Operations</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir"><span>Incident Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/risk-management-and-reporting">Risk Management and Reporting</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/plan-action-and-milestones-poam"><span>Plan of Action and Milestones (POA&amp;M)</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="privacy"><span>Privacy</span></button><ul id="privacy" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Privacy</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Agreements</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Activities</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/breach-response"><span>Breach Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-records-notice-sorn"><span>System of Records Notice (SORN)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Resources</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/ispg/privacy"><span>Privacy at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-breach-response-handbook"><span>CMS Breach Response Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/health-insurance-portability-and-accountability-act-1996-hipaa"><span>Health Insurance Portability and Accessibility Act (HIPAA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-privacy-impact-assessment-pia-handbook"><span>CMS Privacy Impact Assessment (PIA) Handbook</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="tools-services"><span>Tools &amp; Services</span></button><ul id="tools-services" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Tools &amp; Services</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Reporting &amp; Compliance</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/isso-service"><span>ISSO As A Service</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-fisma-continuous-tracking-system-cfacts"><span>CFACTS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports and Dashboards</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">System Security</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-security-data-lake-sdl"><span>CMS Security Data Lake (SDL)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Tests &amp; Assessments</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li></ul></section></div></li></ul></li></ul><div class="usa-nav__secondary padding-left-2"><section aria-label="Header search box"><form class="usa-search usa-search--small" role="search" action="/search"><label class="usa-sr-only" for="header-search-box">Search</label><input class="usa-input search__input" id="header-search-box" type="search" name="ispg[query]"/><button aria-label="header search box button" class="usa-button" id="header-search-box-btn" type="submit"><svg aria-describedby="searchIcon" class="usa-icon" aria-hidden="true" focusable="false" role="img"><title id="searchIcon">Search</title><use href="/assets/img/sprite.svg#search"></use></svg></button></form></section></div></div></nav></header><main id="main"><div id="template"><!--$--><!--/$--><section class="hero hero--theme-explainer undefined"><div class="maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7"><div class="tablet:grid-container position-relative "><div class="hero__row grid-row grid-gap"><div class="tablet:grid-col-5 widescreen:position-relative"></div><div class="hero__column tablet:grid-col-7 flow padding-bottom-2"><h1 class="hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2">CMS FISMA Continuous Tracking System (CFACTS)</h1><p class="hero__description">CFACTS is a CMS database that tracks application security deficiencies and POA&amp;Ms, and supports the ATO process</p><div class="hero__meta radius-lg padding-x-2 padding-y-1 bg-white font-sans-2xs line-height-sans-5 display-inline-block text-primary-darker">Contact: <span class="text-bold">CFACTS Team </span><span class="hidden-mobile"> | </span><span class="break-mobile"><a href="mailto:ciso@cms.hhs.gov">ciso@cms.hhs.gov</a></span></div></div><div class="tablet:position-absolute tablet:top-0"><div class="[ flow ] bg-primary-light radius-lg padding-2 text-base-darkest maxw-mobile"><div class="display-flex flex-align-center font-sans-lg margin-bottom-2 text-italic desktop:text-no-wrap"><img alt="slack logo" loading="lazy" width="21" height="21" decoding="async" data-nimg="1" class="display-inline margin-right-1" style="color:transparent" src="/_next/static/media/slackLogo.f5836093.svg"/>CMS Slack Channel</div><ul class="add-list-reset"><li class="line-height-sans-5 margin-top-0">#cfacts_community</li></ul></div></div></div></div></div></section><div class="grid-container"><div class="grid-row grid-gap margin-top-5"><div class="tablet:grid-col-4"><nav class="table-of-contents overflow-y-auto overflow-x-hidden position-sticky top-3 padding-1 radius-lg shadow-2 display-none tablet:display-block" aria-label="Table of contents"><div class="text-uppercase text-bold border-bottom border-base-lighter padding-bottom-1">Table of Contents</div><p class="text-italic text-base font-sans-xs">No table of content entries to display.</p></nav></div><div class="tablet:grid-col-8 content"><section><div class="text-block text-block--theme-explainer"><h2>What is CFACTS?</h2><p><a href="https://cfacts.cms.gov/">CFACTS</a> stands for <strong>CMS FISMA Continuous Tracking System</strong>. It is a governance, risk, and compliance tool. CMS uses CFACTS across all of its systems to manage information systems security and privacy requirements. It offers a common foundation to manage policies, controls, risks, assessments, and deficiencies.</p><p>Senior-level management uses CFACTS reports to get a clear view of the security posture of all applications within CMS. CFACTS also helps management make better budget and resource decisions.</p><p>CFACTS also makes it easier for the Department of Health and Human Services and OMB to manage required quarterly security posture updates and annual assessments.</p></div><section class="callout callout--type-explainer [ flow ] font-size-md radius-lg line-height-sans-5"><h1 class="callout__header text-bold font-sans-lg"><svg class="usa-icon" aria-hidden="true" focusable="false" role="img"><use href="/assets/img/sprite.svg#info_outline"></use></svg>CFACTS &quot;How-To&quot; videos</h1><p>On-demand videos produced by the CFACTS team are designed to answer frequent questions and demonstrate how to use various features. Check out the &quot;How-To&quot; videos on the CFACTS video channel.</p><p><a href="https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P">Take me to the &quot;How-To&quot; videos</a></p></section><div class="text-block text-block--theme-explainer"><h2>When do I use CFACTS?</h2><p>As teams pursue <a href="https://security.cms.gov/learn/authorization-operate-ato">Authorization to Operate (ATO)</a> for their system, they store the related artifacts in CFACTS.</p><p>If you are an ISSO (<a href="https://security.cms.gov/ispg/information-system-security-officer-isso">Information System Security Officer</a>), System or Business Owner, or CRA (<a href="https://security.cms.gov/ispg/cyber-risk-advisor-cra">Cyber Risk Advisor</a>), you are responsible for both overall <a href="https://security.cms.gov/learn/federal-information-security-modernization-act-fisma">FISMA</a> system compliance efforts and the ATO process.</p><p>Teams use CFACTS to create, store, and update:</p><ul><li><a href="https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook">POA&amp;Ms (Plan of Action and Milestones)</a></li><li><a href="https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook">SSPPs (System Security and Privacy Plan)</a></li><li><a href="https://security.cms.gov/policy-guidance/cms-contingency-plan-exercise-handbook">ISCPs (Information System Contingency Plans)</a></li><li><a href="https://security.cms.gov/learn/privacy-impact-assessment-pia">PIAs (Privacy Impact Assessment)</a></li></ul><h2>CFACTS requirements</h2><h3>Browsers</h3><p>As a website, CFACTS is accessible using standard web browsers. The CFACTS Team recommends using Google Chrome and Microsoft Edge.</p><h3>Getting CFACTS access</h3><p>CFACTS uses two environments: <strong>Production</strong> and <strong>Validation</strong>.</p><ul><li>The Production environment is used to submit artifacts and work in real-time. This is the live, active version of CFACTS, and the one you should use for your application tracking work.</li><li>The Validation environment is used for testing and training. It is not the correct environment for actual record tracking.</li></ul><p>To access CFACTS, you must go through all of the following steps.</p></div><div><ol class="usa-process-list"><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Request job codes</h4><div class="margin-top-05 usa-process-list__description"><ol><li>Log in to your <a href="https://eua.cms.gov/">EUA account</a>.</li><li>Request the 'CFACTS_USER_PRD' job code for the Production environment</li><li>Request the 'CFACTS_USER_IMP' job code the Validation environment.</li></ol></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Job code requests approved</h4><div class="margin-top-05 usa-process-list__description"><p dir="ltr">The EUA First and Second Approvers must approve your requests.&nbsp;</p><p>The ISSO or ISSO contractor will send an email to&nbsp;<a href="mailto:CISO@cms.hhs.gov">CISO@cms.hhs.gov</a> for final approval.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">System assigned</h4><div class="margin-top-05 usa-process-list__description"><p>System Administrators assign you a CFACTS role and notify the ISSO that your role was assigned. The ISSO then assigns you to the correct system as a stakeholder.</p><p>If needed, administrators will troubleshoot any access issues with you.</p></div></li></ol></div><div class="text-block text-block--theme-explainer"><h3>CFACTS Training</h3><p>CFACTS Training is available in the <a href="https://cms-lms.usalearning.net/course/index.php">CMS Learning Management System</a>.</p><p>Once you log in, you can access <a href="https://cms-lms.usalearning.net/course/search.php?search=cfacts">CFACTS training</a> and other relevant courses.</p><p>You will need an EUA login.</p><h3>Using CFACTS</h3><p>Once you complete your training, your Production job code is approved, the role is assigned to your user account, and the ISSO has added you to systems, you should have correct access to CFACTS. The timeline depends on your approvers. Its typical for this to be done within 10 days, if everyone involved in the process is prepared.</p><p>If youre a contractor, youll have access once your ISSO adds you as an ISSOCS (ISSO Contractor Support) stakeholder for each system.</p><p>If you have questions about timing, contact the Help Desk.</p><h3>CFACTS for ISSOs</h3><h4>Giving access to systems</h4><p>If youre an ISSO and need your contractors to have access to a CFACTS information system, have them complete their CFACTS training, and make sure they have an individual account in CFACTS.</p><p>Once the contractor has an account, you must assign them to the information systems you want them to access.</p><p>To do this:</p></div><div><ol class="usa-process-list"><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Log in</h4><div class="margin-top-05 usa-process-list__description"><p>Log in to CFACTS.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Open Assessment &amp; Authorization (A&amp;A)</h4><div class="margin-top-05 usa-process-list__description"><p>Open the Assessment &amp; Authorization (A&amp;A) tab at the top.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Find the information system</h4><div class="margin-top-05 usa-process-list__description"><p>Using the dashboard view of the A&amp;A tab, find the name of the information system you want to assign the contractor to.&nbsp;</p><p>Select the name to open that information system record.&nbsp;</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Assign the contractor</h4><div class="margin-top-05 usa-process-list__description"><p>Assign the contractor to the system by entering their name into the appropriate space.</p></div></li></ol></div><div class="text-block text-block--theme-explainer"><h4>ISSO Group vs ISSO Role</h4><p>To access systems in CFACTS, users need two types of access:</p><ol><li><strong>Group access</strong></li><li><strong>Role access</strong></li></ol><p>A user must be assigned to a group first, before they can be assigned to a role.</p><p>Before an ISSO can be assigned to the ISSO Role in a CFACTS system, the ISPG Admin must assign them to the ISSO Group. Groups first, then Roles.</p><p>The ISPG Admin adds users to groups. Groups determine which systems a user can be assigned to in CFACTS. For example, a user assigned to a contractor group cannot be assigned as a systems business owner or CRA.</p><h4>ISSO vs ISSOCS roles</h4><p>An ISSOCS has most of the same privileges as an ISSO in a CFACTS Authorization Package.</p><p>There are two differences:</p><ul><li>Only the ISSO can add users to the Stakeholders section on the General tab</li><li>Only the ISSO can mark a Package as Approved to Begin Assessment on the Authorization tab</li></ul><p>Only federal employees can be assigned as ISSOs, or as SDMs (System Developer Maintainer). Contractors who do system development and maintenance will be assigned to the ISSOCS stakeholder role.</p><h3>Troubleshooting</h3><h4>CFACTS Help Desk</h4><p>If you have problems after getting access, you can <a href="https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z">contact the CFACTS Help Desk using the CFACTS Support Portal</a> (login required).</p><h4>Missing information systems</h4><p>Make sure you have the correct approved EUA job codes:</p><ul><li>CFACTS_USER_PRD for Production</li><li>CFACTS_USER_IMP for Validation</li></ul><p>If you have the correct job code and can log in, but dont see an information system in your profile, that systems ISSO may need to add you as a stakeholder. Check with your ISSO.</p><p>If you have the correct approved job code yet cant access CFACTS, <a href="https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z">submit a ticket through the support portal</a>.</p><h4>Missing rights or permissions</h4><p>A user with the correct job code can access the CFACTS landing page, but default permissions will cause many links on the page to fail.</p><p>If you click a link and get an error message about rights or permissions, you likely have the correct job code, but have not been assigned to the correct group.</p><p>To fix this, <a href="https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z">submit a ticket through the support portal</a> and ask to have your account assigned to the correct group.</p><h4>Recovering deleted records</h4><p>You can not automatically recover a specific record.</p><p>The CFACTS servers are periodically backed up, but there is no mechanism that allows for recovery of specific records or fields.</p><p>However, CFACTS does maintain a history log. You might be able to use it to determine previous values for specific records or fields, then re-enter the values manually.</p><p>Be sure about what youre deleting before you delete it!</p><h4>Access errors</h4><p>If you are trying to log in to CFACTS and getting a 401 access error, there are several ways you can try to fix the problem on your end.</p><ul><li><strong>Double check the URL youre using</strong>. The 401 error can appear because the URL was mistyped, or the link points to the wrong URL—one for authorized users only.</li><li><strong>Reload the page.</strong> Sometimes closing the page and reopening it is enough to fix the 401 error.</li><li><strong>Delete your browser's cache.</strong> There might be invalid login information stored locally in your browser that causing the 401 error. Clearing the cache will remove problems in those files and give the page an opportunity to download fresh files directly from the server.</li></ul><p>If those options do not fix the problem, <a href="https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z">submit a ticket through the support portal</a> or ask in the <a href="https://cmsgov.enterprise.slack.com/archives/C020XM4RFTK">#cfacts_community channel</a> in the CMS Slack workspace.</p><h4>Clearing browsing data</h4><p>If you need to clear cookies or other browsing data to troubleshoot CFACTS access, use your browsers help menu or other documentation to find the correct procedure. Different browsers do things differently.</p><h2>CFACTS FAQs</h2><h3>Inheriting controls</h3><p><strong>As a control inheritor, is there a way to select all the inheritable controls from a provider at once?</strong></p><p>However, each provider— such as the Office of the Chief Information Security Officer (OCISO), data centers such as the Baltimore Data Center (BDC), or cloud service providers such as Amazon Web Services (AWS)— will be expected to provide a list of inheritable controls they will provide. A control element provider list can also be found on the CFACTS Artifacts page.</p><p>If your system inherits controls from a provider, you should reach out to that provider for their list of inheritable controls or refer to the control element provider list on the CFACTS Artifacts page.</p><h4>Fixing incorrect controls</h4><p>if you have incorrectly inherited a control, to switch your Allocation Status from “Inherited” back to “Allocated” or “Not Applicable,” you must delete the existing “Control to Inherit.”</p><p>To do this, put the Control record into Edit mode, and you will see a delete button—a blue circle with a white X—on the right-hand side of the Control to Inherit row.</p><p>Click this delete button and then choose the required Allocation Status.</p><h4>SSPP not showing details</h4><p>Only private implementation details for an allocated control will be shown in the SSPP.</p><p>If details are entered in the Shared Implementation detail field for an allocated control, they will not be reflected within the SSPP.</p><p>The information provided under the Shared Implementation detail will be reflected in the SSPP of the package that inherits this control. You only need to provide shared implementation details if you are making your control inheritable, so that other authorization packages can inherit it.</p></div></section></div></div></div><div class="cg-cards grid-container"><h2 class="cg-cards__heading" id="related-documents-and-resources">Related documents and resources</h2><ul aria-label="cards" class="usa-card-group"><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/privacy-impact-assessment-pia">Privacy Impact Assessment (PIA)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Process that identifies and mitigates privacy risks for CMS systems regarding the use of Personally Identifiable Information (PII)</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/plan-action-and-milestones-poam">Plan of Action and Milestones (POA&amp;M)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>A corrective action plan roadmap to address system weaknesses and the resources required to fix them</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/system-security-and-privacy-plan-sspp">System Security and Privacy Plan (SSPP)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Documentation of a FISMA systems features and security requirements, along with controls and procedures for information protection</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/cybersecurity-risk-assessment-program-csrap">Cybersecurity and Risk Assessment Program (CSRAP)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>A streamlined risk-based control(s) testing methodology designed to relieve operational burden.</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/posts/completing-tasks-cfacts-easy-cfacts-training-videos">Completing tasks in CFACTS is easy with &quot;CFACTS How-To&quot; videos</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Want to learn about new features and how to do tasks in CFACTS? How-To videos from CFACTS can help!
</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/posts/watch-and-learn-system-categorization-cfacts">Watch and Learn: System Categorization in CFACTS</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Watch the video about assigning a FIPS 199 Security Category to your system, and learn how to use CFACTS to simplify the process</p></div></div></li></ul></div></div></main><footer class="usa-footer usa-footer--slim"><div class="grid-container"><div class="grid-row flex-align-end"><div class="grid-col"><div class="usa-footer__return-to-top"><a class="font-sans-xs" href="#">Return to top</a></div></div><div class="grid-col padding-bottom-2 padding-top-4 display-flex flex-justify-end"><a class="usa-button" href="/feedback">Give feedback</a></div></div></div><div class="usa-footer__primary-section"><div class="usa-footer__primary-container grid-row"><div class="tablet:grid-col-3"><a class="usa-footer__primary-link" href="/"><img alt="CyberGeek logo" loading="lazy" width="142" height="26" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a><p class="usa-footer__logo-heading display-none tablet-lg:display-block">The official website of the CMS Information Security and Privacy Group (ISPG)</p></div><div class="tablet:grid-col-12 tablet-lg:grid-col-9"><nav class="usa-footer__nav" aria-label="Footer navigation,"><ul class="grid-row grid-gap"><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="/learn/about-ispg-cybergeek">What is CyberGeek?</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/privacy">Privacy policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/about-cms/information-systems/privacy/vulnerability-disclosure-policy">CMS Vulnerability Disclosure Policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/About-CMS/Agency-Information/Aboutwebsite/Policiesforaccessibility">Accessibility</a></li></ul></nav></div></div></div><div class="usa-footer__secondary-section"><div class="grid-container"><div class="usa-footer__logo grid-row grid-gap-2"><div class="mobile-lg:grid-col-3"><a href="https://www.cms.gov/"><img alt="CMS homepage" loading="lazy" width="124" height="29" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/cmsLogo.10a64ce4.svg"/></a></div><div class="mobile-lg:grid-col-7"><p class="font-sans-3xs line-height-sans-3">A federal government website managed and paid for by the U.S. Centers for Medicare &amp; Medicaid Services.</p><address class="font-sans-3xs line-height-sans-3">7500 Security Boulevard, Baltimore, MD 21244</address></div></div></div></div></footer><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds.min.js",{}])</script><script src="/_next/static/chunks/webpack-182b67d00f496f9d.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/ef46db3751d8e999.css\",\"style\"]\n2:HL[\"/_next/static/css/0759e90f4fecfde7.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"3:I[5751,[],\"\"]\n6:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\nb:I[6130,[],\"\"]\n7:[\"slug\",\"cms-fisma-continuous-tracking-system-cfacts\",\"d\"]\nc:[]\n0:[\"$\",\"$L3\",null,{\"buildId\":\"m9SaS4P6zugJbBHpXSk5Y\",\"assetPrefix\":\"\",\"urlParts\":[\"\",\"learn\",\"cms-fisma-continuous-tracking-system-cfacts\"],\"initialTree\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"cms-fisma-continuous-tracking-system-cfacts\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"cms-fisma-continuous-tracking-system-cfacts\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L4\",\"$L5\",null],null],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/ef46db3751d8e999.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/0759e90f4fecfde7.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],\"$L9\"],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$La\"],\"globalErrorComponent\":\"$b\",\"missingSlots\":\"$Wc\"}]\n"])</script><script>self.__next_f.push([1,"d:I[4080,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"\"]\ne:I[8173,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"Image\"]\nf:I[7529,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n11:I[231,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"\"]\n12:I[7303,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n13:I[8521,[\"489\",\"static/chunks/app/template-d264bab5e3061841.js\"],\"default\"]\n14:I[5922,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"default\"]\n15:I[7182,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n16:I[4180,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"TealiumTagManager\"]\n10:Tdced,"])</script><script>self.__next_f.push([1,"{\"id\":\"mega-menu\",\"linkset\":{\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87},\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87,\"tree\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]}]}"])</script><script>self.__next_f.push([1,"9:[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[[\"$\",\"head\",null,{\"children\":[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds-init.min.js\",\"strategy\":\"beforeInteractive\"}]}],[\"$\",\"body\",null,{\"children\":[[[\"$\",\"a\",null,{\"className\":\"usa-skipnav\",\"href\":\"#main\",\"children\":\"Skip to main content\"}],[\"$\",\"section\",null,{\"className\":\"usa-banner\",\"aria-label\":\"Official website of the United States government\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-accordion\",\"children\":[[\"$\",\"header\",null,{\"className\":\"usa-banner__header\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-banner__inner\",\"children\":[[\"$\",\"div\",null,{\"className\":\"grid-col-auto\",\"children\":[\"$\",\"$Le\",null,{\"aria-hidden\":\"true\",\"className\":\"usa-banner__header-flag\",\"src\":\"/assets/img/us_flag_small.png\",\"alt\":\"\",\"width\":\"16\",\"height\":\"11\"}]}],[\"$\",\"div\",null,{\"className\":\"grid-col-fill tablet:grid-col-auto\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"p\",null,{\"className\":\"usa-banner__header-text\",\"children\":\"An official website of the United States government\"}],[\"$\",\"p\",null,{\"className\":\"usa-banner__header-action\",\"children\":\"Here's how you know\"}]]}],[\"$\",\"button\",null,{\"type\":\"button\",\"className\":\"usa-accordion__button usa-banner__button\",\"aria-expanded\":\"false\",\"aria-controls\":\"gov-banner-default-default\",\"children\":[\"$\",\"span\",null,{\"className\":\"usa-banner__button-text\",\"children\":\"Here's how you know\"}]}]]}]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__content usa-accordion__content\",\"id\":\"gov-banner-default-default\",\"hidden\":true,\"children\":[\"$\",\"div\",null,{\"className\":\"grid-row grid-gap-lg\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-dot-gov.3e9cb1b5.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Official websites use .gov\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\".gov\"}],\" website belongs to an official government organization in the United States.\"]}]}]]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-https.e7f1a222.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Secure .gov websites use HTTPS\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\"lock\"}],\" (\",[\"$\",\"span\",null,{\"className\":\"icon-lock\",\"children\":[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":\"52\",\"height\":\"64\",\"viewBox\":\"0 0 52 64\",\"className\":\"usa-banner__lock-image\",\"role\":\"img\",\"aria-labelledby\":\"banner-lock-description-default\",\"focusable\":\"false\",\"children\":[[\"$\",\"title\",null,{\"id\":\"banner-lock-title-default\",\"children\":\"Lock\"}],[\"$\",\"desc\",null,{\"id\":\"banner-lock-description-default\",\"children\":\"Locked padlock icon\"}],[\"$\",\"path\",null,{\"fill\":\"#000000\",\"fillRule\":\"evenodd\",\"d\":\"M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z\"}]]}]}],\") or \",[\"$\",\"strong\",null,{\"children\":\"https://\"}],\" means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.\"]}]}]]}]]}]}]]}]}]],[\"$\",\"$Lf\",null,{\"value\":\"$10\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-overlay\"}],[\"$\",\"header\",null,{\"className\":\"usa-header usa-header--extended\",\"children\":[[\"$\",\"div\",null,{\"className\":\"bg-primary-dark\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-navbar\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-logo padding-y-4 padding-right-3\",\"id\":\"CyberGeek-logo\",\"children\":[\"$\",\"$L11\",null,{\"href\":\"/\",\"title\":\"CMS CyberGeek Home\",\"children\":[\"$\",\"$Le\",null,{\"src\":{\"src\":\"/_next/static/media/CyberGeek-logo.8e9bbd2b.svg\",\"height\":50,\"width\":425,\"blurWidth\":0,\"blurHeight\":0},\"alt\":\"CyberGeek logo\",\"width\":\"298\",\"height\":\"35\",\"priority\":true}]}]}],[\"$\",\"button\",null,{\"aria-label\":\"Open menu\",\"type\":\"button\",\"className\":\"usa-menu-btn\",\"data-cy\":\"menu-button\",\"children\":\"Menu\"}]]}]}],[\"$\",\"$L12\",null,{}]]}]]}],[\"$\",\"main\",null,{\"id\":\"main\",\"children\":[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L13\",null,{\"children\":[\"$\",\"$L8\",null,{}]}],\"templateStyles\":[],\"templateScripts\":[],\"notFound\":[\"$\",\"section\",null,{\"className\":\"hero hero--theme-content-not-found undefined\",\"children\":[[\"$\",\"$Le\",null,{\"alt\":\"404 page not found\",\"className\":\"hero__graphic\",\"priority\":true,\"src\":{\"src\":\"/_next/static/media/content-not-found-graphic.8f104f47.svg\",\"height\":551,\"width\":948,\"blurWidth\":0,\"blurHeight\":0}}],[\"$\",\"div\",null,{\"className\":\"maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7\",\"children\":[\"$\",\"div\",null,{\"className\":\"tablet:grid-container position-relative \",\"children\":[\"$\",\"div\",null,{\"className\":\"hero__row grid-row grid-gap\",\"children\":[[\"$\",\"div\",null,{\"className\":\"tablet:grid-col-5 widescreen:position-relative\",\"children\":[false,false]}],[\"$\",\"div\",null,{\"className\":\"hero__column tablet:grid-col-7 flow padding-bottom-2\",\"children\":[\"$undefined\",\"$undefined\",false,[\"$\",\"h1\",null,{\"className\":\"hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2\",\"children\":\"We can't find that page.\"}],\"$undefined\",\"$undefined\",false,[\"$\",\"div\",null,{\"children\":[[\"$\",\"div\",null,{\"className\":\"hero__description\",\"children\":[[\"The page you're looking for may have been moved or retired. You can\",\" \",[\"$\",\"$L11\",null,{\"href\":\"/\",\"children\":\"visit our home page\"}],\" or use the search box to find helpful resources.\"]]}],[\"$\",\"div\",null,{\"className\":\"margin-top-6 search-container\",\"children\":[\"$\",\"$L14\",null,{\"theme\":\"content-not-found\"}]}]]}],false]}],false,false]}]}]}]]}],\"notFoundStyles\":[]}]}],[\"$\",\"$L15\",null,{}],[\"$\",\"$L16\",null,{}],[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds.min.js\",\"strategy\":\"beforeInteractive\"}]]}]]}]\n"])</script><script>self.__next_f.push([1,"17:I[9461,[\"866\",\"static/chunks/e37a0b60-b74be3d42787b18d.js\",\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"904\",\"static/chunks/904-dbddf7494c3e6975.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"549\",\"static/chunks/549-c87c1c3bbacc319f.js\",\"192\",\"static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js\"],\"default\"]\n18:T7de,\u003ch2\u003eWhen do I use CFACTS?\u003c/h2\u003e\u003cp\u003eAs teams pursue \u003ca href=\"https://security.cms.gov/learn/authorization-operate-ato\"\u003eAuthorization to Operate (ATO)\u003c/a\u003e for their system, they store the related artifacts in CFACTS.\u003c/p\u003e\u003cp\u003eIf you are an ISSO (\u003ca href=\"https://security.cms.gov/ispg/information-system-security-officer-isso\"\u003eInformation System Security Officer\u003c/a\u003e), System or Business Owner, or CRA (\u003ca href=\"https://security.cms.gov/ispg/cyber-risk-advisor-cra\"\u003eCyber Risk Advisor\u003c/a\u003e), you are responsible for both overall \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFISMA\u003c/a\u003e system compliance efforts and the ATO process.\u003c/p\u003e\u003cp\u003eTeams use CFACTS to create, store, and update:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003ePOA\u0026amp;Ms (Plan of Action and Milestones)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eSSPPs (System Security and Privacy Plan)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-contingency-plan-exercise-handbook\"\u003eISCPs (Information System Contingency Plans)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003ePIAs (Privacy Impact Assessment)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eCFACTS requirements\u003c/h2\u003e\u003ch3\u003eBrowsers\u003c/h3\u003e\u003cp\u003eAs a website, CFACTS is accessible using standard web browsers. The CFACTS Team recommends using Google Chrome and Microsoft Edge.\u003c/p\u003e\u003ch3\u003eGetting CFACTS access\u003c/h3\u003e\u003cp\u003eCFACTS uses two environments: \u003cstrong\u003eProduction\u003c/strong\u003e and \u003cstrong\u003eValidation\u003c/strong\u003e.\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe Production environment is used to submit artifact"])</script><script>self.__next_f.push([1,"s and work in real-time. This is the live, active version of CFACTS, and the one you should use for your application tracking work.\u003c/li\u003e\u003cli\u003eThe Validation environment is used for testing and training. It is not the correct environment for actual record tracking.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo access CFACTS, you must go through all of the following steps.\u003c/p\u003e19:T7de,\u003ch2\u003eWhen do I use CFACTS?\u003c/h2\u003e\u003cp\u003eAs teams pursue \u003ca href=\"https://security.cms.gov/learn/authorization-operate-ato\"\u003eAuthorization to Operate (ATO)\u003c/a\u003e for their system, they store the related artifacts in CFACTS.\u003c/p\u003e\u003cp\u003eIf you are an ISSO (\u003ca href=\"https://security.cms.gov/ispg/information-system-security-officer-isso\"\u003eInformation System Security Officer\u003c/a\u003e), System or Business Owner, or CRA (\u003ca href=\"https://security.cms.gov/ispg/cyber-risk-advisor-cra\"\u003eCyber Risk Advisor\u003c/a\u003e), you are responsible for both overall \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFISMA\u003c/a\u003e system compliance efforts and the ATO process.\u003c/p\u003e\u003cp\u003eTeams use CFACTS to create, store, and update:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003ePOA\u0026amp;Ms (Plan of Action and Milestones)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eSSPPs (System Security and Privacy Plan)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-contingency-plan-exercise-handbook\"\u003eISCPs (Information System Contingency Plans)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003ePIAs (Privacy Impact Assessment)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eCFACTS requirements\u003c/h2\u003e\u003ch3\u003eBrowsers\u003c/h3\u003e\u003cp\u003eAs a website, CFACTS is accessible using standard web browsers. The CFACTS Team recommends using Google Chrome and Microsoft Edge.\u003c/p\u003e\u003ch3\u003eGetting CFACTS access\u003c/h3\u003e\u003cp\u003eCFACTS uses two environments: \u003cstrong\u003eProduction\u003c/strong\u003e and \u003cstrong\u003eValidation\u003c/strong\u003e.\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe Production environment is used to submit artifacts and work in real-time. T"])</script><script>self.__next_f.push([1,"his is the live, active version of CFACTS, and the one you should use for your application tracking work.\u003c/li\u003e\u003cli\u003eThe Validation environment is used for testing and training. It is not the correct environment for actual record tracking.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo access CFACTS, you must go through all of the following steps.\u003c/p\u003e1a:T524,\u003ch3\u003eCFACTS Training\u003c/h3\u003e\u003cp\u003eCFACTS Training is available in the \u003ca href=\"https://cms-lms.usalearning.net/course/index.php\"\u003eCMS Learning Management System\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eOnce you log in, you can access \u003ca href=\"https://cms-lms.usalearning.net/course/search.php?search=cfacts\"\u003eCFACTS training\u003c/a\u003e and other relevant courses.\u003c/p\u003e\u003cp\u003eYou will need an EUA login.\u003c/p\u003e\u003ch3\u003eUsing CFACTS\u003c/h3\u003e\u003cp\u003eOnce you complete your training, your Production job code is approved, the role is assigned to your user account, and the ISSO has added you to systems, you should have correct access to CFACTS. The timeline depends on your approvers. Its typical for this to be done within 10 days, if everyone involved in the process is prepared.\u003c/p\u003e\u003cp\u003eIf youre a contractor, youll have access once your ISSO adds you as an ISSOCS (ISSO Contractor Support) stakeholder for each system.\u003c/p\u003e\u003cp\u003eIf you have questions about timing, contact the Help Desk.\u003c/p\u003e\u003ch3\u003eCFACTS for ISSOs\u003c/h3\u003e\u003ch4\u003eGiving access to systems\u003c/h4\u003e\u003cp\u003eIf youre an ISSO and need your contractors to have access to a CFACTS information system, have them complete their CFACTS training, and make sure they have an individual account in CFACTS.\u003c/p\u003e\u003cp\u003eOnce the contractor has an account, you must assign them to the information systems you want them to access.\u003c/p\u003e\u003cp\u003eTo do this:\u003c/p\u003e1b:T524,\u003ch3\u003eCFACTS Training\u003c/h3\u003e\u003cp\u003eCFACTS Training is available in the \u003ca href=\"https://cms-lms.usalearning.net/course/index.php\"\u003eCMS Learning Management System\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eOnce you log in, you can access \u003ca href=\"https://cms-lms.usalearning.net/course/search.php?search=cfacts\"\u003eCFACTS training\u003c/a\u003e and other relevant courses.\u003c/p\u003e\u003cp\u003eYou will need an EUA login.\u003c/p\u003e\u003ch3\u003eUsing CFACTS\u003c/h3\u003e\u003cp\u003eOnce you complete y"])</script><script>self.__next_f.push([1,"our training, your Production job code is approved, the role is assigned to your user account, and the ISSO has added you to systems, you should have correct access to CFACTS. The timeline depends on your approvers. Its typical for this to be done within 10 days, if everyone involved in the process is prepared.\u003c/p\u003e\u003cp\u003eIf youre a contractor, youll have access once your ISSO adds you as an ISSOCS (ISSO Contractor Support) stakeholder for each system.\u003c/p\u003e\u003cp\u003eIf you have questions about timing, contact the Help Desk.\u003c/p\u003e\u003ch3\u003eCFACTS for ISSOs\u003c/h3\u003e\u003ch4\u003eGiving access to systems\u003c/h4\u003e\u003cp\u003eIf youre an ISSO and need your contractors to have access to a CFACTS information system, have them complete their CFACTS training, and make sure they have an individual account in CFACTS.\u003c/p\u003e\u003cp\u003eOnce the contractor has an account, you must assign them to the information systems you want them to access.\u003c/p\u003e\u003cp\u003eTo do this:\u003c/p\u003e1c:T1805,"])</script><script>self.__next_f.push([1,"\u003ch4\u003eISSO Group vs ISSO Role\u003c/h4\u003e\u003cp\u003eTo access systems in CFACTS, users need two types of access:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eGroup access\u003c/strong\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eRole access\u003c/strong\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eA user must be assigned to a group first, before they can be assigned to a role.\u003c/p\u003e\u003cp\u003eBefore an ISSO can be assigned to the ISSO Role in a CFACTS system, the ISPG Admin must assign them to the ISSO Group. Groups first, then Roles.\u003c/p\u003e\u003cp\u003eThe ISPG Admin adds users to groups. Groups determine which systems a user can be assigned to in CFACTS. For example, a user assigned to a contractor group cannot be assigned as a systems business owner or CRA.\u003c/p\u003e\u003ch4\u003eISSO vs ISSOCS roles\u003c/h4\u003e\u003cp\u003eAn ISSOCS has most of the same privileges as an ISSO in a CFACTS Authorization Package.\u003c/p\u003e\u003cp\u003eThere are two differences:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOnly the ISSO can add users to the Stakeholders section on the General tab\u003c/li\u003e\u003cli\u003eOnly the ISSO can mark a Package as Approved to Begin Assessment on the Authorization tab\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eOnly federal employees can be assigned as ISSOs, or as SDMs (System Developer Maintainer). Contractors who do system development and maintenance will be assigned to the ISSOCS stakeholder role.\u003c/p\u003e\u003ch3\u003eTroubleshooting\u003c/h3\u003e\u003ch4\u003eCFACTS Help Desk\u003c/h4\u003e\u003cp\u003eIf you have problems after getting access, you can \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003econtact the CFACTS Help Desk using the CFACTS Support Portal\u003c/a\u003e (login required).\u003c/p\u003e\u003ch4\u003eMissing information systems\u003c/h4\u003e\u003cp\u003eMake sure you have the correct approved EUA job codes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eCFACTS_USER_PRD for Production\u003c/li\u003e\u003cli\u003eCFACTS_USER_IMP for Validation\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf you have the correct job code and can log in, but dont see an information system in your profile, that systems ISSO may need to add you as a stakeholder. Check with your ISSO.\u003c/p\u003e\u003cp\u003eIf you have the correct approved job code yet cant access CFACTS, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e.\u003c/p\u003e\u003ch4\u003eMissing rights or permissions\u003c/h4\u003e\u003cp\u003eA user with the correct job code can access the CFACTS landing page, but default permissions will cause many links on the page to fail.\u003c/p\u003e\u003cp\u003eIf you click a link and get an error message about rights or permissions, you likely have the correct job code, but have not been assigned to the correct group.\u003c/p\u003e\u003cp\u003eTo fix this, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e and ask to have your account assigned to the correct group.\u003c/p\u003e\u003ch4\u003eRecovering deleted records\u003c/h4\u003e\u003cp\u003eYou can not automatically recover a specific record.\u003c/p\u003e\u003cp\u003eThe CFACTS servers are periodically backed up, but there is no mechanism that allows for recovery of specific records or fields.\u003c/p\u003e\u003cp\u003eHowever, CFACTS does maintain a history log. You might be able to use it to determine previous values for specific records or fields, then re-enter the values manually.\u003c/p\u003e\u003cp\u003eBe sure about what youre deleting before you delete it!\u003c/p\u003e\u003ch4\u003eAccess errors\u003c/h4\u003e\u003cp\u003eIf you are trying to log in to CFACTS and getting a 401 access error, there are several ways you can try to fix the problem on your end.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eDouble check the URL youre using\u003c/strong\u003e. The 401 error can appear because the URL was mistyped, or the link points to the wrong URL—one for authorized users only.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReload the page.\u003c/strong\u003e Sometimes closing the page and reopening it is enough to fix the 401 error.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDelete your browser's cache.\u003c/strong\u003e There might be invalid login information stored locally in your browser that causing the 401 error. Clearing the cache will remove problems in those files and give the page an opportunity to download fresh files directly from the server.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf those options do not fix the problem, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e or ask in the \u003ca href=\"https://cmsgov.enterprise.slack.com/archives/C020XM4RFTK\"\u003e#cfacts_community channel\u003c/a\u003e in the CMS Slack workspace.\u003c/p\u003e\u003ch4\u003eClearing browsing data\u003c/h4\u003e\u003cp\u003eIf you need to clear cookies or other browsing data to troubleshoot CFACTS access, use your browsers help menu or other documentation to find the correct procedure. Different browsers do things differently.\u003c/p\u003e\u003ch2\u003eCFACTS FAQs\u003c/h2\u003e\u003ch3\u003eInheriting controls\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eAs a control inheritor, is there a way to select all the inheritable controls from a provider at once?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eHowever, each provider— such as the Office of the Chief Information Security Officer (OCISO), data centers such as the Baltimore Data Center (BDC), or cloud service providers such as Amazon Web Services (AWS)— will be expected to provide a list of inheritable controls they will provide. A control element provider list can also be found on the CFACTS Artifacts page.\u003c/p\u003e\u003cp\u003eIf your system inherits controls from a provider, you should reach out to that provider for their list of inheritable controls or refer to the control element provider list on the CFACTS Artifacts page.\u003c/p\u003e\u003ch4\u003eFixing incorrect controls\u003c/h4\u003e\u003cp\u003eif you have incorrectly inherited a control, to switch your Allocation Status from “Inherited” back to “Allocated” or “Not Applicable,” you must delete the existing “Control to Inherit.”\u003c/p\u003e\u003cp\u003eTo do this, put the Control record into Edit mode, and you will see a delete button—a blue circle with a white X—on the right-hand side of the Control to Inherit row.\u003c/p\u003e\u003cp\u003eClick this delete button and then choose the required Allocation Status.\u003c/p\u003e\u003ch4\u003eSSPP not showing details\u003c/h4\u003e\u003cp\u003eOnly private implementation details for an allocated control will be shown in the SSPP.\u003c/p\u003e\u003cp\u003eIf details are entered in the Shared Implementation detail field for an allocated control, they will not be reflected within the SSPP.\u003c/p\u003e\u003cp\u003eThe information provided under the Shared Implementation detail will be reflected in the SSPP of the package that inherits this control. You only need to provide shared implementation details if you are making your control inheritable, so that other authorization packages can inherit it.\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1d:T1805,"])</script><script>self.__next_f.push([1,"\u003ch4\u003eISSO Group vs ISSO Role\u003c/h4\u003e\u003cp\u003eTo access systems in CFACTS, users need two types of access:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eGroup access\u003c/strong\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eRole access\u003c/strong\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eA user must be assigned to a group first, before they can be assigned to a role.\u003c/p\u003e\u003cp\u003eBefore an ISSO can be assigned to the ISSO Role in a CFACTS system, the ISPG Admin must assign them to the ISSO Group. Groups first, then Roles.\u003c/p\u003e\u003cp\u003eThe ISPG Admin adds users to groups. Groups determine which systems a user can be assigned to in CFACTS. For example, a user assigned to a contractor group cannot be assigned as a systems business owner or CRA.\u003c/p\u003e\u003ch4\u003eISSO vs ISSOCS roles\u003c/h4\u003e\u003cp\u003eAn ISSOCS has most of the same privileges as an ISSO in a CFACTS Authorization Package.\u003c/p\u003e\u003cp\u003eThere are two differences:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOnly the ISSO can add users to the Stakeholders section on the General tab\u003c/li\u003e\u003cli\u003eOnly the ISSO can mark a Package as Approved to Begin Assessment on the Authorization tab\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eOnly federal employees can be assigned as ISSOs, or as SDMs (System Developer Maintainer). Contractors who do system development and maintenance will be assigned to the ISSOCS stakeholder role.\u003c/p\u003e\u003ch3\u003eTroubleshooting\u003c/h3\u003e\u003ch4\u003eCFACTS Help Desk\u003c/h4\u003e\u003cp\u003eIf you have problems after getting access, you can \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003econtact the CFACTS Help Desk using the CFACTS Support Portal\u003c/a\u003e (login required).\u003c/p\u003e\u003ch4\u003eMissing information systems\u003c/h4\u003e\u003cp\u003eMake sure you have the correct approved EUA job codes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eCFACTS_USER_PRD for Production\u003c/li\u003e\u003cli\u003eCFACTS_USER_IMP for Validation\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf you have the correct job code and can log in, but dont see an information system in your profile, that systems ISSO may need to add you as a stakeholder. Check with your ISSO.\u003c/p\u003e\u003cp\u003eIf you have the correct approved job code yet cant access CFACTS, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e.\u003c/p\u003e\u003ch4\u003eMissing rights or permissions\u003c/h4\u003e\u003cp\u003eA user with the correct job code can access the CFACTS landing page, but default permissions will cause many links on the page to fail.\u003c/p\u003e\u003cp\u003eIf you click a link and get an error message about rights or permissions, you likely have the correct job code, but have not been assigned to the correct group.\u003c/p\u003e\u003cp\u003eTo fix this, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e and ask to have your account assigned to the correct group.\u003c/p\u003e\u003ch4\u003eRecovering deleted records\u003c/h4\u003e\u003cp\u003eYou can not automatically recover a specific record.\u003c/p\u003e\u003cp\u003eThe CFACTS servers are periodically backed up, but there is no mechanism that allows for recovery of specific records or fields.\u003c/p\u003e\u003cp\u003eHowever, CFACTS does maintain a history log. You might be able to use it to determine previous values for specific records or fields, then re-enter the values manually.\u003c/p\u003e\u003cp\u003eBe sure about what youre deleting before you delete it!\u003c/p\u003e\u003ch4\u003eAccess errors\u003c/h4\u003e\u003cp\u003eIf you are trying to log in to CFACTS and getting a 401 access error, there are several ways you can try to fix the problem on your end.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eDouble check the URL youre using\u003c/strong\u003e. The 401 error can appear because the URL was mistyped, or the link points to the wrong URL—one for authorized users only.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReload the page.\u003c/strong\u003e Sometimes closing the page and reopening it is enough to fix the 401 error.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDelete your browser's cache.\u003c/strong\u003e There might be invalid login information stored locally in your browser that causing the 401 error. Clearing the cache will remove problems in those files and give the page an opportunity to download fresh files directly from the server.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf those options do not fix the problem, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e or ask in the \u003ca href=\"https://cmsgov.enterprise.slack.com/archives/C020XM4RFTK\"\u003e#cfacts_community channel\u003c/a\u003e in the CMS Slack workspace.\u003c/p\u003e\u003ch4\u003eClearing browsing data\u003c/h4\u003e\u003cp\u003eIf you need to clear cookies or other browsing data to troubleshoot CFACTS access, use your browsers help menu or other documentation to find the correct procedure. Different browsers do things differently.\u003c/p\u003e\u003ch2\u003eCFACTS FAQs\u003c/h2\u003e\u003ch3\u003eInheriting controls\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eAs a control inheritor, is there a way to select all the inheritable controls from a provider at once?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eHowever, each provider— such as the Office of the Chief Information Security Officer (OCISO), data centers such as the Baltimore Data Center (BDC), or cloud service providers such as Amazon Web Services (AWS)— will be expected to provide a list of inheritable controls they will provide. A control element provider list can also be found on the CFACTS Artifacts page.\u003c/p\u003e\u003cp\u003eIf your system inherits controls from a provider, you should reach out to that provider for their list of inheritable controls or refer to the control element provider list on the CFACTS Artifacts page.\u003c/p\u003e\u003ch4\u003eFixing incorrect controls\u003c/h4\u003e\u003cp\u003eif you have incorrectly inherited a control, to switch your Allocation Status from “Inherited” back to “Allocated” or “Not Applicable,” you must delete the existing “Control to Inherit.”\u003c/p\u003e\u003cp\u003eTo do this, put the Control record into Edit mode, and you will see a delete button—a blue circle with a white X—on the right-hand side of the Control to Inherit row.\u003c/p\u003e\u003cp\u003eClick this delete button and then choose the required Allocation Status.\u003c/p\u003e\u003ch4\u003eSSPP not showing details\u003c/h4\u003e\u003cp\u003eOnly private implementation details for an allocated control will be shown in the SSPP.\u003c/p\u003e\u003cp\u003eIf details are entered in the Shared Implementation detail field for an allocated control, they will not be reflected within the SSPP.\u003c/p\u003e\u003cp\u003eThe information provided under the Shared Implementation detail will be reflected in the SSPP of the package that inherits this control. You only need to provide shared implementation details if you are making your control inheritable, so that other authorization packages can inherit it.\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1e:T6d2,\u003cp dir=\"ltr\"\u003eYou may have noticed several changes in how system information and documents are stored in the\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts\"\u003eCMS FISMA Continuous Tracking System (CFACTS)\u003c/a\u003e. To help you navigate these changes, the CFACTS Team has been busy making \"how-to\" videos designed to help Information System Security Officers (ISSOs), System/Business Owners, and Cyber Risk Advisors (CRAs) complete tasks in CFACTS.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003ca href=\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"\u003eCFACTS \"How-To\" video library\u003c/a\u003e is available on the\u0026nbsp;\u003ca href=\"https://www.youtube.com/@cmsinformationsecurityandp5034/featured\"\u003eISPG YouTube Channel\u003c/a\u003e and can help with critical tasks like:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eHow to complete ATO Requests\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eControl implementation\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eControl inheritance\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCreating personalized dashboards\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCAAT file creation\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eReports and more\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eCheck out the\u0026nbsp;\u003ca href=\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"\u003eCFACTS video channel\u003c/a\u003e for more information to help you work through your system compliance activities. Bookmark the page and check back for more new content from the CFACTS Team as they make changes to improve processes.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eWho to contact\u0026nbsp;\u003c/h2\u003e\u003cp lang=\"EN-US\"\u003ePost any questions or comments on the \u003cem\u003e#cfacts-community\u003c/em\u003e channel in CMS Slack, or request support by using the \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCFACTS support portal\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e1f:T6d2,\u003cp dir=\"ltr\"\u003eYou may have noticed several changes in how system information and documents are stored in the\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts\"\u003eCMS FISMA Continuous Tracking System (CFACTS)\u003c/a\u003e. To help you navigate these changes, t"])</script><script>self.__next_f.push([1,"he CFACTS Team has been busy making \"how-to\" videos designed to help Information System Security Officers (ISSOs), System/Business Owners, and Cyber Risk Advisors (CRAs) complete tasks in CFACTS.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003ca href=\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"\u003eCFACTS \"How-To\" video library\u003c/a\u003e is available on the\u0026nbsp;\u003ca href=\"https://www.youtube.com/@cmsinformationsecurityandp5034/featured\"\u003eISPG YouTube Channel\u003c/a\u003e and can help with critical tasks like:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eHow to complete ATO Requests\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eControl implementation\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eControl inheritance\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCreating personalized dashboards\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCAAT file creation\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eReports and more\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eCheck out the\u0026nbsp;\u003ca href=\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"\u003eCFACTS video channel\u003c/a\u003e for more information to help you work through your system compliance activities. Bookmark the page and check back for more new content from the CFACTS Team as they make changes to improve processes.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eWho to contact\u0026nbsp;\u003c/h2\u003e\u003cp lang=\"EN-US\"\u003ePost any questions or comments on the \u003cem\u003e#cfacts-community\u003c/em\u003e channel in CMS Slack, or request support by using the \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCFACTS support portal\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e22:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}\n21:{\"self\":\"$22\"}\n25:[\"menu_ui\",\"scheduler\"]\n24:{\"module\":\"$25\"}\n28:[]\n27:{\"available_menus\":\"$28\",\"parent\":\"\"}\n29:{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}\n26:{\"menu_ui\":\"$27\",\"sched"])</script><script>self.__next_f.push([1,"uler\":\"$29\"}\n23:{\"langcode\":\"en\",\"status\":true,\"dependencies\":\"$24\",\"third_party_settings\":\"$26\",\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}\n20:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":\"$21\",\"attributes\":\"$23\"}\n2c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/4420e728-6dc2-4022-bf8d-5bd1329e5e64\"}\n2b:{\"self\":\"$2c\"}\n2d:{\"display_name\":\"jcallan - retired\"}\n2a:{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"links\":\"$2b\",\"attributes\":\"$2d\"}\n30:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/dca2c49b-4a12-4d5f-859d-a759444160a4\"}\n2f:{\"self\":\"$30\"}\n31:{\"display_name\":\"meg - retired\"}\n2e:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"links\":\"$2f\",\"attributes\":\"$31\"}\n34:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4?resourceVersion=id%3A121\"}\n33:{\"self\":\"$34\"}\n36:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n35:{\"drupal_internal__tid\":121,\"drupal_internal__revision_id\":121,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:12+00:00\",\"status\":true,\"name\":\"Tools / Services\",\"description\":null,\"weight\":5,\"changed\":\"2023-06-14T19:04:09+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$36\"}\n3a:{\"drupal_internal__target_id\":\"resource_type\"}\n39:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":\"$3a\"}\n3c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/vid?resourceVersion=id%3A121\"}\n3d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/vid?resourceVersion=id%3A121\"}\n3b:{\"related\":\"$3c\",\"self\":\"$3d\"}\n38:{\"data\":"])</script><script>self.__next_f.push([1,"\"$39\",\"links\":\"$3b\"}\n40:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/revision_user?resourceVersion=id%3A121\"}\n41:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/revision_user?resourceVersion=id%3A121\"}\n3f:{\"related\":\"$40\",\"self\":\"$41\"}\n3e:{\"data\":null,\"links\":\"$3f\"}\n48:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n47:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$48\"}\n46:{\"help\":\"$47\"}\n45:{\"links\":\"$46\"}\n44:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":\"$45\"}\n43:[\"$44\"]\n4a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/parent?resourceVersion=id%3A121\"}\n4b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/parent?resourceVersion=id%3A121\"}\n49:{\"related\":\"$4a\",\"self\":\"$4b\"}\n42:{\"data\":\"$43\",\"links\":\"$49\"}\n37:{\"vid\":\"$38\",\"revision_user\":\"$3e\",\"parent\":\"$42\"}\n32:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"links\":\"$33\",\"attributes\":\"$35\",\"relationships\":\"$37\"}\n4e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}\n4d:{\"self\":\"$4e\"}\n50:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n4f:{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$50\"}\n54:{\"drupal_internal__target_id\":\"roles\"}\n53:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$54\"}\n56:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A"])</script><script>self.__next_f.push([1,"66\"}\n57:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}\n55:{\"related\":\"$56\",\"self\":\"$57\"}\n52:{\"data\":\"$53\",\"links\":\"$55\"}\n5a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"}\n5b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}\n59:{\"related\":\"$5a\",\"self\":\"$5b\"}\n58:{\"data\":null,\"links\":\"$59\"}\n62:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n61:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$62\"}\n60:{\"help\":\"$61\"}\n5f:{\"links\":\"$60\"}\n5e:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$5f\"}\n5d:[\"$5e\"]\n64:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"}\n65:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}\n63:{\"related\":\"$64\",\"self\":\"$65\"}\n5c:{\"data\":\"$5d\",\"links\":\"$63\"}\n51:{\"vid\":\"$52\",\"revision_user\":\"$58\",\"parent\":\"$5c\"}\n4c:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":\"$4d\",\"attributes\":\"$4f\",\"relationships\":\"$51\"}\n68:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}\n67:{\"self\":\"$68\"}\n6a:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n69:{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$6a\"}\n6e:{\"drupal_internal__target_id\":\"roles\"}\n6d:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a0"])</script><script>self.__next_f.push([1,"8-9f15-7b1cb71c3e35\",\"meta\":\"$6e\"}\n70:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"}\n71:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}\n6f:{\"related\":\"$70\",\"self\":\"$71\"}\n6c:{\"data\":\"$6d\",\"links\":\"$6f\"}\n74:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"}\n75:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}\n73:{\"related\":\"$74\",\"self\":\"$75\"}\n72:{\"data\":null,\"links\":\"$73\"}\n7c:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n7b:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$7c\"}\n7a:{\"help\":\"$7b\"}\n79:{\"links\":\"$7a\"}\n78:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$79\"}\n77:[\"$78\"]\n7e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"}\n7f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}\n7d:{\"related\":\"$7e\",\"self\":\"$7f\"}\n76:{\"data\":\"$77\",\"links\":\"$7d\"}\n6b:{\"vid\":\"$6c\",\"revision_user\":\"$72\",\"parent\":\"$76\"}\n66:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":\"$67\",\"attributes\":\"$69\",\"relationships\":\"$6b\"}\n82:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}\n81:{\"self\":\"$82\"}\n84:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n83:{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affe"])</script><script>self.__next_f.push([1,"cted\":true,\"path\":\"$84\"}\n88:{\"drupal_internal__target_id\":\"roles\"}\n87:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$88\"}\n8a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"}\n8b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}\n89:{\"related\":\"$8a\",\"self\":\"$8b\"}\n86:{\"data\":\"$87\",\"links\":\"$89\"}\n8e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"}\n8f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}\n8d:{\"related\":\"$8e\",\"self\":\"$8f\"}\n8c:{\"data\":null,\"links\":\"$8d\"}\n96:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n95:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$96\"}\n94:{\"help\":\"$95\"}\n93:{\"links\":\"$94\"}\n92:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$93\"}\n91:[\"$92\"]\n98:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"}\n99:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}\n97:{\"related\":\"$98\",\"self\":\"$99\"}\n90:{\"data\":\"$91\",\"links\":\"$97\"}\n85:{\"vid\":\"$86\",\"revision_user\":\"$8c\",\"parent\":\"$90\"}\n80:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":\"$81\",\"attributes\":\"$83\",\"relationships\":\"$85\"}\n9c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e?resourceVersion=id%3A71\"}\n9b:{\"self\":\"$9c\"}\n9e:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n9d:{\"drupal_internal__tid\":71,\"drupal_internal__revision_id\":71,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:42+00:00\",\"status\":true,\"name\":"])</script><script>self.__next_f.push([1,"\"System Teams\",\"description\":null,\"weight\":0,\"changed\":\"2024-08-02T21:29:47+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$9e\"}\na2:{\"drupal_internal__target_id\":\"roles\"}\na1:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$a2\"}\na4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/vid?resourceVersion=id%3A71\"}\na5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/vid?resourceVersion=id%3A71\"}\na3:{\"related\":\"$a4\",\"self\":\"$a5\"}\na0:{\"data\":\"$a1\",\"links\":\"$a3\"}\na8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/revision_user?resourceVersion=id%3A71\"}\na9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/revision_user?resourceVersion=id%3A71\"}\na7:{\"related\":\"$a8\",\"self\":\"$a9\"}\na6:{\"data\":null,\"links\":\"$a7\"}\nb0:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\naf:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$b0\"}\nae:{\"help\":\"$af\"}\nad:{\"links\":\"$ae\"}\nac:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$ad\"}\nab:[\"$ac\"]\nb2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/parent?resourceVersion=id%3A71\"}\nb3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/parent?resourceVersion=id%3A71\"}\nb1:{\"related\":\"$b2\",\"self\":\"$b3\"}\naa:{\"data\":\"$ab\",\"links\":\"$b1\"}\n9f:{\"vid\":\"$a0\",\"revision_user\":\"$a6\",\"parent\":\"$aa\"}\n9a:{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"links\":\"$9b\",\"attributes\":\"$9d\",\"relationships\":\"$9f\"}\nb6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305?resourceVersion=id%3A36\"}\nb5:{\"self\":\"$b6\"}\nb8:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\nb7:{\"drupal_in"])</script><script>self.__next_f.push([1,"ternal__tid\":36,\"drupal_internal__revision_id\":36,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:55+00:00\",\"status\":true,\"name\":\"Risk Management \u0026 Reporting\",\"description\":null,\"weight\":5,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$b8\"}\nbc:{\"drupal_internal__target_id\":\"topics\"}\nbb:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$bc\"}\nbe:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/vid?resourceVersion=id%3A36\"}\nbf:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/vid?resourceVersion=id%3A36\"}\nbd:{\"related\":\"$be\",\"self\":\"$bf\"}\nba:{\"data\":\"$bb\",\"links\":\"$bd\"}\nc2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/revision_user?resourceVersion=id%3A36\"}\nc3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/revision_user?resourceVersion=id%3A36\"}\nc1:{\"related\":\"$c2\",\"self\":\"$c3\"}\nc0:{\"data\":null,\"links\":\"$c1\"}\nca:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\nc9:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$ca\"}\nc8:{\"help\":\"$c9\"}\nc7:{\"links\":\"$c8\"}\nc6:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$c7\"}\nc5:[\"$c6\"]\ncc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/parent?resourceVersion=id%3A36\"}\ncd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/parent?resourceVersion=id%3A36\"}\ncb:{\"related\":\"$cc\",\"self\":\"$cd\"}\nc4:{\"data\":\"$c5\",\"links\":\"$cb\"}\nb9:{\"vid\":\"$ba\",\"revision_user\":\"$c0\",\"parent\":\"$c4\"}\nb4:{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"links\":\"$b5\",\"attributes\":\"$b7\",\"relationships\":\"$b9\"}\nd0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/tax"])</script><script>self.__next_f.push([1,"onomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e?resourceVersion=id%3A11\"}\ncf:{\"self\":\"$d0\"}\nd2:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\nd1:{\"drupal_internal__tid\":11,\"drupal_internal__revision_id\":11,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:12+00:00\",\"status\":true,\"name\":\"System Authorization\",\"description\":null,\"weight\":7,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$d2\"}\nd6:{\"drupal_internal__target_id\":\"topics\"}\nd5:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$d6\"}\nd8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/vid?resourceVersion=id%3A11\"}\nd9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/vid?resourceVersion=id%3A11\"}\nd7:{\"related\":\"$d8\",\"self\":\"$d9\"}\nd4:{\"data\":\"$d5\",\"links\":\"$d7\"}\ndc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/revision_user?resourceVersion=id%3A11\"}\ndd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/revision_user?resourceVersion=id%3A11\"}\ndb:{\"related\":\"$dc\",\"self\":\"$dd\"}\nda:{\"data\":null,\"links\":\"$db\"}\ne4:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\ne3:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$e4\"}\ne2:{\"help\":\"$e3\"}\ne1:{\"links\":\"$e2\"}\ne0:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$e1\"}\ndf:[\"$e0\"]\ne6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/parent?resourceVersion=id%3A11\"}\ne7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/parent?resourceVersion=id%3A11\"}\ne5:{\"related\":\"$e6\",\"self\":\"$e7\"}\nde:{\"data\":\"$df\",\"links\":\"$e5\"}\nd3:{\"vid\":\"$d4\",\"revision_user\":\"$da\",\"parent\":\"$de\"}\nce:{\"type\":\"taxonomy_term--topics"])</script><script>self.__next_f.push([1,"\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"links\":\"$cf\",\"attributes\":\"$d1\",\"relationships\":\"$d3\"}\nea:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f?resourceVersion=id%3A19655\"}\ne9:{\"self\":\"$ea\"}\nec:[]\ned:{\"value\":\"\u003ch2\u003eWhat is CFACTS?\u003c/h2\u003e\u003cp\u003e\u003ca href=\\\"https://cfacts.cms.gov/\\\"\u003eCFACTS\u003c/a\u003e stands for \u003cstrong\u003eCMS FISMA Continuous Tracking System\u003c/strong\u003e. It is a governance, risk, and compliance tool. CMS uses CFACTS across all of its systems to manage information systems security and privacy requirements. It offers a common foundation to manage policies, controls, risks, assessments, and deficiencies.\u003c/p\u003e\u003cp\u003eSenior-level management uses CFACTS reports to get a clear view of the security posture of all applications within CMS. CFACTS also helps management make better budget and resource decisions.\u003c/p\u003e\u003cp\u003eCFACTS also makes it easier for the Department of Health and Human Services and OMB to manage required quarterly security posture updates and annual assessments.\u003c/p\u003e\",\"format\":\"body_text\",\"processed\":\"\u003ch2\u003eWhat is CFACTS?\u003c/h2\u003e\u003cp\u003e\u003ca href=\\\"https://cfacts.cms.gov/\\\"\u003eCFACTS\u003c/a\u003e stands for \u003cstrong\u003eCMS FISMA Continuous Tracking System\u003c/strong\u003e. It is a governance, risk, and compliance tool. CMS uses CFACTS across all of its systems to manage information systems security and privacy requirements. It offers a common foundation to manage policies, controls, risks, assessments, and deficiencies.\u003c/p\u003e\u003cp\u003eSenior-level management uses CFACTS reports to get a clear view of the security posture of all applications within CMS. CFACTS also helps management make better budget and resource decisions.\u003c/p\u003e\u003cp\u003eCFACTS also makes it easier for the Department of Health and Human Services and OMB to manage required quarterly security posture updates and annual assessments.\u003c/p\u003e\"}\neb:{\"drupal_internal__id\":2101,\"drupal_internal__revision_id\":19655,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-16T15:24:41+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_sectio"])</script><script>self.__next_f.push([1,"n\",\"behavior_settings\":\"$ec\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$ed\"}\nf1:{\"drupal_internal__target_id\":\"page_section\"}\nf0:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$f1\"}\nf3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f/paragraph_type?resourceVersion=id%3A19655\"}\nf4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f/relationships/paragraph_type?resourceVersion=id%3A19655\"}\nf2:{\"related\":\"$f3\",\"self\":\"$f4\"}\nef:{\"data\":\"$f0\",\"links\":\"$f2\"}\nf7:{\"target_revision_id\":19654,\"drupal_internal__target_id\":2096}\nf6:{\"type\":\"paragraph--call_out_box\",\"id\":\"0133f338-f61a-45ab-8fd5-600be40c30d4\",\"meta\":\"$f7\"}\nf9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f/field_specialty_item?resourceVersion=id%3A19655\"}\nfa:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f/relationships/field_specialty_item?resourceVersion=id%3A19655\"}\nf8:{\"related\":\"$f9\",\"self\":\"$fa\"}\nf5:{\"data\":\"$f6\",\"links\":\"$f8\"}\nee:{\"paragraph_type\":\"$ef\",\"field_specialty_item\":\"$f5\"}\ne8:{\"type\":\"paragraph--page_section\",\"id\":\"963db416-cca0-421d-8c3e-40c8e2ce190f\",\"links\":\"$e9\",\"attributes\":\"$eb\",\"relationships\":\"$ee\"}\nfd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563?resourceVersion=id%3A19660\"}\nfc:{\"self\":\"$fd\"}\nff:[]\n101:T7de,\u003ch2\u003eWhen do I use CFACTS?\u003c/h2\u003e\u003cp\u003eAs teams pursue \u003ca href=\"https://security.cms.gov/learn/authorization-operate-ato\"\u003eAuthorization to Operate (ATO)\u003c/a\u003e for their system, they store the related artifacts in CFACTS.\u003c/p\u003e\u003cp\u003eIf you are an ISSO (\u003ca href=\"https://security.cms.gov/ispg/information-system-security-officer-isso\"\u003eInformation System Security Officer\u003c/a\u003e), System or Business Owner, or CRA (\u003ca href=\"https://security.cms.gov/ispg/cyber-risk-advisor-cra\"\u003eCyber Risk Advisor\u003c/a\u003e), "])</script><script>self.__next_f.push([1,"you are responsible for both overall \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFISMA\u003c/a\u003e system compliance efforts and the ATO process.\u003c/p\u003e\u003cp\u003eTeams use CFACTS to create, store, and update:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003ePOA\u0026amp;Ms (Plan of Action and Milestones)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eSSPPs (System Security and Privacy Plan)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-contingency-plan-exercise-handbook\"\u003eISCPs (Information System Contingency Plans)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003ePIAs (Privacy Impact Assessment)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eCFACTS requirements\u003c/h2\u003e\u003ch3\u003eBrowsers\u003c/h3\u003e\u003cp\u003eAs a website, CFACTS is accessible using standard web browsers. The CFACTS Team recommends using Google Chrome and Microsoft Edge.\u003c/p\u003e\u003ch3\u003eGetting CFACTS access\u003c/h3\u003e\u003cp\u003eCFACTS uses two environments: \u003cstrong\u003eProduction\u003c/strong\u003e and \u003cstrong\u003eValidation\u003c/strong\u003e.\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe Production environment is used to submit artifacts and work in real-time. This is the live, active version of CFACTS, and the one you should use for your application tracking work.\u003c/li\u003e\u003cli\u003eThe Validation environment is used for testing and training. It is not the correct environment for actual record tracking.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo access CFACTS, you must go through all of the following steps.\u003c/p\u003e102:T7de,\u003ch2\u003eWhen do I use CFACTS?\u003c/h2\u003e\u003cp\u003eAs teams pursue \u003ca href=\"https://security.cms.gov/learn/authorization-operate-ato\"\u003eAuthorization to Operate (ATO)\u003c/a\u003e for their system, they store the related artifacts in CFACTS.\u003c/p\u003e\u003cp\u003eIf you are an ISSO (\u003ca href=\"https://security.cms.gov/ispg/information-system-security-officer-isso\"\u003eInformation System Security Officer\u003c/a\u003e), System or Business Owner, or CRA (\u003ca href=\"https://security.cms.gov/ispg/cyber-risk-advisor-cra\"\u003eCyber Risk Advisor\u003c/a\u003e), you are responsible for b"])</script><script>self.__next_f.push([1,"oth overall \u003ca href=\"https://security.cms.gov/learn/federal-information-security-modernization-act-fisma\"\u003eFISMA\u003c/a\u003e system compliance efforts and the ATO process.\u003c/p\u003e\u003cp\u003eTeams use CFACTS to create, store, and update:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003ePOA\u0026amp;Ms (Plan of Action and Milestones)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-plan-action-and-milestones-poam-handbook\"\u003eSSPPs (System Security and Privacy Plan)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/policy-guidance/cms-contingency-plan-exercise-handbook\"\u003eISCPs (Information System Contingency Plans)\u003c/a\u003e\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://security.cms.gov/learn/privacy-impact-assessment-pia\"\u003ePIAs (Privacy Impact Assessment)\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eCFACTS requirements\u003c/h2\u003e\u003ch3\u003eBrowsers\u003c/h3\u003e\u003cp\u003eAs a website, CFACTS is accessible using standard web browsers. The CFACTS Team recommends using Google Chrome and Microsoft Edge.\u003c/p\u003e\u003ch3\u003eGetting CFACTS access\u003c/h3\u003e\u003cp\u003eCFACTS uses two environments: \u003cstrong\u003eProduction\u003c/strong\u003e and \u003cstrong\u003eValidation\u003c/strong\u003e.\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe Production environment is used to submit artifacts and work in real-time. This is the live, active version of CFACTS, and the one you should use for your application tracking work.\u003c/li\u003e\u003cli\u003eThe Validation environment is used for testing and training. It is not the correct environment for actual record tracking.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eTo access CFACTS, you must go through all of the following steps.\u003c/p\u003e100:{\"value\":\"$101\",\"format\":\"body_text\",\"processed\":\"$102\"}\nfe:{\"drupal_internal__id\":446,\"drupal_internal__revision_id\":19660,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-02T14:52:52+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$ff\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$100\"}\n106:{\"drupal_internal__target_id\":\"page_section\"}\n105:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$106"])</script><script>self.__next_f.push([1,"\"}\n108:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563/paragraph_type?resourceVersion=id%3A19660\"}\n109:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563/relationships/paragraph_type?resourceVersion=id%3A19660\"}\n107:{\"related\":\"$108\",\"self\":\"$109\"}\n104:{\"data\":\"$105\",\"links\":\"$107\"}\n10c:{\"target_revision_id\":19659,\"drupal_internal__target_id\":3563}\n10b:{\"type\":\"paragraph--process_list\",\"id\":\"8243dd59-39ab-4e89-984a-6c14b074e237\",\"meta\":\"$10c\"}\n10e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563/field_specialty_item?resourceVersion=id%3A19660\"}\n10f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563/relationships/field_specialty_item?resourceVersion=id%3A19660\"}\n10d:{\"related\":\"$10e\",\"self\":\"$10f\"}\n10a:{\"data\":\"$10b\",\"links\":\"$10d\"}\n103:{\"paragraph_type\":\"$104\",\"field_specialty_item\":\"$10a\"}\nfb:{\"type\":\"paragraph--page_section\",\"id\":\"9b87eb1d-cb43-472b-9b5b-8618d2688563\",\"links\":\"$fc\",\"attributes\":\"$fe\",\"relationships\":\"$103\"}\n112:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933?resourceVersion=id%3A19666\"}\n111:{\"self\":\"$112\"}\n114:[]\n116:T524,\u003ch3\u003eCFACTS Training\u003c/h3\u003e\u003cp\u003eCFACTS Training is available in the \u003ca href=\"https://cms-lms.usalearning.net/course/index.php\"\u003eCMS Learning Management System\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eOnce you log in, you can access \u003ca href=\"https://cms-lms.usalearning.net/course/search.php?search=cfacts\"\u003eCFACTS training\u003c/a\u003e and other relevant courses.\u003c/p\u003e\u003cp\u003eYou will need an EUA login.\u003c/p\u003e\u003ch3\u003eUsing CFACTS\u003c/h3\u003e\u003cp\u003eOnce you complete your training, your Production job code is approved, the role is assigned to your user account, and the ISSO has added you to systems, you should have correct access to CFACTS. The timeline depends on your approvers. Its typical for this to be done within 10 days, if everyone involved in the process is prepared.\u003c/p\u003e\u003cp\u003eIf "])</script><script>self.__next_f.push([1,"youre a contractor, youll have access once your ISSO adds you as an ISSOCS (ISSO Contractor Support) stakeholder for each system.\u003c/p\u003e\u003cp\u003eIf you have questions about timing, contact the Help Desk.\u003c/p\u003e\u003ch3\u003eCFACTS for ISSOs\u003c/h3\u003e\u003ch4\u003eGiving access to systems\u003c/h4\u003e\u003cp\u003eIf youre an ISSO and need your contractors to have access to a CFACTS information system, have them complete their CFACTS training, and make sure they have an individual account in CFACTS.\u003c/p\u003e\u003cp\u003eOnce the contractor has an account, you must assign them to the information systems you want them to access.\u003c/p\u003e\u003cp\u003eTo do this:\u003c/p\u003e117:T524,\u003ch3\u003eCFACTS Training\u003c/h3\u003e\u003cp\u003eCFACTS Training is available in the \u003ca href=\"https://cms-lms.usalearning.net/course/index.php\"\u003eCMS Learning Management System\u003c/a\u003e.\u003c/p\u003e\u003cp\u003eOnce you log in, you can access \u003ca href=\"https://cms-lms.usalearning.net/course/search.php?search=cfacts\"\u003eCFACTS training\u003c/a\u003e and other relevant courses.\u003c/p\u003e\u003cp\u003eYou will need an EUA login.\u003c/p\u003e\u003ch3\u003eUsing CFACTS\u003c/h3\u003e\u003cp\u003eOnce you complete your training, your Production job code is approved, the role is assigned to your user account, and the ISSO has added you to systems, you should have correct access to CFACTS. The timeline depends on your approvers. Its typical for this to be done within 10 days, if everyone involved in the process is prepared.\u003c/p\u003e\u003cp\u003eIf youre a contractor, youll have access once your ISSO adds you as an ISSOCS (ISSO Contractor Support) stakeholder for each system.\u003c/p\u003e\u003cp\u003eIf you have questions about timing, contact the Help Desk.\u003c/p\u003e\u003ch3\u003eCFACTS for ISSOs\u003c/h3\u003e\u003ch4\u003eGiving access to systems\u003c/h4\u003e\u003cp\u003eIf youre an ISSO and need your contractors to have access to a CFACTS information system, have them complete their CFACTS training, and make sure they have an individual account in CFACTS.\u003c/p\u003e\u003cp\u003eOnce the contractor has an account, you must assign them to the information systems you want them to access.\u003c/p\u003e\u003cp\u003eTo do this:\u003c/p\u003e115:{\"value\":\"$116\",\"format\":\"body_text\",\"processed\":\"$117\"}\n113:{\"drupal_internal__id\":1781,\"drupal_internal__revision_id\":19666,"])</script><script>self.__next_f.push([1,"\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:49:36+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$114\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$115\"}\n11b:{\"drupal_internal__target_id\":\"page_section\"}\n11a:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$11b\"}\n11d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933/paragraph_type?resourceVersion=id%3A19666\"}\n11e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933/relationships/paragraph_type?resourceVersion=id%3A19666\"}\n11c:{\"related\":\"$11d\",\"self\":\"$11e\"}\n119:{\"data\":\"$11a\",\"links\":\"$11c\"}\n121:{\"target_revision_id\":19665,\"drupal_internal__target_id\":3568}\n120:{\"type\":\"paragraph--process_list\",\"id\":\"380f7345-d826-49bf-99a2-ae0eb21201c8\",\"meta\":\"$121\"}\n123:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933/field_specialty_item?resourceVersion=id%3A19666\"}\n124:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933/relationships/field_specialty_item?resourceVersion=id%3A19666\"}\n122:{\"related\":\"$123\",\"self\":\"$124\"}\n11f:{\"data\":\"$120\",\"links\":\"$122\"}\n118:{\"paragraph_type\":\"$119\",\"field_specialty_item\":\"$11f\"}\n110:{\"type\":\"paragraph--page_section\",\"id\":\"122a8de9-c38d-492b-bc93-b43b270f2933\",\"links\":\"$111\",\"attributes\":\"$113\",\"relationships\":\"$118\"}\n127:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb?resourceVersion=id%3A19667\"}\n126:{\"self\":\"$127\"}\n129:[]\n12b:T1805,"])</script><script>self.__next_f.push([1,"\u003ch4\u003eISSO Group vs ISSO Role\u003c/h4\u003e\u003cp\u003eTo access systems in CFACTS, users need two types of access:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eGroup access\u003c/strong\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eRole access\u003c/strong\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eA user must be assigned to a group first, before they can be assigned to a role.\u003c/p\u003e\u003cp\u003eBefore an ISSO can be assigned to the ISSO Role in a CFACTS system, the ISPG Admin must assign them to the ISSO Group. Groups first, then Roles.\u003c/p\u003e\u003cp\u003eThe ISPG Admin adds users to groups. Groups determine which systems a user can be assigned to in CFACTS. For example, a user assigned to a contractor group cannot be assigned as a systems business owner or CRA.\u003c/p\u003e\u003ch4\u003eISSO vs ISSOCS roles\u003c/h4\u003e\u003cp\u003eAn ISSOCS has most of the same privileges as an ISSO in a CFACTS Authorization Package.\u003c/p\u003e\u003cp\u003eThere are two differences:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOnly the ISSO can add users to the Stakeholders section on the General tab\u003c/li\u003e\u003cli\u003eOnly the ISSO can mark a Package as Approved to Begin Assessment on the Authorization tab\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eOnly federal employees can be assigned as ISSOs, or as SDMs (System Developer Maintainer). Contractors who do system development and maintenance will be assigned to the ISSOCS stakeholder role.\u003c/p\u003e\u003ch3\u003eTroubleshooting\u003c/h3\u003e\u003ch4\u003eCFACTS Help Desk\u003c/h4\u003e\u003cp\u003eIf you have problems after getting access, you can \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003econtact the CFACTS Help Desk using the CFACTS Support Portal\u003c/a\u003e (login required).\u003c/p\u003e\u003ch4\u003eMissing information systems\u003c/h4\u003e\u003cp\u003eMake sure you have the correct approved EUA job codes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eCFACTS_USER_PRD for Production\u003c/li\u003e\u003cli\u003eCFACTS_USER_IMP for Validation\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf you have the correct job code and can log in, but dont see an information system in your profile, that systems ISSO may need to add you as a stakeholder. Check with your ISSO.\u003c/p\u003e\u003cp\u003eIf you have the correct approved job code yet cant access CFACTS, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e.\u003c/p\u003e\u003ch4\u003eMissing rights or permissions\u003c/h4\u003e\u003cp\u003eA user with the correct job code can access the CFACTS landing page, but default permissions will cause many links on the page to fail.\u003c/p\u003e\u003cp\u003eIf you click a link and get an error message about rights or permissions, you likely have the correct job code, but have not been assigned to the correct group.\u003c/p\u003e\u003cp\u003eTo fix this, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e and ask to have your account assigned to the correct group.\u003c/p\u003e\u003ch4\u003eRecovering deleted records\u003c/h4\u003e\u003cp\u003eYou can not automatically recover a specific record.\u003c/p\u003e\u003cp\u003eThe CFACTS servers are periodically backed up, but there is no mechanism that allows for recovery of specific records or fields.\u003c/p\u003e\u003cp\u003eHowever, CFACTS does maintain a history log. You might be able to use it to determine previous values for specific records or fields, then re-enter the values manually.\u003c/p\u003e\u003cp\u003eBe sure about what youre deleting before you delete it!\u003c/p\u003e\u003ch4\u003eAccess errors\u003c/h4\u003e\u003cp\u003eIf you are trying to log in to CFACTS and getting a 401 access error, there are several ways you can try to fix the problem on your end.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eDouble check the URL youre using\u003c/strong\u003e. The 401 error can appear because the URL was mistyped, or the link points to the wrong URL—one for authorized users only.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReload the page.\u003c/strong\u003e Sometimes closing the page and reopening it is enough to fix the 401 error.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDelete your browser's cache.\u003c/strong\u003e There might be invalid login information stored locally in your browser that causing the 401 error. Clearing the cache will remove problems in those files and give the page an opportunity to download fresh files directly from the server.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf those options do not fix the problem, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e or ask in the \u003ca href=\"https://cmsgov.enterprise.slack.com/archives/C020XM4RFTK\"\u003e#cfacts_community channel\u003c/a\u003e in the CMS Slack workspace.\u003c/p\u003e\u003ch4\u003eClearing browsing data\u003c/h4\u003e\u003cp\u003eIf you need to clear cookies or other browsing data to troubleshoot CFACTS access, use your browsers help menu or other documentation to find the correct procedure. Different browsers do things differently.\u003c/p\u003e\u003ch2\u003eCFACTS FAQs\u003c/h2\u003e\u003ch3\u003eInheriting controls\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eAs a control inheritor, is there a way to select all the inheritable controls from a provider at once?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eHowever, each provider— such as the Office of the Chief Information Security Officer (OCISO), data centers such as the Baltimore Data Center (BDC), or cloud service providers such as Amazon Web Services (AWS)— will be expected to provide a list of inheritable controls they will provide. A control element provider list can also be found on the CFACTS Artifacts page.\u003c/p\u003e\u003cp\u003eIf your system inherits controls from a provider, you should reach out to that provider for their list of inheritable controls or refer to the control element provider list on the CFACTS Artifacts page.\u003c/p\u003e\u003ch4\u003eFixing incorrect controls\u003c/h4\u003e\u003cp\u003eif you have incorrectly inherited a control, to switch your Allocation Status from “Inherited” back to “Allocated” or “Not Applicable,” you must delete the existing “Control to Inherit.”\u003c/p\u003e\u003cp\u003eTo do this, put the Control record into Edit mode, and you will see a delete button—a blue circle with a white X—on the right-hand side of the Control to Inherit row.\u003c/p\u003e\u003cp\u003eClick this delete button and then choose the required Allocation Status.\u003c/p\u003e\u003ch4\u003eSSPP not showing details\u003c/h4\u003e\u003cp\u003eOnly private implementation details for an allocated control will be shown in the SSPP.\u003c/p\u003e\u003cp\u003eIf details are entered in the Shared Implementation detail field for an allocated control, they will not be reflected within the SSPP.\u003c/p\u003e\u003cp\u003eThe information provided under the Shared Implementation detail will be reflected in the SSPP of the package that inherits this control. You only need to provide shared implementation details if you are making your control inheritable, so that other authorization packages can inherit it.\u003c/p\u003e"])</script><script>self.__next_f.push([1,"12c:T1805,"])</script><script>self.__next_f.push([1,"\u003ch4\u003eISSO Group vs ISSO Role\u003c/h4\u003e\u003cp\u003eTo access systems in CFACTS, users need two types of access:\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cstrong\u003eGroup access\u003c/strong\u003e\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eRole access\u003c/strong\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003eA user must be assigned to a group first, before they can be assigned to a role.\u003c/p\u003e\u003cp\u003eBefore an ISSO can be assigned to the ISSO Role in a CFACTS system, the ISPG Admin must assign them to the ISSO Group. Groups first, then Roles.\u003c/p\u003e\u003cp\u003eThe ISPG Admin adds users to groups. Groups determine which systems a user can be assigned to in CFACTS. For example, a user assigned to a contractor group cannot be assigned as a systems business owner or CRA.\u003c/p\u003e\u003ch4\u003eISSO vs ISSOCS roles\u003c/h4\u003e\u003cp\u003eAn ISSOCS has most of the same privileges as an ISSO in a CFACTS Authorization Package.\u003c/p\u003e\u003cp\u003eThere are two differences:\u003c/p\u003e\u003cul\u003e\u003cli\u003eOnly the ISSO can add users to the Stakeholders section on the General tab\u003c/li\u003e\u003cli\u003eOnly the ISSO can mark a Package as Approved to Begin Assessment on the Authorization tab\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eOnly federal employees can be assigned as ISSOs, or as SDMs (System Developer Maintainer). Contractors who do system development and maintenance will be assigned to the ISSOCS stakeholder role.\u003c/p\u003e\u003ch3\u003eTroubleshooting\u003c/h3\u003e\u003ch4\u003eCFACTS Help Desk\u003c/h4\u003e\u003cp\u003eIf you have problems after getting access, you can \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003econtact the CFACTS Help Desk using the CFACTS Support Portal\u003c/a\u003e (login required).\u003c/p\u003e\u003ch4\u003eMissing information systems\u003c/h4\u003e\u003cp\u003eMake sure you have the correct approved EUA job codes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eCFACTS_USER_PRD for Production\u003c/li\u003e\u003cli\u003eCFACTS_USER_IMP for Validation\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf you have the correct job code and can log in, but dont see an information system in your profile, that systems ISSO may need to add you as a stakeholder. Check with your ISSO.\u003c/p\u003e\u003cp\u003eIf you have the correct approved job code yet cant access CFACTS, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e.\u003c/p\u003e\u003ch4\u003eMissing rights or permissions\u003c/h4\u003e\u003cp\u003eA user with the correct job code can access the CFACTS landing page, but default permissions will cause many links on the page to fail.\u003c/p\u003e\u003cp\u003eIf you click a link and get an error message about rights or permissions, you likely have the correct job code, but have not been assigned to the correct group.\u003c/p\u003e\u003cp\u003eTo fix this, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e and ask to have your account assigned to the correct group.\u003c/p\u003e\u003ch4\u003eRecovering deleted records\u003c/h4\u003e\u003cp\u003eYou can not automatically recover a specific record.\u003c/p\u003e\u003cp\u003eThe CFACTS servers are periodically backed up, but there is no mechanism that allows for recovery of specific records or fields.\u003c/p\u003e\u003cp\u003eHowever, CFACTS does maintain a history log. You might be able to use it to determine previous values for specific records or fields, then re-enter the values manually.\u003c/p\u003e\u003cp\u003eBe sure about what youre deleting before you delete it!\u003c/p\u003e\u003ch4\u003eAccess errors\u003c/h4\u003e\u003cp\u003eIf you are trying to log in to CFACTS and getting a 401 access error, there are several ways you can try to fix the problem on your end.\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eDouble check the URL youre using\u003c/strong\u003e. The 401 error can appear because the URL was mistyped, or the link points to the wrong URL—one for authorized users only.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReload the page.\u003c/strong\u003e Sometimes closing the page and reopening it is enough to fix the 401 error.\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eDelete your browser's cache.\u003c/strong\u003e There might be invalid login information stored locally in your browser that causing the 401 error. Clearing the cache will remove problems in those files and give the page an opportunity to download fresh files directly from the server.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf those options do not fix the problem, \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\"\u003esubmit a ticket through the support portal\u003c/a\u003e or ask in the \u003ca href=\"https://cmsgov.enterprise.slack.com/archives/C020XM4RFTK\"\u003e#cfacts_community channel\u003c/a\u003e in the CMS Slack workspace.\u003c/p\u003e\u003ch4\u003eClearing browsing data\u003c/h4\u003e\u003cp\u003eIf you need to clear cookies or other browsing data to troubleshoot CFACTS access, use your browsers help menu or other documentation to find the correct procedure. Different browsers do things differently.\u003c/p\u003e\u003ch2\u003eCFACTS FAQs\u003c/h2\u003e\u003ch3\u003eInheriting controls\u003c/h3\u003e\u003cp\u003e\u003cstrong\u003eAs a control inheritor, is there a way to select all the inheritable controls from a provider at once?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eHowever, each provider— such as the Office of the Chief Information Security Officer (OCISO), data centers such as the Baltimore Data Center (BDC), or cloud service providers such as Amazon Web Services (AWS)— will be expected to provide a list of inheritable controls they will provide. A control element provider list can also be found on the CFACTS Artifacts page.\u003c/p\u003e\u003cp\u003eIf your system inherits controls from a provider, you should reach out to that provider for their list of inheritable controls or refer to the control element provider list on the CFACTS Artifacts page.\u003c/p\u003e\u003ch4\u003eFixing incorrect controls\u003c/h4\u003e\u003cp\u003eif you have incorrectly inherited a control, to switch your Allocation Status from “Inherited” back to “Allocated” or “Not Applicable,” you must delete the existing “Control to Inherit.”\u003c/p\u003e\u003cp\u003eTo do this, put the Control record into Edit mode, and you will see a delete button—a blue circle with a white X—on the right-hand side of the Control to Inherit row.\u003c/p\u003e\u003cp\u003eClick this delete button and then choose the required Allocation Status.\u003c/p\u003e\u003ch4\u003eSSPP not showing details\u003c/h4\u003e\u003cp\u003eOnly private implementation details for an allocated control will be shown in the SSPP.\u003c/p\u003e\u003cp\u003eIf details are entered in the Shared Implementation detail field for an allocated control, they will not be reflected within the SSPP.\u003c/p\u003e\u003cp\u003eThe information provided under the Shared Implementation detail will be reflected in the SSPP of the package that inherits this control. You only need to provide shared implementation details if you are making your control inheritable, so that other authorization packages can inherit it.\u003c/p\u003e"])</script><script>self.__next_f.push([1,"12a:{\"value\":\"$12b\",\"format\":\"body_text\",\"processed\":\"$12c\"}\n128:{\"drupal_internal__id\":3468,\"drupal_internal__revision_id\":19667,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-11-13T19:39:46+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$129\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$12a\"}\n130:{\"drupal_internal__target_id\":\"page_section\"}\n12f:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$130\"}\n132:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb/paragraph_type?resourceVersion=id%3A19667\"}\n133:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb/relationships/paragraph_type?resourceVersion=id%3A19667\"}\n131:{\"related\":\"$132\",\"self\":\"$133\"}\n12e:{\"data\":\"$12f\",\"links\":\"$131\"}\n136:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb/field_specialty_item?resourceVersion=id%3A19667\"}\n137:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb/relationships/field_specialty_item?resourceVersion=id%3A19667\"}\n135:{\"related\":\"$136\",\"self\":\"$137\"}\n134:{\"data\":null,\"links\":\"$135\"}\n12d:{\"paragraph_type\":\"$12e\",\"field_specialty_item\":\"$134\"}\n125:{\"type\":\"paragraph--page_section\",\"id\":\"594617c8-824a-4962-aa08-fdf8dd4677fb\",\"links\":\"$126\",\"attributes\":\"$128\",\"relationships\":\"$12d\"}\n13a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/0133f338-f61a-45ab-8fd5-600be40c30d4?resourceVersion=id%3A19654\"}\n139:{\"self\":\"$13a\"}\n13c:[]\n13e:[]\n13d:{\"uri\":\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\",\"title\":\"\",\"options\":\"$13e\",\"url\":\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"}\n13f:{\"value\":\"On-demand videos produced by the CFACTS team are designed to answer frequent questions and demonstrate how to use various features. "])</script><script>self.__next_f.push([1,"Check out the \\\"How-To\\\" videos on the CFACTS video channel.\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eOn-demand videos produced by the CFACTS team are designed to answer frequent questions and demonstrate how to use various features. Check out the \u0026quot;How-To\u0026quot; videos on the CFACTS video channel.\u003c/p\u003e\\n\"}\n13b:{\"drupal_internal__id\":2096,\"drupal_internal__revision_id\":19654,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-16T15:27:01+00:00\",\"parent_id\":\"2101\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":\"$13c\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_call_out_link\":\"$13d\",\"field_call_out_link_text\":\"Take me to the \\\"How-To\\\" videos\",\"field_call_out_text\":\"$13f\",\"field_header\":\"CFACTS \\\"How-To\\\" videos\"}\n143:{\"drupal_internal__target_id\":\"call_out_box\"}\n142:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"a1d0a205-c6c9-4816-b701-4763d05de8e8\",\"meta\":\"$143\"}\n145:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/0133f338-f61a-45ab-8fd5-600be40c30d4/paragraph_type?resourceVersion=id%3A19654\"}\n146:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/0133f338-f61a-45ab-8fd5-600be40c30d4/relationships/paragraph_type?resourceVersion=id%3A19654\"}\n144:{\"related\":\"$145\",\"self\":\"$146\"}\n141:{\"data\":\"$142\",\"links\":\"$144\"}\n140:{\"paragraph_type\":\"$141\"}\n138:{\"type\":\"paragraph--call_out_box\",\"id\":\"0133f338-f61a-45ab-8fd5-600be40c30d4\",\"links\":\"$139\",\"attributes\":\"$13b\",\"relationships\":\"$140\"}\n149:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237?resourceVersion=id%3A19659\"}\n148:{\"self\":\"$149\"}\n14b:[]\n14a:{\"drupal_internal__id\":3563,\"drupal_internal__revision_id\":19659,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:29:59+00:00\",\"parent_id\":\"446\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":\"$14b\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_process_list_conclusion\":null}\n14f:{\"drupal_internal__target_id\":\""])</script><script>self.__next_f.push([1,"process_list\"}\n14e:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"8a1fa202-0dc7-4f58-9b3d-7f9c44c9a9c8\",\"meta\":\"$14f\"}\n151:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237/paragraph_type?resourceVersion=id%3A19659\"}\n152:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237/relationships/paragraph_type?resourceVersion=id%3A19659\"}\n150:{\"related\":\"$151\",\"self\":\"$152\"}\n14d:{\"data\":\"$14e\",\"links\":\"$150\"}\n156:{\"target_revision_id\":19656,\"drupal_internal__target_id\":3560}\n155:{\"type\":\"paragraph--process_list_item\",\"id\":\"d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a\",\"meta\":\"$156\"}\n158:{\"target_revision_id\":19657,\"drupal_internal__target_id\":3561}\n157:{\"type\":\"paragraph--process_list_item\",\"id\":\"39004fd8-5d09-4cea-b000-0e15d4e88e98\",\"meta\":\"$158\"}\n15a:{\"target_revision_id\":19658,\"drupal_internal__target_id\":3562}\n159:{\"type\":\"paragraph--process_list_item\",\"id\":\"260bc118-0b34-41b0-af66-080d25593510\",\"meta\":\"$15a\"}\n154:[\"$155\",\"$157\",\"$159\"]\n15c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237/field_process_list_item?resourceVersion=id%3A19659\"}\n15d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237/relationships/field_process_list_item?resourceVersion=id%3A19659\"}\n15b:{\"related\":\"$15c\",\"self\":\"$15d\"}\n153:{\"data\":\"$154\",\"links\":\"$15b\"}\n14c:{\"paragraph_type\":\"$14d\",\"field_process_list_item\":\"$153\"}\n147:{\"type\":\"paragraph--process_list\",\"id\":\"8243dd59-39ab-4e89-984a-6c14b074e237\",\"links\":\"$148\",\"attributes\":\"$14a\",\"relationships\":\"$14c\"}\n160:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8?resourceVersion=id%3A19665\"}\n15f:{\"self\":\"$160\"}\n162:[]\n161:{\"drupal_internal__id\":3568,\"drupal_internal__revision_id\":19665,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:34:54+00:00\",\"parent_id\":\"1781\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavi"])</script><script>self.__next_f.push([1,"or_settings\":\"$162\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_process_list_conclusion\":null}\n166:{\"drupal_internal__target_id\":\"process_list\"}\n165:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"8a1fa202-0dc7-4f58-9b3d-7f9c44c9a9c8\",\"meta\":\"$166\"}\n168:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8/paragraph_type?resourceVersion=id%3A19665\"}\n169:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8/relationships/paragraph_type?resourceVersion=id%3A19665\"}\n167:{\"related\":\"$168\",\"self\":\"$169\"}\n164:{\"data\":\"$165\",\"links\":\"$167\"}\n16d:{\"target_revision_id\":19661,\"drupal_internal__target_id\":3564}\n16c:{\"type\":\"paragraph--process_list_item\",\"id\":\"e2ea1624-befd-40f7-b4d2-e336b60fd82c\",\"meta\":\"$16d\"}\n16f:{\"target_revision_id\":19662,\"drupal_internal__target_id\":3565}\n16e:{\"type\":\"paragraph--process_list_item\",\"id\":\"f3145901-0b26-454d-a708-3d85141d4527\",\"meta\":\"$16f\"}\n171:{\"target_revision_id\":19663,\"drupal_internal__target_id\":3566}\n170:{\"type\":\"paragraph--process_list_item\",\"id\":\"f53da9a8-5f61-4922-8eb4-ba5614f3d423\",\"meta\":\"$171\"}\n173:{\"target_revision_id\":19664,\"drupal_internal__target_id\":3567}\n172:{\"type\":\"paragraph--process_list_item\",\"id\":\"f7c40251-d8ba-48ff-88aa-848ffa5f12d8\",\"meta\":\"$173\"}\n16b:[\"$16c\",\"$16e\",\"$170\",\"$172\"]\n175:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8/field_process_list_item?resourceVersion=id%3A19665\"}\n176:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8/relationships/field_process_list_item?resourceVersion=id%3A19665\"}\n174:{\"related\":\"$175\",\"self\":\"$176\"}\n16a:{\"data\":\"$16b\",\"links\":\"$174\"}\n163:{\"paragraph_type\":\"$164\",\"field_process_list_item\":\"$16a\"}\n15e:{\"type\":\"paragraph--process_list\",\"id\":\"380f7345-d826-49bf-99a2-ae0eb21201c8\",\"links\":\"$15f\",\"attributes\":\"$161\",\"relationships\":\"$163\"}\n179:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_"])</script><script>self.__next_f.push([1,"list_item/d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a?resourceVersion=id%3A19656\"}\n178:{\"self\":\"$179\"}\n17b:[]\n17c:{\"value\":\"\u003col\u003e\u003cli\u003eLog in to your \u003ca href=\\\"https://eua.cms.gov/\\\"\u003eEUA account\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eRequest the 'CFACTS_USER_PRD' job code for the Production environment\u003c/li\u003e\u003cli\u003eRequest the 'CFACTS_USER_IMP' job code the Validation environment.\u003c/li\u003e\u003c/ol\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003col\u003e\u003cli\u003eLog in to your \u003ca href=\\\"https://eua.cms.gov/\\\"\u003eEUA account\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eRequest the 'CFACTS_USER_PRD' job code for the Production environment\u003c/li\u003e\u003cli\u003eRequest the 'CFACTS_USER_IMP' job code the Validation environment.\u003c/li\u003e\u003c/ol\u003e\"}\n17a:{\"drupal_internal__id\":3560,\"drupal_internal__revision_id\":19656,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:29:59+00:00\",\"parent_id\":\"3563\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$17b\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$17c\",\"field_list_item_title\":\"Request job codes\"}\n180:{\"drupal_internal__target_id\":\"process_list_item\"}\n17f:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$180\"}\n182:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a/paragraph_type?resourceVersion=id%3A19656\"}\n183:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a/relationships/paragraph_type?resourceVersion=id%3A19656\"}\n181:{\"related\":\"$182\",\"self\":\"$183\"}\n17e:{\"data\":\"$17f\",\"links\":\"$181\"}\n17d:{\"paragraph_type\":\"$17e\"}\n177:{\"type\":\"paragraph--process_list_item\",\"id\":\"d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a\",\"links\":\"$178\",\"attributes\":\"$17a\",\"relationships\":\"$17d\"}\n186:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/39004fd8-5d09-4cea-b000-0e15d4e88e98?resourceVersion=id%3A19657\"}\n185:{\"self\":\"$186\"}\n188:[]\n189:{\"value\":\"\u003cp dir=\\\"ltr\\\"\u003eThe EUA First and Second Approvers must approve your requests.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe ISSO or"])</script><script>self.__next_f.push([1," ISSO contractor will send an email to\u0026nbsp;\u003ca href=\\\"mailto:CISO@cms.hhs.gov\\\"\u003eCISO@cms.hhs.gov\u003c/a\u003e for final approval.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp dir=\\\"ltr\\\"\u003eThe EUA First and Second Approvers must approve your requests.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe ISSO or ISSO contractor will send an email to\u0026nbsp;\u003ca href=\\\"mailto:CISO@cms.hhs.gov\\\"\u003eCISO@cms.hhs.gov\u003c/a\u003e for final approval.\u003c/p\u003e\"}\n187:{\"drupal_internal__id\":3561,\"drupal_internal__revision_id\":19657,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:31:02+00:00\",\"parent_id\":\"3563\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$188\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$189\",\"field_list_item_title\":\"Job code requests approved\"}\n18d:{\"drupal_internal__target_id\":\"process_list_item\"}\n18c:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$18d\"}\n18f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/39004fd8-5d09-4cea-b000-0e15d4e88e98/paragraph_type?resourceVersion=id%3A19657\"}\n190:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/39004fd8-5d09-4cea-b000-0e15d4e88e98/relationships/paragraph_type?resourceVersion=id%3A19657\"}\n18e:{\"related\":\"$18f\",\"self\":\"$190\"}\n18b:{\"data\":\"$18c\",\"links\":\"$18e\"}\n18a:{\"paragraph_type\":\"$18b\"}\n184:{\"type\":\"paragraph--process_list_item\",\"id\":\"39004fd8-5d09-4cea-b000-0e15d4e88e98\",\"links\":\"$185\",\"attributes\":\"$187\",\"relationships\":\"$18a\"}\n193:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/260bc118-0b34-41b0-af66-080d25593510?resourceVersion=id%3A19658\"}\n192:{\"self\":\"$193\"}\n195:[]\n196:{\"value\":\"\u003cp\u003eSystem Administrators assign you a CFACTS role and notify the ISSO that your role was assigned. The ISSO then assigns you to the correct system as a stakeholder.\u003c/p\u003e\u003cp\u003eIf needed, administrators will troubleshoot any access issues with you.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eSystem Administrators assign you a CFAC"])</script><script>self.__next_f.push([1,"TS role and notify the ISSO that your role was assigned. The ISSO then assigns you to the correct system as a stakeholder.\u003c/p\u003e\u003cp\u003eIf needed, administrators will troubleshoot any access issues with you.\u003c/p\u003e\"}\n194:{\"drupal_internal__id\":3562,\"drupal_internal__revision_id\":19658,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:31:38+00:00\",\"parent_id\":\"3563\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$195\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$196\",\"field_list_item_title\":\"System assigned\"}\n19a:{\"drupal_internal__target_id\":\"process_list_item\"}\n199:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$19a\"}\n19c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/260bc118-0b34-41b0-af66-080d25593510/paragraph_type?resourceVersion=id%3A19658\"}\n19d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/260bc118-0b34-41b0-af66-080d25593510/relationships/paragraph_type?resourceVersion=id%3A19658\"}\n19b:{\"related\":\"$19c\",\"self\":\"$19d\"}\n198:{\"data\":\"$199\",\"links\":\"$19b\"}\n197:{\"paragraph_type\":\"$198\"}\n191:{\"type\":\"paragraph--process_list_item\",\"id\":\"260bc118-0b34-41b0-af66-080d25593510\",\"links\":\"$192\",\"attributes\":\"$194\",\"relationships\":\"$197\"}\n1a0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e2ea1624-befd-40f7-b4d2-e336b60fd82c?resourceVersion=id%3A19661\"}\n19f:{\"self\":\"$1a0\"}\n1a2:[]\n1a3:{\"value\":\"\u003cp\u003eLog in to CFACTS.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eLog in to CFACTS.\u003c/p\u003e\"}\n1a1:{\"drupal_internal__id\":3564,\"drupal_internal__revision_id\":19661,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:34:54+00:00\",\"parent_id\":\"3568\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1a2\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1a3\",\"field_list_item_title\":\"Log in\"}\n1a7:{\"drupal_internal__target_id\":\"process_list_"])</script><script>self.__next_f.push([1,"item\"}\n1a6:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1a7\"}\n1a9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e2ea1624-befd-40f7-b4d2-e336b60fd82c/paragraph_type?resourceVersion=id%3A19661\"}\n1aa:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e2ea1624-befd-40f7-b4d2-e336b60fd82c/relationships/paragraph_type?resourceVersion=id%3A19661\"}\n1a8:{\"related\":\"$1a9\",\"self\":\"$1aa\"}\n1a5:{\"data\":\"$1a6\",\"links\":\"$1a8\"}\n1a4:{\"paragraph_type\":\"$1a5\"}\n19e:{\"type\":\"paragraph--process_list_item\",\"id\":\"e2ea1624-befd-40f7-b4d2-e336b60fd82c\",\"links\":\"$19f\",\"attributes\":\"$1a1\",\"relationships\":\"$1a4\"}\n1ad:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f3145901-0b26-454d-a708-3d85141d4527?resourceVersion=id%3A19662\"}\n1ac:{\"self\":\"$1ad\"}\n1af:[]\n1b0:{\"value\":\"\u003cp\u003eOpen the Assessment \u0026amp; Authorization (A\u0026amp;A) tab at the top.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eOpen the Assessment \u0026amp; Authorization (A\u0026amp;A) tab at the top.\u003c/p\u003e\"}\n1ae:{\"drupal_internal__id\":3565,\"drupal_internal__revision_id\":19662,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:35:07+00:00\",\"parent_id\":\"3568\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1af\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1b0\",\"field_list_item_title\":\"Open Assessment \u0026 Authorization (A\u0026A)\"}\n1b4:{\"drupal_internal__target_id\":\"process_list_item\"}\n1b3:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1b4\"}\n1b6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f3145901-0b26-454d-a708-3d85141d4527/paragraph_type?resourceVersion=id%3A19662\"}\n1b7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f3145901-0b26-454d-a708-3d85141d4527/relationships/paragraph_type?resourceVersion=id%3A19662\"}\n1b5:{\"related\":\"$1b6\",\"self\":\"$1b7\"}\n1b2:{\"data\":\"$1b3\",\"links\":\"$1b5\"}\n1b1:{\"paragra"])</script><script>self.__next_f.push([1,"ph_type\":\"$1b2\"}\n1ab:{\"type\":\"paragraph--process_list_item\",\"id\":\"f3145901-0b26-454d-a708-3d85141d4527\",\"links\":\"$1ac\",\"attributes\":\"$1ae\",\"relationships\":\"$1b1\"}\n1ba:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f53da9a8-5f61-4922-8eb4-ba5614f3d423?resourceVersion=id%3A19663\"}\n1b9:{\"self\":\"$1ba\"}\n1bc:[]\n1bd:{\"value\":\"\u003cp\u003eUsing the dashboard view of the A\u0026amp;A tab, find the name of the information system you want to assign the contractor to.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSelect the name to open that information system record.\u0026nbsp;\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eUsing the dashboard view of the A\u0026amp;A tab, find the name of the information system you want to assign the contractor to.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSelect the name to open that information system record.\u0026nbsp;\u003c/p\u003e\"}\n1bb:{\"drupal_internal__id\":3566,\"drupal_internal__revision_id\":19663,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:36:01+00:00\",\"parent_id\":\"3568\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1bc\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1bd\",\"field_list_item_title\":\"Find the information system\"}\n1c1:{\"drupal_internal__target_id\":\"process_list_item\"}\n1c0:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1c1\"}\n1c3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f53da9a8-5f61-4922-8eb4-ba5614f3d423/paragraph_type?resourceVersion=id%3A19663\"}\n1c4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f53da9a8-5f61-4922-8eb4-ba5614f3d423/relationships/paragraph_type?resourceVersion=id%3A19663\"}\n1c2:{\"related\":\"$1c3\",\"self\":\"$1c4\"}\n1bf:{\"data\":\"$1c0\",\"links\":\"$1c2\"}\n1be:{\"paragraph_type\":\"$1bf\"}\n1b8:{\"type\":\"paragraph--process_list_item\",\"id\":\"f53da9a8-5f61-4922-8eb4-ba5614f3d423\",\"links\":\"$1b9\",\"attributes\":\"$1bb\",\"relationships\":\"$1be\"}\n1c7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f7c40251-d8ba-48ff-88aa-848ffa5f12"])</script><script>self.__next_f.push([1,"d8?resourceVersion=id%3A19664\"}\n1c6:{\"self\":\"$1c7\"}\n1c9:[]\n1ca:{\"value\":\"\u003cp\u003eAssign the contractor to the system by entering their name into the appropriate space.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eAssign the contractor to the system by entering their name into the appropriate space.\u003c/p\u003e\"}\n1c8:{\"drupal_internal__id\":3567,\"drupal_internal__revision_id\":19664,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:37:21+00:00\",\"parent_id\":\"3568\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1c9\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1ca\",\"field_list_item_title\":\"Assign the contractor\"}\n1ce:{\"drupal_internal__target_id\":\"process_list_item\"}\n1cd:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1ce\"}\n1d0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f7c40251-d8ba-48ff-88aa-848ffa5f12d8/paragraph_type?resourceVersion=id%3A19664\"}\n1d1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f7c40251-d8ba-48ff-88aa-848ffa5f12d8/relationships/paragraph_type?resourceVersion=id%3A19664\"}\n1cf:{\"related\":\"$1d0\",\"self\":\"$1d1\"}\n1cc:{\"data\":\"$1cd\",\"links\":\"$1cf\"}\n1cb:{\"paragraph_type\":\"$1cc\"}\n1c5:{\"type\":\"paragraph--process_list_item\",\"id\":\"f7c40251-d8ba-48ff-88aa-848ffa5f12d8\",\"links\":\"$1c6\",\"attributes\":\"$1c8\",\"relationships\":\"$1cb\"}\n1d4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd?resourceVersion=id%3A19668\"}\n1d3:{\"self\":\"$1d4\"}\n1d6:[]\n1d5:{\"drupal_internal__id\":1816,\"drupal_internal__revision_id\":19668,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:57:44+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$1d6\",\"default_langcode\":true,\"revision_translation_affected\":true}\n1da:{\"drupal_internal__target_id\":\"internal_link\"}\n1d9:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700"])</script><script>self.__next_f.push([1,"ec8c17167\",\"meta\":\"$1da\"}\n1dc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd/paragraph_type?resourceVersion=id%3A19668\"}\n1dd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd/relationships/paragraph_type?resourceVersion=id%3A19668\"}\n1db:{\"related\":\"$1dc\",\"self\":\"$1dd\"}\n1d8:{\"data\":\"$1d9\",\"links\":\"$1db\"}\n1e0:{\"drupal_internal__target_id\":426}\n1df:{\"type\":\"node--explainer\",\"id\":\"fb20ba48-336f-4acc-b27a-55e07c1766df\",\"meta\":\"$1e0\"}\n1e2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd/field_link?resourceVersion=id%3A19668\"}\n1e3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd/relationships/field_link?resourceVersion=id%3A19668\"}\n1e1:{\"related\":\"$1e2\",\"self\":\"$1e3\"}\n1de:{\"data\":\"$1df\",\"links\":\"$1e1\"}\n1d7:{\"paragraph_type\":\"$1d8\",\"field_link\":\"$1de\"}\n1d2:{\"type\":\"paragraph--internal_link\",\"id\":\"76dcb171-ae0a-42ba-b330-b93b63633cdd\",\"links\":\"$1d3\",\"attributes\":\"$1d5\",\"relationships\":\"$1d7\"}\n1e6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1?resourceVersion=id%3A19669\"}\n1e5:{\"self\":\"$1e6\"}\n1e8:[]\n1e7:{\"drupal_internal__id\":1821,\"drupal_internal__revision_id\":19669,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:57:50+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$1e8\",\"default_langcode\":true,\"revision_translation_affected\":true}\n1ec:{\"drupal_internal__target_id\":\"internal_link\"}\n1eb:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$1ec\"}\n1ee:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1/paragraph_type?resourceVersion=id%3A19669\"}\n1ef:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1/relationships/paragraph_type?resource"])</script><script>self.__next_f.push([1,"Version=id%3A19669\"}\n1ed:{\"related\":\"$1ee\",\"self\":\"$1ef\"}\n1ea:{\"data\":\"$1eb\",\"links\":\"$1ed\"}\n1f2:{\"drupal_internal__target_id\":396}\n1f1:{\"type\":\"node--explainer\",\"id\":\"6586d174-482d-43d2-9d86-2f0a42dc8a81\",\"meta\":\"$1f2\"}\n1f4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1/field_link?resourceVersion=id%3A19669\"}\n1f5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1/relationships/field_link?resourceVersion=id%3A19669\"}\n1f3:{\"related\":\"$1f4\",\"self\":\"$1f5\"}\n1f0:{\"data\":\"$1f1\",\"links\":\"$1f3\"}\n1e9:{\"paragraph_type\":\"$1ea\",\"field_link\":\"$1f0\"}\n1e4:{\"type\":\"paragraph--internal_link\",\"id\":\"7f340091-9774-491a-817d-0cdfaf0c72d1\",\"links\":\"$1e5\",\"attributes\":\"$1e7\",\"relationships\":\"$1e9\"}\n1f8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1?resourceVersion=id%3A19670\"}\n1f7:{\"self\":\"$1f8\"}\n1fa:[]\n1f9:{\"drupal_internal__id\":1826,\"drupal_internal__revision_id\":19670,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:58:44+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$1fa\",\"default_langcode\":true,\"revision_translation_affected\":true}\n1fe:{\"drupal_internal__target_id\":\"internal_link\"}\n1fd:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$1fe\"}\n200:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1/paragraph_type?resourceVersion=id%3A19670\"}\n201:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1/relationships/paragraph_type?resourceVersion=id%3A19670\"}\n1ff:{\"related\":\"$200\",\"self\":\"$201\"}\n1fc:{\"data\":\"$1fd\",\"links\":\"$1ff\"}\n204:{\"drupal_internal__target_id\":666}\n203:{\"type\":\"node--explainer\",\"id\":\"e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15\",\"meta\":\"$204\"}\n206:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80"])</script><script>self.__next_f.push([1,"f1ca1/field_link?resourceVersion=id%3A19670\"}\n207:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1/relationships/field_link?resourceVersion=id%3A19670\"}\n205:{\"related\":\"$206\",\"self\":\"$207\"}\n202:{\"data\":\"$203\",\"links\":\"$205\"}\n1fb:{\"paragraph_type\":\"$1fc\",\"field_link\":\"$202\"}\n1f6:{\"type\":\"paragraph--internal_link\",\"id\":\"4b7486bb-57c5-440b-b07c-54deb80f1ca1\",\"links\":\"$1f7\",\"attributes\":\"$1f9\",\"relationships\":\"$1fb\"}\n20a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7?resourceVersion=id%3A19671\"}\n209:{\"self\":\"$20a\"}\n20c:[]\n20b:{\"drupal_internal__id\":1831,\"drupal_internal__revision_id\":19671,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:59:19+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$20c\",\"default_langcode\":true,\"revision_translation_affected\":true}\n210:{\"drupal_internal__target_id\":\"internal_link\"}\n20f:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$210\"}\n212:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7/paragraph_type?resourceVersion=id%3A19671\"}\n213:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7/relationships/paragraph_type?resourceVersion=id%3A19671\"}\n211:{\"related\":\"$212\",\"self\":\"$213\"}\n20e:{\"data\":\"$20f\",\"links\":\"$211\"}\n216:{\"drupal_internal__target_id\":201}\n215:{\"type\":\"node--explainer\",\"id\":\"a74e943d-f87d-4688-81e7-65a4013fa320\",\"meta\":\"$216\"}\n218:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7/field_link?resourceVersion=id%3A19671\"}\n219:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7/relationships/field_link?resourceVersion=id%3A19671\"}\n217:{\"related\":\"$218\",\"self\":\"$219\"}\n214:{\"data\":\"$215\",\"links\":\"$217\"}\n20d:{\"paragraph_type\":\"$20e\",\"field_link\":\""])</script><script>self.__next_f.push([1,"$214\"}\n208:{\"type\":\"paragraph--internal_link\",\"id\":\"d72a41d1-1d17-452f-9375-aea58d84e8e7\",\"links\":\"$209\",\"attributes\":\"$20b\",\"relationships\":\"$20d\"}\n21c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007?resourceVersion=id%3A19672\"}\n21b:{\"self\":\"$21c\"}\n21e:[]\n21d:{\"drupal_internal__id\":3462,\"drupal_internal__revision_id\":19672,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-10-16T13:53:28+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$21e\",\"default_langcode\":true,\"revision_translation_affected\":true}\n222:{\"drupal_internal__target_id\":\"internal_link\"}\n221:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$222\"}\n224:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007/paragraph_type?resourceVersion=id%3A19672\"}\n225:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007/relationships/paragraph_type?resourceVersion=id%3A19672\"}\n223:{\"related\":\"$224\",\"self\":\"$225\"}\n220:{\"data\":\"$221\",\"links\":\"$223\"}\n228:{\"drupal_internal__target_id\":1152}\n227:{\"type\":\"node--blog\",\"id\":\"9c778c45-d1f7-4833-8e23-aaad386c3314\",\"meta\":\"$228\"}\n22a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007/field_link?resourceVersion=id%3A19672\"}\n22b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007/relationships/field_link?resourceVersion=id%3A19672\"}\n229:{\"related\":\"$22a\",\"self\":\"$22b\"}\n226:{\"data\":\"$227\",\"links\":\"$229\"}\n21f:{\"paragraph_type\":\"$220\",\"field_link\":\"$226\"}\n21a:{\"type\":\"paragraph--internal_link\",\"id\":\"726e3057-d549-4d7d-80c7-0f4c5d5f8007\",\"links\":\"$21b\",\"attributes\":\"$21d\",\"relationships\":\"$21f\"}\n22e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7?resourceVersion=id%3A19673\"}\n22d:{\"self\":\"$22e\"}\n230:[]\n22f:{\"drupal_i"])</script><script>self.__next_f.push([1,"nternal__id\":3463,\"drupal_internal__revision_id\":19673,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-10-16T13:53:48+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$230\",\"default_langcode\":true,\"revision_translation_affected\":true}\n234:{\"drupal_internal__target_id\":\"internal_link\"}\n233:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$234\"}\n236:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7/paragraph_type?resourceVersion=id%3A19673\"}\n237:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7/relationships/paragraph_type?resourceVersion=id%3A19673\"}\n235:{\"related\":\"$236\",\"self\":\"$237\"}\n232:{\"data\":\"$233\",\"links\":\"$235\"}\n23a:{\"drupal_internal__target_id\":1139}\n239:{\"type\":\"node--blog\",\"id\":\"f601d782-a1c3-41d3-8927-5fbba258da6b\",\"meta\":\"$23a\"}\n23c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7/field_link?resourceVersion=id%3A19673\"}\n23d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7/relationships/field_link?resourceVersion=id%3A19673\"}\n23b:{\"related\":\"$23c\",\"self\":\"$23d\"}\n238:{\"data\":\"$239\",\"links\":\"$23b\"}\n231:{\"paragraph_type\":\"$232\",\"field_link\":\"$238\"}\n22c:{\"type\":\"paragraph--internal_link\",\"id\":\"dbde5fa8-5137-4df4-af83-a4330e0778c7\",\"links\":\"$22d\",\"attributes\":\"$22f\",\"relationships\":\"$231\"}\n240:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df?resourceVersion=id%3A5565\"}\n23f:{\"self\":\"$240\"}\n242:{\"alias\":\"/learn/privacy-impact-assessment-pia\",\"pid\":416,\"langcode\":\"en\"}\n243:{\"value\":\"Process that identifies and mitigates privacy risks for CMS systems regarding the use of Personally Identifiable Information (PII)\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eProcess that identifies and mitigates privacy risks for CMS systems regarding the use of Person"])</script><script>self.__next_f.push([1,"ally Identifiable Information (PII)\u003c/p\u003e\\n\"}\n244:[\"#ispg-sec_privacy-policy\"]\n241:{\"drupal_internal__nid\":426,\"drupal_internal__vid\":5565,\"langcode\":\"en\",\"revision_timestamp\":\"2024-06-07T20:12:34+00:00\",\"status\":true,\"title\":\"Privacy Impact Assessment (PIA)\",\"created\":\"2022-08-29T17:16:06+00:00\",\"changed\":\"2024-06-06T17:13:30+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$242\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"privacy@cms.hhs.gov\",\"field_contact_name\":\"Privacy Office\",\"field_short_description\":\"$243\",\"field_slack_channel\":\"$244\"}\n248:{\"drupal_internal__target_id\":\"explainer\"}\n247:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$248\"}\n24a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/node_type?resourceVersion=id%3A5565\"}\n24b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/node_type?resourceVersion=id%3A5565\"}\n249:{\"related\":\"$24a\",\"self\":\"$24b\"}\n246:{\"data\":\"$247\",\"links\":\"$249\"}\n24e:{\"drupal_internal__target_id\":110}\n24d:{\"type\":\"user--user\",\"id\":\"a54cc91d-d38c-4158-9cf3-d7bcda34fc84\",\"meta\":\"$24e\"}\n250:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/revision_uid?resourceVersion=id%3A5565\"}\n251:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/revision_uid?resourceVersion=id%3A5565\"}\n24f:{\"related\":\"$250\",\"self\":\"$251\"}\n24c:{\"data\":\"$24d\",\"links\":\"$24f\"}\n254:{\"drupal_internal__target_id\":26}\n253:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$254\"}\n256:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/uid?resourceVersion=id%3A5565\"}\n257:{\"href\":\"https://cybergeek.cms.gov/j"])</script><script>self.__next_f.push([1,"sonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/uid?resourceVersion=id%3A5565\"}\n255:{\"related\":\"$256\",\"self\":\"$257\"}\n252:{\"data\":\"$253\",\"links\":\"$255\"}\n25b:{\"target_revision_id\":18109,\"drupal_internal__target_id\":511}\n25a:{\"type\":\"paragraph--page_section\",\"id\":\"6a7003c0-dd34-424b-abe5-dcdbb4ae4e21\",\"meta\":\"$25b\"}\n25d:{\"target_revision_id\":18116,\"drupal_internal__target_id\":3452}\n25c:{\"type\":\"paragraph--page_section\",\"id\":\"0a3e39c3-11df-48ee-acda-d4be29d1eb91\",\"meta\":\"$25d\"}\n25f:{\"target_revision_id\":18117,\"drupal_internal__target_id\":3495}\n25e:{\"type\":\"paragraph--page_section\",\"id\":\"cd0b41ba-9490-40c4-b79f-df959006794c\",\"meta\":\"$25f\"}\n259:[\"$25a\",\"$25c\",\"$25e\"]\n261:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_page_section?resourceVersion=id%3A5565\"}\n262:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_page_section?resourceVersion=id%3A5565\"}\n260:{\"related\":\"$261\",\"self\":\"$262\"}\n258:{\"data\":\"$259\",\"links\":\"$260\"}\n266:{\"target_revision_id\":18118,\"drupal_internal__target_id\":2066}\n265:{\"type\":\"paragraph--internal_link\",\"id\":\"06f52736-42ef-4a3e-a5a5-239887c37d8f\",\"meta\":\"$266\"}\n268:{\"target_revision_id\":18119,\"drupal_internal__target_id\":2071}\n267:{\"type\":\"paragraph--internal_link\",\"id\":\"8d2e8289-04d9-4f94-a59e-ea72edc28a57\",\"meta\":\"$268\"}\n26a:{\"target_revision_id\":18120,\"drupal_internal__target_id\":2076}\n269:{\"type\":\"paragraph--internal_link\",\"id\":\"f809e191-d1ff-4924-8b94-9e0f705b1620\",\"meta\":\"$26a\"}\n26c:{\"target_revision_id\":18121,\"drupal_internal__target_id\":2081}\n26b:{\"type\":\"paragraph--internal_link\",\"id\":\"fe146104-4cdc-4270-80c9-3cf6b03f6f4b\",\"meta\":\"$26c\"}\n26e:{\"target_revision_id\":18122,\"drupal_internal__target_id\":2086}\n26d:{\"type\":\"paragraph--internal_link\",\"id\":\"9d66b298-b9ef-4ae5-8a79-b1613b838eb6\",\"meta\":\"$26e\"}\n270:{\"target_revision_id\":18123,\"drupal_internal__target_id\":2091}\n26f:{\"type\":\"paragraph--internal_link\",\"id\":\"71620d65-13f9-45f3-b8fb-0108fba8c4b0\","])</script><script>self.__next_f.push([1,"\"meta\":\"$270\"}\n264:[\"$265\",\"$267\",\"$269\",\"$26b\",\"$26d\",\"$26f\"]\n272:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_related_collection?resourceVersion=id%3A5565\"}\n273:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_related_collection?resourceVersion=id%3A5565\"}\n271:{\"related\":\"$272\",\"self\":\"$273\"}\n263:{\"data\":\"$264\",\"links\":\"$271\"}\n276:{\"drupal_internal__target_id\":131}\n275:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$276\"}\n278:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_resource_type?resourceVersion=id%3A5565\"}\n279:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_resource_type?resourceVersion=id%3A5565\"}\n277:{\"related\":\"$278\",\"self\":\"$279\"}\n274:{\"data\":\"$275\",\"links\":\"$277\"}\n27d:{\"drupal_internal__target_id\":66}\n27c:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$27d\"}\n27f:{\"drupal_internal__target_id\":61}\n27e:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$27f\"}\n281:{\"drupal_internal__target_id\":76}\n280:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$281\"}\n27b:[\"$27c\",\"$27e\",\"$280\"]\n283:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_roles?resourceVersion=id%3A5565\"}\n284:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_roles?resourceVersion=id%3A5565\"}\n282:{\"related\":\"$283\",\"self\":\"$284\"}\n27a:{\"data\":\"$27b\",\"links\":\"$282\"}\n288:{\"drupal_internal__target_id\":6}\n287:{\"type\":\"taxonomy_term--topics\",\"id\":\"7917cea4-02d7-4ebd-93a3-4c39d5f24674\",\"meta\":\"$288\"}\n28a:{\"drupal_internal__target_id\":31}\n289:{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":\"$28a\"}\n286:[\"$287\",\"$289\"]\n28"])</script><script>self.__next_f.push([1,"c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_topics?resourceVersion=id%3A5565\"}\n28d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_topics?resourceVersion=id%3A5565\"}\n28b:{\"related\":\"$28c\",\"self\":\"$28d\"}\n285:{\"data\":\"$286\",\"links\":\"$28b\"}\n245:{\"node_type\":\"$246\",\"revision_uid\":\"$24c\",\"uid\":\"$252\",\"field_page_section\":\"$258\",\"field_related_collection\":\"$263\",\"field_resource_type\":\"$274\",\"field_roles\":\"$27a\",\"field_topics\":\"$285\"}\n23e:{\"type\":\"node--explainer\",\"id\":\"fb20ba48-336f-4acc-b27a-55e07c1766df\",\"links\":\"$23f\",\"attributes\":\"$241\",\"relationships\":\"$245\"}\n290:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81?resourceVersion=id%3A5754\"}\n28f:{\"self\":\"$290\"}\n292:{\"alias\":\"/learn/plan-action-and-milestones-poam\",\"pid\":386,\"langcode\":\"en\"}\n293:{\"value\":\"A corrective action plan roadmap to address system weaknesses and the resources required to fix them\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eA corrective action plan roadmap to address system weaknesses and the resources required to fix them\u003c/p\u003e\\n\"}\n294:[\"#cra-help\"]\n291:{\"drupal_internal__nid\":396,\"drupal_internal__vid\":5754,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-05T15:53:09+00:00\",\"status\":true,\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"created\":\"2022-08-29T16:56:42+00:00\",\"changed\":\"2024-08-05T15:53:09+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$292\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":\"$293\",\"field_slack_channel\":\"$294\"}\n298:{\"drupal_internal__target_id\":\"explainer\"}\n297:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$298\"}\n29a:{\"href\":\"h"])</script><script>self.__next_f.push([1,"ttps://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/node_type?resourceVersion=id%3A5754\"}\n29b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/node_type?resourceVersion=id%3A5754\"}\n299:{\"related\":\"$29a\",\"self\":\"$29b\"}\n296:{\"data\":\"$297\",\"links\":\"$299\"}\n29e:{\"drupal_internal__target_id\":159}\n29d:{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"meta\":\"$29e\"}\n2a0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/revision_uid?resourceVersion=id%3A5754\"}\n2a1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/revision_uid?resourceVersion=id%3A5754\"}\n29f:{\"related\":\"$2a0\",\"self\":\"$2a1\"}\n29c:{\"data\":\"$29d\",\"links\":\"$29f\"}\n2a4:{\"drupal_internal__target_id\":26}\n2a3:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$2a4\"}\n2a6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/uid?resourceVersion=id%3A5754\"}\n2a7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/uid?resourceVersion=id%3A5754\"}\n2a5:{\"related\":\"$2a6\",\"self\":\"$2a7\"}\n2a2:{\"data\":\"$2a3\",\"links\":\"$2a5\"}\n2ab:{\"target_revision_id\":19037,\"drupal_internal__target_id\":506}\n2aa:{\"type\":\"paragraph--page_section\",\"id\":\"7a011f0b-d154-4824-a3d9-ab6d2d897205\",\"meta\":\"$2ab\"}\n2ad:{\"target_revision_id\":19038,\"drupal_internal__target_id\":3385}\n2ac:{\"type\":\"paragraph--page_section\",\"id\":\"ee1fabb0-058d-4b71-a7db-8a9ce8319795\",\"meta\":\"$2ad\"}\n2a9:[\"$2aa\",\"$2ac\"]\n2af:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_page_section?resourceVersion=id%3A5754\"}\n2b0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_page_section?resourceVersion=id%3A5754\"}\n2ae:{\"related\":\"$2af\",\"self\":\"$2b0\"}\n2a8:{\"data\":\"$2a9\",\"links\":\"$2ae\"}\n2b4:{\"target_revis"])</script><script>self.__next_f.push([1,"ion_id\":19039,\"drupal_internal__target_id\":2041}\n2b3:{\"type\":\"paragraph--internal_link\",\"id\":\"df30d570-d5dc-431f-bec8-3054b29243cb\",\"meta\":\"$2b4\"}\n2b6:{\"target_revision_id\":19040,\"drupal_internal__target_id\":2046}\n2b5:{\"type\":\"paragraph--internal_link\",\"id\":\"4bccf275-df68-449d-8a48-3ba2274c322a\",\"meta\":\"$2b6\"}\n2b8:{\"target_revision_id\":19041,\"drupal_internal__target_id\":2051}\n2b7:{\"type\":\"paragraph--internal_link\",\"id\":\"443bfeb0-96a1-4b88-bd6d-d93d1d744e64\",\"meta\":\"$2b8\"}\n2ba:{\"target_revision_id\":19042,\"drupal_internal__target_id\":2056}\n2b9:{\"type\":\"paragraph--internal_link\",\"id\":\"71549f27-6a6b-4a16-9304-6208d994604a\",\"meta\":\"$2ba\"}\n2bc:{\"target_revision_id\":19043,\"drupal_internal__target_id\":2061}\n2bb:{\"type\":\"paragraph--internal_link\",\"id\":\"ab8baea5-3667-47bd-b2c5-a8b59a3847ac\",\"meta\":\"$2bc\"}\n2be:{\"target_revision_id\":19044,\"drupal_internal__target_id\":2551}\n2bd:{\"type\":\"paragraph--internal_link\",\"id\":\"6b40f485-c76e-44f6-8489-9bbf991c1f6c\",\"meta\":\"$2be\"}\n2b2:[\"$2b3\",\"$2b5\",\"$2b7\",\"$2b9\",\"$2bb\",\"$2bd\"]\n2c0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_related_collection?resourceVersion=id%3A5754\"}\n2c1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_related_collection?resourceVersion=id%3A5754\"}\n2bf:{\"related\":\"$2c0\",\"self\":\"$2c1\"}\n2b1:{\"data\":\"$2b2\",\"links\":\"$2bf\"}\n2c4:{\"drupal_internal__target_id\":131}\n2c3:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$2c4\"}\n2c6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_resource_type?resourceVersion=id%3A5754\"}\n2c7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_resource_type?resourceVersion=id%3A5754\"}\n2c5:{\"related\":\"$2c6\",\"self\":\"$2c7\"}\n2c2:{\"data\":\"$2c3\",\"links\":\"$2c5\"}\n2cb:{\"drupal_internal__target_id\":66}\n2ca:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\","])</script><script>self.__next_f.push([1,"\"meta\":\"$2cb\"}\n2cd:{\"drupal_internal__target_id\":61}\n2cc:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$2cd\"}\n2cf:{\"drupal_internal__target_id\":76}\n2ce:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$2cf\"}\n2d1:{\"drupal_internal__target_id\":71}\n2d0:{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":\"$2d1\"}\n2c9:[\"$2ca\",\"$2cc\",\"$2ce\",\"$2d0\"]\n2d3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_roles?resourceVersion=id%3A5754\"}\n2d4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_roles?resourceVersion=id%3A5754\"}\n2d2:{\"related\":\"$2d3\",\"self\":\"$2d4\"}\n2c8:{\"data\":\"$2c9\",\"links\":\"$2d2\"}\n2d8:{\"drupal_internal__target_id\":6}\n2d7:{\"type\":\"taxonomy_term--topics\",\"id\":\"7917cea4-02d7-4ebd-93a3-4c39d5f24674\",\"meta\":\"$2d8\"}\n2da:{\"drupal_internal__target_id\":36}\n2d9:{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":\"$2da\"}\n2d6:[\"$2d7\",\"$2d9\"]\n2dc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_topics?resourceVersion=id%3A5754\"}\n2dd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_topics?resourceVersion=id%3A5754\"}\n2db:{\"related\":\"$2dc\",\"self\":\"$2dd\"}\n2d5:{\"data\":\"$2d6\",\"links\":\"$2db\"}\n295:{\"node_type\":\"$296\",\"revision_uid\":\"$29c\",\"uid\":\"$2a2\",\"field_page_section\":\"$2a8\",\"field_related_collection\":\"$2b1\",\"field_resource_type\":\"$2c2\",\"field_roles\":\"$2c8\",\"field_topics\":\"$2d5\"}\n28e:{\"type\":\"node--explainer\",\"id\":\"6586d174-482d-43d2-9d86-2f0a42dc8a81\",\"links\":\"$28f\",\"attributes\":\"$291\",\"relationships\":\"$295\"}\n2e0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15?resourceVersion=id%3A5965\"}\n2df:{\"self\":\"$2e0\"}\n2e2:{\"alias\":\"/learn/system-security-and-privacy-plan-sspp\",\"pid\":656,\"langcode\":\"en\"}\n2e3:{\"value\":\"Documentation"])</script><script>self.__next_f.push([1," of a FISMA systems features and security requirements, along with controls and procedures for information protection\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eDocumentation of a FISMA systems features and security requirements, along with controls and procedures for information protection\u003c/p\u003e\\n\"}\n2e4:[\"#CFACTS_community\"]\n2e1:{\"drupal_internal__nid\":666,\"drupal_internal__vid\":5965,\"langcode\":\"en\",\"revision_timestamp\":\"2024-11-19T23:10:38+00:00\",\"status\":true,\"title\":\"System Security and Privacy Plan (SSPP)\",\"created\":\"2023-02-02T19:01:24+00:00\",\"changed\":\"2024-11-19T23:10:38+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$2e2\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":\"$2e3\",\"field_slack_channel\":\"$2e4\"}\n2e8:{\"drupal_internal__target_id\":\"explainer\"}\n2e7:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$2e8\"}\n2ea:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/node_type?resourceVersion=id%3A5965\"}\n2eb:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/node_type?resourceVersion=id%3A5965\"}\n2e9:{\"related\":\"$2ea\",\"self\":\"$2eb\"}\n2e6:{\"data\":\"$2e7\",\"links\":\"$2e9\"}\n2ee:{\"drupal_internal__target_id\":6}\n2ed:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$2ee\"}\n2f0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/revision_uid?resourceVersion=id%3A5965\"}\n2f1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/revision_uid?resourceVersion=id%3A5965\"}\n2ef:{\"related\":\"$2f0\",\"self\":\"$2f1\"}\n2ec:{\"data\":\"$2ed\",\"links\":\"$2ef\"}\n2f4:{\"drupal_internal__target_id\":26}"])</script><script>self.__next_f.push([1,"\n2f3:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$2f4\"}\n2f6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/uid?resourceVersion=id%3A5965\"}\n2f7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/uid?resourceVersion=id%3A5965\"}\n2f5:{\"related\":\"$2f6\",\"self\":\"$2f7\"}\n2f2:{\"data\":\"$2f3\",\"links\":\"$2f5\"}\n2fb:{\"target_revision_id\":19524,\"drupal_internal__target_id\":531}\n2fa:{\"type\":\"paragraph--page_section\",\"id\":\"830b220c-0b4e-42e7-8768-f0e366e2e394\",\"meta\":\"$2fb\"}\n2fd:{\"target_revision_id\":19529,\"drupal_internal__target_id\":3471}\n2fc:{\"type\":\"paragraph--page_section\",\"id\":\"0809565b-c9be-43d4-af0f-30e8770ed6a2\",\"meta\":\"$2fd\"}\n2f9:[\"$2fa\",\"$2fc\"]\n2ff:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_page_section?resourceVersion=id%3A5965\"}\n300:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_page_section?resourceVersion=id%3A5965\"}\n2fe:{\"related\":\"$2ff\",\"self\":\"$300\"}\n2f8:{\"data\":\"$2f9\",\"links\":\"$2fe\"}\n304:{\"target_revision_id\":19530,\"drupal_internal__target_id\":1636}\n303:{\"type\":\"paragraph--internal_link\",\"id\":\"9d67ade3-a2a1-4c6b-883d-eb2bab7ee929\",\"meta\":\"$304\"}\n306:{\"target_revision_id\":19531,\"drupal_internal__target_id\":1641}\n305:{\"type\":\"paragraph--internal_link\",\"id\":\"58395445-a7b1-4f8f-9aa8-867695cee5ff\",\"meta\":\"$306\"}\n308:{\"target_revision_id\":19532,\"drupal_internal__target_id\":1646}\n307:{\"type\":\"paragraph--internal_link\",\"id\":\"d75e6c82-2c87-4709-95f8-9320a54bf92a\",\"meta\":\"$308\"}\n30a:{\"target_revision_id\":19533,\"drupal_internal__target_id\":1651}\n309:{\"type\":\"paragraph--internal_link\",\"id\":\"f0fa4163-1622-4ac8-aefb-1795d0813853\",\"meta\":\"$30a\"}\n30c:{\"target_revision_id\":19534,\"drupal_internal__target_id\":1656}\n30b:{\"type\":\"paragraph--internal_link\",\"id\":\"b52610a5-ba07-4eba-85b4-fc6415050a84\",\"meta\":\"$30c\"}\n302:[\"$303\",\"$305\",\"$307\",\"$309\",\"$30b\"]\n30e:{\"href\":\"https://cyb"])</script><script>self.__next_f.push([1,"ergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_related_collection?resourceVersion=id%3A5965\"}\n30f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_related_collection?resourceVersion=id%3A5965\"}\n30d:{\"related\":\"$30e\",\"self\":\"$30f\"}\n301:{\"data\":\"$302\",\"links\":\"$30d\"}\n312:{\"drupal_internal__target_id\":131}\n311:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$312\"}\n314:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_resource_type?resourceVersion=id%3A5965\"}\n315:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_resource_type?resourceVersion=id%3A5965\"}\n313:{\"related\":\"$314\",\"self\":\"$315\"}\n310:{\"data\":\"$311\",\"links\":\"$313\"}\n317:[]\n319:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_roles?resourceVersion=id%3A5965\"}\n31a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_roles?resourceVersion=id%3A5965\"}\n318:{\"related\":\"$319\",\"self\":\"$31a\"}\n316:{\"data\":\"$317\",\"links\":\"$318\"}\n31e:{\"drupal_internal__target_id\":31}\n31d:{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":\"$31e\"}\n320:{\"drupal_internal__target_id\":11}\n31f:{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"meta\":\"$320\"}\n31c:[\"$31d\",\"$31f\"]\n322:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_topics?resourceVersion=id%3A5965\"}\n323:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_topics?resourceVersion=id%3A5965\"}\n321:{\"related\":\"$322\",\"self\":\"$323\"}\n31b:{\"data\":\"$31c\",\"links\":\"$321\"}\n2e5:{\"node_type\":\"$2e6\",\"revision_uid\":\"$2ec\",\"uid\":\"$2f2\",\"field_page_section\":\"$2f8\",\"field_related_collection\":\"$301\",\"field_resource_t"])</script><script>self.__next_f.push([1,"ype\":\"$310\",\"field_roles\":\"$316\",\"field_topics\":\"$31b\"}\n2de:{\"type\":\"node--explainer\",\"id\":\"e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15\",\"links\":\"$2df\",\"attributes\":\"$2e1\",\"relationships\":\"$2e5\"}\n326:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320?resourceVersion=id%3A5941\"}\n325:{\"self\":\"$326\"}\n328:{\"alias\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"pid\":191,\"langcode\":\"en\"}\n329:{\"value\":\"A streamlined risk-based control(s) testing methodology designed to relieve operational burden.\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eA streamlined risk-based control(s) testing methodology designed to relieve operational burden.\u003c/p\u003e\\n\"}\n32a:[]\n327:{\"drupal_internal__nid\":201,\"drupal_internal__vid\":5941,\"langcode\":\"en\",\"revision_timestamp\":\"2024-10-17T14:04:35+00:00\",\"status\":true,\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"created\":\"2022-08-25T18:58:52+00:00\",\"changed\":\"2024-10-07T20:27:11+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$328\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CSRAP@cms.hhs.gov\",\"field_contact_name\":\"CSRAP Team\",\"field_short_description\":\"$329\",\"field_slack_channel\":\"$32a\"}\n32e:{\"drupal_internal__target_id\":\"explainer\"}\n32d:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$32e\"}\n330:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/node_type?resourceVersion=id%3A5941\"}\n331:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/node_type?resourceVersion=id%3A5941\"}\n32f:{\"related\":\"$330\",\"self\":\"$331\"}\n32c:{\"data\":\"$32d\",\"links\":\"$32f\"}\n334:{\"drupal_internal__target_id\":95}\n333:{\"type\":\"user--user\",\"id\":\"39240c69-3096-49cd-a07c-3843b6c48c5f\",\"meta\":\"$334\"}\n336:{\"href\":\"https://cybergeek.cms.g"])</script><script>self.__next_f.push([1,"ov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/revision_uid?resourceVersion=id%3A5941\"}\n337:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/revision_uid?resourceVersion=id%3A5941\"}\n335:{\"related\":\"$336\",\"self\":\"$337\"}\n332:{\"data\":\"$333\",\"links\":\"$335\"}\n33a:{\"drupal_internal__target_id\":26}\n339:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$33a\"}\n33c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/uid?resourceVersion=id%3A5941\"}\n33d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/uid?resourceVersion=id%3A5941\"}\n33b:{\"related\":\"$33c\",\"self\":\"$33d\"}\n338:{\"data\":\"$339\",\"links\":\"$33b\"}\n341:{\"target_revision_id\":19433,\"drupal_internal__target_id\":3501}\n340:{\"type\":\"paragraph--page_section\",\"id\":\"f36fb6d1-0795-400f-8a15-36d1979118b0\",\"meta\":\"$341\"}\n343:{\"target_revision_id\":19434,\"drupal_internal__target_id\":611}\n342:{\"type\":\"paragraph--page_section\",\"id\":\"eb5b28d8-8825-43c5-a889-513068f48fd8\",\"meta\":\"$343\"}\n345:{\"target_revision_id\":19435,\"drupal_internal__target_id\":651}\n344:{\"type\":\"paragraph--page_section\",\"id\":\"269aaf52-85f1-411f-a67e-e9d9ad620d8a\",\"meta\":\"$345\"}\n347:{\"target_revision_id\":19442,\"drupal_internal__target_id\":3502}\n346:{\"type\":\"paragraph--page_section\",\"id\":\"3a3615ff-9d53-40d6-8291-fd4516dbc893\",\"meta\":\"$347\"}\n349:{\"target_revision_id\":19443,\"drupal_internal__target_id\":3503}\n348:{\"type\":\"paragraph--page_section\",\"id\":\"cbe6ce50-d7fa-40ac-afe1-00d600e4a4aa\",\"meta\":\"$349\"}\n34b:{\"target_revision_id\":19444,\"drupal_internal__target_id\":3504}\n34a:{\"type\":\"paragraph--page_section\",\"id\":\"a46d03b7-7478-40f1-a7da-3171ffcfaa2d\",\"meta\":\"$34b\"}\n33f:[\"$340\",\"$342\",\"$344\",\"$346\",\"$348\",\"$34a\"]\n34d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_page_section?resourceVersion=id%3A5941\"}\n34e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f"])</script><script>self.__next_f.push([1,"87d-4688-81e7-65a4013fa320/relationships/field_page_section?resourceVersion=id%3A5941\"}\n34c:{\"related\":\"$34d\",\"self\":\"$34e\"}\n33e:{\"data\":\"$33f\",\"links\":\"$34c\"}\n352:{\"target_revision_id\":19445,\"drupal_internal__target_id\":656}\n351:{\"type\":\"paragraph--internal_link\",\"id\":\"28dbad4c-79e6-4f83-bc5e-965ba6aa4926\",\"meta\":\"$352\"}\n354:{\"target_revision_id\":19446,\"drupal_internal__target_id\":661}\n353:{\"type\":\"paragraph--internal_link\",\"id\":\"9b8ddf12-5af3-4acf-a7bd-c5f629ddc1e2\",\"meta\":\"$354\"}\n356:{\"target_revision_id\":19447,\"drupal_internal__target_id\":671}\n355:{\"type\":\"paragraph--internal_link\",\"id\":\"77c203ce-2da8-4200-986c-1093acc2ff5a\",\"meta\":\"$356\"}\n358:{\"target_revision_id\":19448,\"drupal_internal__target_id\":676}\n357:{\"type\":\"paragraph--internal_link\",\"id\":\"50fa320c-23ef-4b7f-b3ee-4f4c55fe4a5a\",\"meta\":\"$358\"}\n35a:{\"target_revision_id\":19449,\"drupal_internal__target_id\":681}\n359:{\"type\":\"paragraph--internal_link\",\"id\":\"c4a332dc-02ea-48f6-9c08-c12ca06e62b5\",\"meta\":\"$35a\"}\n35c:{\"target_revision_id\":19450,\"drupal_internal__target_id\":3505}\n35b:{\"type\":\"paragraph--internal_link\",\"id\":\"5cc61db4-e2f7-43ad-b914-3661d73886e9\",\"meta\":\"$35c\"}\n350:[\"$351\",\"$353\",\"$355\",\"$357\",\"$359\",\"$35b\"]\n35e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_related_collection?resourceVersion=id%3A5941\"}\n35f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_related_collection?resourceVersion=id%3A5941\"}\n35d:{\"related\":\"$35e\",\"self\":\"$35f\"}\n34f:{\"data\":\"$350\",\"links\":\"$35d\"}\n362:{\"drupal_internal__target_id\":121}\n361:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":\"$362\"}\n364:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_resource_type?resourceVersion=id%3A5941\"}\n365:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_resource_type?resourceVersion=id%3A5941\"}\n363:{\"related\":\""])</script><script>self.__next_f.push([1,"$364\",\"self\":\"$365\"}\n360:{\"data\":\"$361\",\"links\":\"$363\"}\n369:{\"drupal_internal__target_id\":66}\n368:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$369\"}\n36b:{\"drupal_internal__target_id\":61}\n36a:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$36b\"}\n36d:{\"drupal_internal__target_id\":76}\n36c:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$36d\"}\n367:[\"$368\",\"$36a\",\"$36c\"]\n36f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_roles?resourceVersion=id%3A5941\"}\n370:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_roles?resourceVersion=id%3A5941\"}\n36e:{\"related\":\"$36f\",\"self\":\"$370\"}\n366:{\"data\":\"$367\",\"links\":\"$36e\"}\n374:{\"drupal_internal__target_id\":6}\n373:{\"type\":\"taxonomy_term--topics\",\"id\":\"7917cea4-02d7-4ebd-93a3-4c39d5f24674\",\"meta\":\"$374\"}\n376:{\"drupal_internal__target_id\":36}\n375:{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":\"$376\"}\n372:[\"$373\",\"$375\"]\n378:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_topics?resourceVersion=id%3A5941\"}\n379:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_topics?resourceVersion=id%3A5941\"}\n377:{\"related\":\"$378\",\"self\":\"$379\"}\n371:{\"data\":\"$372\",\"links\":\"$377\"}\n32b:{\"node_type\":\"$32c\",\"revision_uid\":\"$332\",\"uid\":\"$338\",\"field_page_section\":\"$33e\",\"field_related_collection\":\"$34f\",\"field_resource_type\":\"$360\",\"field_roles\":\"$366\",\"field_topics\":\"$371\"}\n324:{\"type\":\"node--explainer\",\"id\":\"a74e943d-f87d-4688-81e7-65a4013fa320\",\"links\":\"$325\",\"attributes\":\"$327\",\"relationships\":\"$32b\"}\n37c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314?resourceVersion=id%3A5824\"}\n37b:{\"self\":\"$37c\"}\n37e:{\"alias\":\"/posts/completing-tasks-cfacts-easy-cfacts-training-videos\",\"pid\":1003,"])</script><script>self.__next_f.push([1,"\"langcode\":\"en\"}\n380:T6d2,\u003cp dir=\"ltr\"\u003eYou may have noticed several changes in how system information and documents are stored in the\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts\"\u003eCMS FISMA Continuous Tracking System (CFACTS)\u003c/a\u003e. To help you navigate these changes, the CFACTS Team has been busy making \"how-to\" videos designed to help Information System Security Officers (ISSOs), System/Business Owners, and Cyber Risk Advisors (CRAs) complete tasks in CFACTS.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003ca href=\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"\u003eCFACTS \"How-To\" video library\u003c/a\u003e is available on the\u0026nbsp;\u003ca href=\"https://www.youtube.com/@cmsinformationsecurityandp5034/featured\"\u003eISPG YouTube Channel\u003c/a\u003e and can help with critical tasks like:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eHow to complete ATO Requests\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eControl implementation\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eControl inheritance\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCreating personalized dashboards\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCAAT file creation\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eReports and more\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eCheck out the\u0026nbsp;\u003ca href=\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"\u003eCFACTS video channel\u003c/a\u003e for more information to help you work through your system compliance activities. Bookmark the page and check back for more new content from the CFACTS Team as they make changes to improve processes.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eWho to contact\u0026nbsp;\u003c/h2\u003e\u003cp lang=\"EN-US\"\u003ePost any questions or comments on the \u003cem\u003e#cfacts-community\u003c/em\u003e channel in CMS Slack, or request support by using the \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCFACTS support portal\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e381:T6d2,\u003cp dir=\"ltr\"\u003eYou may have noticed several changes in how system information and documents are stored in the\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts\"\u003eCMS FISMA Continuous Tracking System (CFACTS)\u003c/a\u003e. To help you naviga"])</script><script>self.__next_f.push([1,"te these changes, the CFACTS Team has been busy making \"how-to\" videos designed to help Information System Security Officers (ISSOs), System/Business Owners, and Cyber Risk Advisors (CRAs) complete tasks in CFACTS.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003ca href=\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"\u003eCFACTS \"How-To\" video library\u003c/a\u003e is available on the\u0026nbsp;\u003ca href=\"https://www.youtube.com/@cmsinformationsecurityandp5034/featured\"\u003eISPG YouTube Channel\u003c/a\u003e and can help with critical tasks like:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eHow to complete ATO Requests\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eControl implementation\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eControl inheritance\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCreating personalized dashboards\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCAAT file creation\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003eReports and more\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eCheck out the\u0026nbsp;\u003ca href=\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"\u003eCFACTS video channel\u003c/a\u003e for more information to help you work through your system compliance activities. Bookmark the page and check back for more new content from the CFACTS Team as they make changes to improve processes.\u0026nbsp;\u003c/p\u003e\u003ch2\u003eWho to contact\u0026nbsp;\u003c/h2\u003e\u003cp lang=\"EN-US\"\u003ePost any questions or comments on the \u003cem\u003e#cfacts-community\u003c/em\u003e channel in CMS Slack, or request support by using the \u003ca href=\"https://coda.io/form/CFACTS-Support-Portal_dpiM2zX094Z\" target=\"_blank\" rel=\"noreferrer noopener\"\u003eCFACTS support portal\u003c/a\u003e.\u0026nbsp;\u003c/p\u003e37f:{\"value\":\"$380\",\"format\":\"body_text\",\"processed\":\"$381\",\"summary\":\"\"}\n382:{\"value\":\"Want to learn about new features and how to do tasks in CFACTS? How-To videos from CFACTS can help!\\r\\n\\r\\n\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eWant to learn about new features and how to do tasks in CFACTS? How-To videos from CFACTS can help!\u003c/p\u003e\\n\"}\n37d:{\"drupal_internal__nid\":1152,\"drupal_internal__vid\":5824,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-06T15:59:16+00:00\",\"status\":true,\"title\":\"Completing tasks in CFACTS is easy with \\\"CFACTS How-To\\\" videos\",\"created\":\""])</script><script>self.__next_f.push([1,"2023-09-26T15:56:18+00:00\",\"changed\":\"2024-08-06T15:59:16+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$37e\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":\"$37f\",\"field_short_description\":\"$382\",\"field_video_link\":null}\n386:{\"drupal_internal__target_id\":\"blog\"}\n385:{\"type\":\"node_type--node_type\",\"id\":\"f382c03e-0cc5-4892-aa46-653a2d90fc05\",\"meta\":\"$386\"}\n388:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/node_type?resourceVersion=id%3A5824\"}\n389:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/node_type?resourceVersion=id%3A5824\"}\n387:{\"related\":\"$388\",\"self\":\"$389\"}\n384:{\"data\":\"$385\",\"links\":\"$387\"}\n38c:{\"drupal_internal__target_id\":94}\n38b:{\"type\":\"user--user\",\"id\":\"c34b79d4-f936-45dd-968f-7efc22d4370b\",\"meta\":\"$38c\"}\n38e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/revision_uid?resourceVersion=id%3A5824\"}\n38f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/revision_uid?resourceVersion=id%3A5824\"}\n38d:{\"related\":\"$38e\",\"self\":\"$38f\"}\n38a:{\"data\":\"$38b\",\"links\":\"$38d\"}\n392:{\"drupal_internal__target_id\":26}\n391:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$392\"}\n394:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/uid?resourceVersion=id%3A5824\"}\n395:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/uid?resourceVersion=id%3A5824\"}\n393:{\"related\":\"$394\",\"self\":\"$395\"}\n390:{\"data\":\"$391\",\"links\":\"$393\"}\n398:{\"drupal_internal__target_id\":191}\n397:{\"type\":\"media--blog_cover_image\",\"id\":\"e5856274-7e14-4dda-b584-1a676d261f6c\",\"meta\":\"$398\"}\n39a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8"])</script><script>self.__next_f.push([1,"e23-aaad386c3314/field_cover_image?resourceVersion=id%3A5824\"}\n39b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_cover_image?resourceVersion=id%3A5824\"}\n399:{\"related\":\"$39a\",\"self\":\"$39b\"}\n396:{\"data\":\"$397\",\"links\":\"$399\"}\n39e:{\"drupal_internal__target_id\":23}\n39d:{\"type\":\"group--team\",\"id\":\"7995b974-7ea1-448b-827d-7db797f4d769\",\"meta\":\"$39e\"}\n3a0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_publisher_group?resourceVersion=id%3A5824\"}\n3a1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_publisher_group?resourceVersion=id%3A5824\"}\n39f:{\"related\":\"$3a0\",\"self\":\"$3a1\"}\n39c:{\"data\":\"$39d\",\"links\":\"$39f\"}\n3a4:{\"drupal_internal__target_id\":106}\n3a3:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"cccd136f-b478-40f0-8ff8-fd73f75f4ab0\",\"meta\":\"$3a4\"}\n3a6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_resource_type?resourceVersion=id%3A5824\"}\n3a7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_resource_type?resourceVersion=id%3A5824\"}\n3a5:{\"related\":\"$3a6\",\"self\":\"$3a7\"}\n3a2:{\"data\":\"$3a3\",\"links\":\"$3a5\"}\n3ab:{\"drupal_internal__target_id\":66}\n3aa:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$3ab\"}\n3ad:{\"drupal_internal__target_id\":61}\n3ac:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$3ad\"}\n3af:{\"drupal_internal__target_id\":76}\n3ae:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$3af\"}\n3a9:[\"$3aa\",\"$3ac\",\"$3ae\"]\n3b1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_roles?resourceVersion=id%3A5824\"}\n3b2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_roles?resourceVersion=id%3A5824\"}\n3b0:{\"related\":\"$3b1\",\"self\":\"$3b2\"}\n3a8:{\"dat"])</script><script>self.__next_f.push([1,"a\":\"$3a9\",\"links\":\"$3b0\"}\n3b6:{\"drupal_internal__target_id\":36}\n3b5:{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":\"$3b6\"}\n3b4:[\"$3b5\"]\n3b8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_topics?resourceVersion=id%3A5824\"}\n3b9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_topics?resourceVersion=id%3A5824\"}\n3b7:{\"related\":\"$3b8\",\"self\":\"$3b9\"}\n3b3:{\"data\":\"$3b4\",\"links\":\"$3b7\"}\n383:{\"node_type\":\"$384\",\"revision_uid\":\"$38a\",\"uid\":\"$390\",\"field_cover_image\":\"$396\",\"field_publisher_group\":\"$39c\",\"field_resource_type\":\"$3a2\",\"field_roles\":\"$3a8\",\"field_topics\":\"$3b3\"}\n37a:{\"type\":\"node--blog\",\"id\":\"9c778c45-d1f7-4833-8e23-aaad386c3314\",\"links\":\"$37b\",\"attributes\":\"$37d\",\"relationships\":\"$383\"}\n3bc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b?resourceVersion=id%3A5791\"}\n3bb:{\"self\":\"$3bc\"}\n3be:{\"alias\":\"/posts/watch-and-learn-system-categorization-cfacts\",\"pid\":991,\"langcode\":\"en\"}\n3bf:{\"value\":\"\u003cp\u003eEach new CMS FISMA system must define its security categorization based on the \u003ca href=\\\"http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf\\\"\u003eFederal Information Processing Standards Publication 199 (FIPS 199)\u003c/a\u003e. Each system must be reviewed in the following categories:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eConfidentiality\u003c/li\u003e\u003cli\u003eIntegrity\u003c/li\u003e\u003cli\u003eAvailability\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eDuring review, each category is assigned a rating of low, moderate, or high impact. The most severe rating from any category becomes the system's overall security categorization.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn the past, the ISSO completed this review using the System Categorization Worksheet (SCW). The SCW is outdated and has been retired.\u0026nbsp;ISSOs can now complete their system categorization using CFACTS. Watch the video to learn about this process.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIf you have questions, you can contact the CFACTS Team in CMS Slack in the #\u003cstrong\u003ecfacts_community \u003c/strong\u003echan"])</script><script>self.__next_f.push([1,"nel\u003cstrong\u003e.\u003c/strong\u003e\u003c/p\u003e\",\"format\":\"body_text\",\"processed\":\"\u003cp\u003eEach new CMS FISMA system must define its security categorization based on the \u003ca href=\\\"http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf\\\"\u003eFederal Information Processing Standards Publication 199 (FIPS 199)\u003c/a\u003e. Each system must be reviewed in the following categories:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eConfidentiality\u003c/li\u003e\u003cli\u003eIntegrity\u003c/li\u003e\u003cli\u003eAvailability\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eDuring review, each category is assigned a rating of low, moderate, or high impact. The most severe rating from any category becomes the system's overall security categorization.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn the past, the ISSO completed this review using the System Categorization Worksheet (SCW). The SCW is outdated and has been retired.\u0026nbsp;ISSOs can now complete their system categorization using CFACTS. Watch the video to learn about this process.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIf you have questions, you can contact the CFACTS Team in CMS Slack in the #\u003cstrong\u003ecfacts_community \u003c/strong\u003echannel\u003cstrong\u003e.\u003c/strong\u003e\u003c/p\u003e\",\"summary\":\"\"}\n3c0:{\"value\":\"Watch the video about assigning a FIPS 199 Security Category to your system, and learn how to use CFACTS to simplify the process\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eWatch the video about assigning a FIPS 199 Security Category to your system, and learn how to use CFACTS to simplify the process\u003c/p\u003e\\n\"}\n3bd:{\"drupal_internal__nid\":1139,\"drupal_internal__vid\":5791,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-06T15:44:55+00:00\",\"status\":true,\"title\":\"Watch and Learn: System Categorization in CFACTS\",\"created\":\"2023-08-22T15:32:02+00:00\",\"changed\":\"2024-08-06T15:44:55+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$3be\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":\"$3bf\",\"field_short_description\":\"$3c0\",\"field_video_link\":\"https://www.youtube.com/watch?v=GjpHR6UeSkA\"}\n3c4:{\"drupal_"])</script><script>self.__next_f.push([1,"internal__target_id\":\"blog\"}\n3c3:{\"type\":\"node_type--node_type\",\"id\":\"f382c03e-0cc5-4892-aa46-653a2d90fc05\",\"meta\":\"$3c4\"}\n3c6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/node_type?resourceVersion=id%3A5791\"}\n3c7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/node_type?resourceVersion=id%3A5791\"}\n3c5:{\"related\":\"$3c6\",\"self\":\"$3c7\"}\n3c2:{\"data\":\"$3c3\",\"links\":\"$3c5\"}\n3ca:{\"drupal_internal__target_id\":94}\n3c9:{\"type\":\"user--user\",\"id\":\"c34b79d4-f936-45dd-968f-7efc22d4370b\",\"meta\":\"$3ca\"}\n3cc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/revision_uid?resourceVersion=id%3A5791\"}\n3cd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/revision_uid?resourceVersion=id%3A5791\"}\n3cb:{\"related\":\"$3cc\",\"self\":\"$3cd\"}\n3c8:{\"data\":\"$3c9\",\"links\":\"$3cb\"}\n3d0:{\"drupal_internal__target_id\":26}\n3cf:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$3d0\"}\n3d2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/uid?resourceVersion=id%3A5791\"}\n3d3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/uid?resourceVersion=id%3A5791\"}\n3d1:{\"related\":\"$3d2\",\"self\":\"$3d3\"}\n3ce:{\"data\":\"$3cf\",\"links\":\"$3d1\"}\n3d6:{\"drupal_internal__target_id\":86}\n3d5:{\"type\":\"media--blog_cover_image\",\"id\":\"c0318530-736d-47a4-89c3-78616da050c1\",\"meta\":\"$3d6\"}\n3d8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_cover_image?resourceVersion=id%3A5791\"}\n3d9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_cover_image?resourceVersion=id%3A5791\"}\n3d7:{\"related\":\"$3d8\",\"self\":\"$3d9\"}\n3d4:{\"data\":\"$3d5\",\"links\":\"$3d7\"}\n3dc:{\"drupal_internal__target_id\":23}\n3db:{\"type\":\"group--team\",\"id\":\"7995b974-7ea1-448b-827d-7db797f4d769\",\"meta\":\"$3dc\"}\n3de:{\"href\":\""])</script><script>self.__next_f.push([1,"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_publisher_group?resourceVersion=id%3A5791\"}\n3df:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_publisher_group?resourceVersion=id%3A5791\"}\n3dd:{\"related\":\"$3de\",\"self\":\"$3df\"}\n3da:{\"data\":\"$3db\",\"links\":\"$3dd\"}\n3e2:{\"drupal_internal__target_id\":106}\n3e1:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"cccd136f-b478-40f0-8ff8-fd73f75f4ab0\",\"meta\":\"$3e2\"}\n3e4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_resource_type?resourceVersion=id%3A5791\"}\n3e5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_resource_type?resourceVersion=id%3A5791\"}\n3e3:{\"related\":\"$3e4\",\"self\":\"$3e5\"}\n3e0:{\"data\":\"$3e1\",\"links\":\"$3e3\"}\n3e9:{\"drupal_internal__target_id\":66}\n3e8:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$3e9\"}\n3eb:{\"drupal_internal__target_id\":61}\n3ea:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$3eb\"}\n3ed:{\"drupal_internal__target_id\":76}\n3ec:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$3ed\"}\n3e7:[\"$3e8\",\"$3ea\",\"$3ec\"]\n3ef:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_roles?resourceVersion=id%3A5791\"}\n3f0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_roles?resourceVersion=id%3A5791\"}\n3ee:{\"related\":\"$3ef\",\"self\":\"$3f0\"}\n3e6:{\"data\":\"$3e7\",\"links\":\"$3ee\"}\n3f4:{\"drupal_internal__target_id\":36}\n3f3:{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":\"$3f4\"}\n3f2:[\"$3f3\"]\n3f6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_topics?resourceVersion=id%3A5791\"}\n3f7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_topi"])</script><script>self.__next_f.push([1,"cs?resourceVersion=id%3A5791\"}\n3f5:{\"related\":\"$3f6\",\"self\":\"$3f7\"}\n3f1:{\"data\":\"$3f2\",\"links\":\"$3f5\"}\n3c1:{\"node_type\":\"$3c2\",\"revision_uid\":\"$3c8\",\"uid\":\"$3ce\",\"field_cover_image\":\"$3d4\",\"field_publisher_group\":\"$3da\",\"field_resource_type\":\"$3e0\",\"field_roles\":\"$3e6\",\"field_topics\":\"$3f1\"}\n3ba:{\"type\":\"node--blog\",\"id\":\"f601d782-a1c3-41d3-8927-5fbba258da6b\",\"links\":\"$3bb\",\"attributes\":\"$3bd\",\"relationships\":\"$3c1\"}\n"])</script><script>self.__next_f.push([1,"5:[\"$\",\"$L17\",null,{\"content\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"de0901ae-4ea5-491c-badd-90a32da3989b\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b?resourceVersion=id%3A5999\"}},\"attributes\":{\"drupal_internal__nid\":261,\"drupal_internal__vid\":5999,\"langcode\":\"en\",\"revision_timestamp\":\"2024-12-05T18:41:37+00:00\",\"status\":true,\"title\":\"CMS FISMA Continuous Tracking System (CFACTS)\",\"created\":\"2022-08-26T14:57:02+00:00\",\"changed\":\"2024-12-05T18:41:37+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"pid\":251,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"ciso@cms.hhs.gov\",\"field_contact_name\":\"CFACTS Team \",\"field_short_description\":{\"value\":\"CFACTS is a CMS database that tracks application security deficiencies and POA\u0026Ms, and supports the ATO process\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eCFACTS is a CMS database that tracks application security deficiencies and POA\u0026amp;Ms, and supports the ATO process\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#cfacts_community\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/node_type?resourceVersion=id%3A5999\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/relationships/node_type?resourceVersion=id%3A5999\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"meta\":{\"drupal_internal__target_id\":159}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/revision_uid?resourceVersion=id%3A5999\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/relationships/revision_uid?resourceVersion=id%3A5999\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/uid?resourceVersion=id%3A5999\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/relationships/uid?resourceVersion=id%3A5999\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"963db416-cca0-421d-8c3e-40c8e2ce190f\",\"meta\":{\"target_revision_id\":19655,\"drupal_internal__target_id\":2101}},{\"type\":\"paragraph--page_section\",\"id\":\"9b87eb1d-cb43-472b-9b5b-8618d2688563\",\"meta\":{\"target_revision_id\":19660,\"drupal_internal__target_id\":446}},{\"type\":\"paragraph--page_section\",\"id\":\"122a8de9-c38d-492b-bc93-b43b270f2933\",\"meta\":{\"target_revision_id\":19666,\"drupal_internal__target_id\":1781}},{\"type\":\"paragraph--page_section\",\"id\":\"594617c8-824a-4962-aa08-fdf8dd4677fb\",\"meta\":{\"target_revision_id\":19667,\"drupal_internal__target_id\":3468}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/field_page_section?resourceVersion=id%3A5999\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/relationships/field_page_section?resourceVersion=id%3A5999\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"76dcb171-ae0a-42ba-b330-b93b63633cdd\",\"meta\":{\"target_revision_id\":19668,\"drupal_internal__target_id\":1816}},{\"type\":\"paragraph--internal_link\",\"id\":\"7f340091-9774-491a-817d-0cdfaf0c72d1\",\"meta\":{\"target_revision_id\":19669,\"drupal_internal__target_id\":1821}},{\"type\":\"paragraph--internal_link\",\"id\":\"4b7486bb-57c5-440b-b07c-54deb80f1ca1\",\"meta\":{\"target_revision_id\":19670,\"drupal_internal__target_id\":1826}},{\"type\":\"paragraph--internal_link\",\"id\":\"d72a41d1-1d17-452f-9375-aea58d84e8e7\",\"meta\":{\"target_revision_id\":19671,\"drupal_internal__target_id\":1831}},{\"type\":\"paragraph--internal_link\",\"id\":\"726e3057-d549-4d7d-80c7-0f4c5d5f8007\",\"meta\":{\"target_revision_id\":19672,\"drupal_internal__target_id\":3462}},{\"type\":\"paragraph--internal_link\",\"id\":\"dbde5fa8-5137-4df4-af83-a4330e0778c7\",\"meta\":{\"target_revision_id\":19673,\"drupal_internal__target_id\":3463}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/field_related_collection?resourceVersion=id%3A5999\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/relationships/field_related_collection?resourceVersion=id%3A5999\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":{\"drupal_internal__target_id\":121}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/field_resource_type?resourceVersion=id%3A5999\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/relationships/field_resource_type?resourceVersion=id%3A5999\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":{\"drupal_internal__target_id\":71}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/field_roles?resourceVersion=id%3A5999\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/relationships/field_roles?resourceVersion=id%3A5999\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":{\"drupal_internal__target_id\":36}},{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"meta\":{\"drupal_internal__target_id\":11}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/field_topics?resourceVersion=id%3A5999\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/de0901ae-4ea5-491c-badd-90a32da3989b/relationships/field_topics?resourceVersion=id%3A5999\"}}}}},\"included\":[{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}},\"attributes\":{\"langcode\":\"en\",\"status\":true,\"dependencies\":{\"module\":[\"menu_ui\",\"scheduler\"]},\"third_party_settings\":{\"menu_ui\":{\"available_menus\":[],\"parent\":\"\"},\"scheduler\":{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}},\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}},{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/4420e728-6dc2-4022-bf8d-5bd1329e5e64\"}},\"attributes\":{\"display_name\":\"jcallan - retired\"}},{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/dca2c49b-4a12-4d5f-859d-a759444160a4\"}},\"attributes\":{\"display_name\":\"meg - retired\"}},{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4?resourceVersion=id%3A121\"}},\"attributes\":{\"drupal_internal__tid\":121,\"drupal_internal__revision_id\":121,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:12+00:00\",\"status\":true,\"name\":\"Tools / Services\",\"description\":null,\"weight\":5,\"changed\":\"2023-06-14T19:04:09+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":{\"drupal_internal__target_id\":\"resource_type\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/vid?resourceVersion=id%3A121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/vid?resourceVersion=id%3A121\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/revision_user?resourceVersion=id%3A121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/revision_user?resourceVersion=id%3A121\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/parent?resourceVersion=id%3A121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/parent?resourceVersion=id%3A121\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}},\"attributes\":{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}},\"attributes\":{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}},\"attributes\":{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e?resourceVersion=id%3A71\"}},\"attributes\":{\"drupal_internal__tid\":71,\"drupal_internal__revision_id\":71,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:42+00:00\",\"status\":true,\"name\":\"System Teams\",\"description\":null,\"weight\":0,\"changed\":\"2024-08-02T21:29:47+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/vid?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/vid?resourceVersion=id%3A71\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/revision_user?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/revision_user?resourceVersion=id%3A71\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/parent?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/parent?resourceVersion=id%3A71\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305?resourceVersion=id%3A36\"}},\"attributes\":{\"drupal_internal__tid\":36,\"drupal_internal__revision_id\":36,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:55+00:00\",\"status\":true,\"name\":\"Risk Management \u0026 Reporting\",\"description\":null,\"weight\":5,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/vid?resourceVersion=id%3A36\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/vid?resourceVersion=id%3A36\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/revision_user?resourceVersion=id%3A36\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/revision_user?resourceVersion=id%3A36\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/parent?resourceVersion=id%3A36\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/parent?resourceVersion=id%3A36\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e?resourceVersion=id%3A11\"}},\"attributes\":{\"drupal_internal__tid\":11,\"drupal_internal__revision_id\":11,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:12+00:00\",\"status\":true,\"name\":\"System Authorization\",\"description\":null,\"weight\":7,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/vid?resourceVersion=id%3A11\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/vid?resourceVersion=id%3A11\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/revision_user?resourceVersion=id%3A11\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/revision_user?resourceVersion=id%3A11\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/parent?resourceVersion=id%3A11\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/parent?resourceVersion=id%3A11\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"963db416-cca0-421d-8c3e-40c8e2ce190f\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f?resourceVersion=id%3A19655\"}},\"attributes\":{\"drupal_internal__id\":2101,\"drupal_internal__revision_id\":19655,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-16T15:24:41+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"\u003ch2\u003eWhat is CFACTS?\u003c/h2\u003e\u003cp\u003e\u003ca href=\\\"https://cfacts.cms.gov/\\\"\u003eCFACTS\u003c/a\u003e stands for \u003cstrong\u003eCMS FISMA Continuous Tracking System\u003c/strong\u003e. It is a governance, risk, and compliance tool. CMS uses CFACTS across all of its systems to manage information systems security and privacy requirements. It offers a common foundation to manage policies, controls, risks, assessments, and deficiencies.\u003c/p\u003e\u003cp\u003eSenior-level management uses CFACTS reports to get a clear view of the security posture of all applications within CMS. CFACTS also helps management make better budget and resource decisions.\u003c/p\u003e\u003cp\u003eCFACTS also makes it easier for the Department of Health and Human Services and OMB to manage required quarterly security posture updates and annual assessments.\u003c/p\u003e\",\"format\":\"body_text\",\"processed\":\"\u003ch2\u003eWhat is CFACTS?\u003c/h2\u003e\u003cp\u003e\u003ca href=\\\"https://cfacts.cms.gov/\\\"\u003eCFACTS\u003c/a\u003e stands for \u003cstrong\u003eCMS FISMA Continuous Tracking System\u003c/strong\u003e. It is a governance, risk, and compliance tool. CMS uses CFACTS across all of its systems to manage information systems security and privacy requirements. It offers a common foundation to manage policies, controls, risks, assessments, and deficiencies.\u003c/p\u003e\u003cp\u003eSenior-level management uses CFACTS reports to get a clear view of the security posture of all applications within CMS. CFACTS also helps management make better budget and resource decisions.\u003c/p\u003e\u003cp\u003eCFACTS also makes it easier for the Department of Health and Human Services and OMB to manage required quarterly security posture updates and annual assessments.\u003c/p\u003e\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f/paragraph_type?resourceVersion=id%3A19655\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f/relationships/paragraph_type?resourceVersion=id%3A19655\"}}},\"field_specialty_item\":{\"data\":{\"type\":\"paragraph--call_out_box\",\"id\":\"0133f338-f61a-45ab-8fd5-600be40c30d4\",\"meta\":{\"target_revision_id\":19654,\"drupal_internal__target_id\":2096}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f/field_specialty_item?resourceVersion=id%3A19655\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/963db416-cca0-421d-8c3e-40c8e2ce190f/relationships/field_specialty_item?resourceVersion=id%3A19655\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"9b87eb1d-cb43-472b-9b5b-8618d2688563\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563?resourceVersion=id%3A19660\"}},\"attributes\":{\"drupal_internal__id\":446,\"drupal_internal__revision_id\":19660,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-02T14:52:52+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$18\",\"format\":\"body_text\",\"processed\":\"$19\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563/paragraph_type?resourceVersion=id%3A19660\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563/relationships/paragraph_type?resourceVersion=id%3A19660\"}}},\"field_specialty_item\":{\"data\":{\"type\":\"paragraph--process_list\",\"id\":\"8243dd59-39ab-4e89-984a-6c14b074e237\",\"meta\":{\"target_revision_id\":19659,\"drupal_internal__target_id\":3563}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563/field_specialty_item?resourceVersion=id%3A19660\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/9b87eb1d-cb43-472b-9b5b-8618d2688563/relationships/field_specialty_item?resourceVersion=id%3A19660\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"122a8de9-c38d-492b-bc93-b43b270f2933\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933?resourceVersion=id%3A19666\"}},\"attributes\":{\"drupal_internal__id\":1781,\"drupal_internal__revision_id\":19666,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:49:36+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$1a\",\"format\":\"body_text\",\"processed\":\"$1b\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933/paragraph_type?resourceVersion=id%3A19666\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933/relationships/paragraph_type?resourceVersion=id%3A19666\"}}},\"field_specialty_item\":{\"data\":{\"type\":\"paragraph--process_list\",\"id\":\"380f7345-d826-49bf-99a2-ae0eb21201c8\",\"meta\":{\"target_revision_id\":19665,\"drupal_internal__target_id\":3568}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933/field_specialty_item?resourceVersion=id%3A19666\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/122a8de9-c38d-492b-bc93-b43b270f2933/relationships/field_specialty_item?resourceVersion=id%3A19666\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"594617c8-824a-4962-aa08-fdf8dd4677fb\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb?resourceVersion=id%3A19667\"}},\"attributes\":{\"drupal_internal__id\":3468,\"drupal_internal__revision_id\":19667,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-11-13T19:39:46+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$1c\",\"format\":\"body_text\",\"processed\":\"$1d\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb/paragraph_type?resourceVersion=id%3A19667\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb/relationships/paragraph_type?resourceVersion=id%3A19667\"}}},\"field_specialty_item\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb/field_specialty_item?resourceVersion=id%3A19667\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/594617c8-824a-4962-aa08-fdf8dd4677fb/relationships/field_specialty_item?resourceVersion=id%3A19667\"}}}}},{\"type\":\"paragraph--call_out_box\",\"id\":\"0133f338-f61a-45ab-8fd5-600be40c30d4\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/0133f338-f61a-45ab-8fd5-600be40c30d4?resourceVersion=id%3A19654\"}},\"attributes\":{\"drupal_internal__id\":2096,\"drupal_internal__revision_id\":19654,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-16T15:27:01+00:00\",\"parent_id\":\"2101\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_call_out_link\":{\"uri\":\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\",\"title\":\"\",\"options\":[],\"url\":\"https://www.youtube.com/playlist?list=PLyEaxwXtHzLlRPmMUK6eWkEFqhk0KeW3P\"},\"field_call_out_link_text\":\"Take me to the \\\"How-To\\\" videos\",\"field_call_out_text\":{\"value\":\"On-demand videos produced by the CFACTS team are designed to answer frequent questions and demonstrate how to use various features. Check out the \\\"How-To\\\" videos on the CFACTS video channel.\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eOn-demand videos produced by the CFACTS team are designed to answer frequent questions and demonstrate how to use various features. Check out the \u0026quot;How-To\u0026quot; videos on the CFACTS video channel.\u003c/p\u003e\\n\"},\"field_header\":\"CFACTS \\\"How-To\\\" videos\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"a1d0a205-c6c9-4816-b701-4763d05de8e8\",\"meta\":{\"drupal_internal__target_id\":\"call_out_box\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/0133f338-f61a-45ab-8fd5-600be40c30d4/paragraph_type?resourceVersion=id%3A19654\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/0133f338-f61a-45ab-8fd5-600be40c30d4/relationships/paragraph_type?resourceVersion=id%3A19654\"}}}}},{\"type\":\"paragraph--process_list\",\"id\":\"8243dd59-39ab-4e89-984a-6c14b074e237\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237?resourceVersion=id%3A19659\"}},\"attributes\":{\"drupal_internal__id\":3563,\"drupal_internal__revision_id\":19659,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:29:59+00:00\",\"parent_id\":\"446\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_process_list_conclusion\":null},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"8a1fa202-0dc7-4f58-9b3d-7f9c44c9a9c8\",\"meta\":{\"drupal_internal__target_id\":\"process_list\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237/paragraph_type?resourceVersion=id%3A19659\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237/relationships/paragraph_type?resourceVersion=id%3A19659\"}}},\"field_process_list_item\":{\"data\":[{\"type\":\"paragraph--process_list_item\",\"id\":\"d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a\",\"meta\":{\"target_revision_id\":19656,\"drupal_internal__target_id\":3560}},{\"type\":\"paragraph--process_list_item\",\"id\":\"39004fd8-5d09-4cea-b000-0e15d4e88e98\",\"meta\":{\"target_revision_id\":19657,\"drupal_internal__target_id\":3561}},{\"type\":\"paragraph--process_list_item\",\"id\":\"260bc118-0b34-41b0-af66-080d25593510\",\"meta\":{\"target_revision_id\":19658,\"drupal_internal__target_id\":3562}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237/field_process_list_item?resourceVersion=id%3A19659\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/8243dd59-39ab-4e89-984a-6c14b074e237/relationships/field_process_list_item?resourceVersion=id%3A19659\"}}}}},{\"type\":\"paragraph--process_list\",\"id\":\"380f7345-d826-49bf-99a2-ae0eb21201c8\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8?resourceVersion=id%3A19665\"}},\"attributes\":{\"drupal_internal__id\":3568,\"drupal_internal__revision_id\":19665,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:34:54+00:00\",\"parent_id\":\"1781\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_process_list_conclusion\":null},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"8a1fa202-0dc7-4f58-9b3d-7f9c44c9a9c8\",\"meta\":{\"drupal_internal__target_id\":\"process_list\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8/paragraph_type?resourceVersion=id%3A19665\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8/relationships/paragraph_type?resourceVersion=id%3A19665\"}}},\"field_process_list_item\":{\"data\":[{\"type\":\"paragraph--process_list_item\",\"id\":\"e2ea1624-befd-40f7-b4d2-e336b60fd82c\",\"meta\":{\"target_revision_id\":19661,\"drupal_internal__target_id\":3564}},{\"type\":\"paragraph--process_list_item\",\"id\":\"f3145901-0b26-454d-a708-3d85141d4527\",\"meta\":{\"target_revision_id\":19662,\"drupal_internal__target_id\":3565}},{\"type\":\"paragraph--process_list_item\",\"id\":\"f53da9a8-5f61-4922-8eb4-ba5614f3d423\",\"meta\":{\"target_revision_id\":19663,\"drupal_internal__target_id\":3566}},{\"type\":\"paragraph--process_list_item\",\"id\":\"f7c40251-d8ba-48ff-88aa-848ffa5f12d8\",\"meta\":{\"target_revision_id\":19664,\"drupal_internal__target_id\":3567}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8/field_process_list_item?resourceVersion=id%3A19665\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/380f7345-d826-49bf-99a2-ae0eb21201c8/relationships/field_process_list_item?resourceVersion=id%3A19665\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a?resourceVersion=id%3A19656\"}},\"attributes\":{\"drupal_internal__id\":3560,\"drupal_internal__revision_id\":19656,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:29:59+00:00\",\"parent_id\":\"3563\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003col\u003e\u003cli\u003eLog in to your \u003ca href=\\\"https://eua.cms.gov/\\\"\u003eEUA account\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eRequest the 'CFACTS_USER_PRD' job code for the Production environment\u003c/li\u003e\u003cli\u003eRequest the 'CFACTS_USER_IMP' job code the Validation environment.\u003c/li\u003e\u003c/ol\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003col\u003e\u003cli\u003eLog in to your \u003ca href=\\\"https://eua.cms.gov/\\\"\u003eEUA account\u003c/a\u003e.\u003c/li\u003e\u003cli\u003eRequest the 'CFACTS_USER_PRD' job code for the Production environment\u003c/li\u003e\u003cli\u003eRequest the 'CFACTS_USER_IMP' job code the Validation environment.\u003c/li\u003e\u003c/ol\u003e\"},\"field_list_item_title\":\"Request job codes\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a/paragraph_type?resourceVersion=id%3A19656\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a/relationships/paragraph_type?resourceVersion=id%3A19656\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"39004fd8-5d09-4cea-b000-0e15d4e88e98\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/39004fd8-5d09-4cea-b000-0e15d4e88e98?resourceVersion=id%3A19657\"}},\"attributes\":{\"drupal_internal__id\":3561,\"drupal_internal__revision_id\":19657,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:31:02+00:00\",\"parent_id\":\"3563\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp dir=\\\"ltr\\\"\u003eThe EUA First and Second Approvers must approve your requests.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe ISSO or ISSO contractor will send an email to\u0026nbsp;\u003ca href=\\\"mailto:CISO@cms.hhs.gov\\\"\u003eCISO@cms.hhs.gov\u003c/a\u003e for final approval.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp dir=\\\"ltr\\\"\u003eThe EUA First and Second Approvers must approve your requests.\u0026nbsp;\u003c/p\u003e\u003cp\u003eThe ISSO or ISSO contractor will send an email to\u0026nbsp;\u003ca href=\\\"mailto:CISO@cms.hhs.gov\\\"\u003eCISO@cms.hhs.gov\u003c/a\u003e for final approval.\u003c/p\u003e\"},\"field_list_item_title\":\"Job code requests approved\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/39004fd8-5d09-4cea-b000-0e15d4e88e98/paragraph_type?resourceVersion=id%3A19657\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/39004fd8-5d09-4cea-b000-0e15d4e88e98/relationships/paragraph_type?resourceVersion=id%3A19657\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"260bc118-0b34-41b0-af66-080d25593510\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/260bc118-0b34-41b0-af66-080d25593510?resourceVersion=id%3A19658\"}},\"attributes\":{\"drupal_internal__id\":3562,\"drupal_internal__revision_id\":19658,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:31:38+00:00\",\"parent_id\":\"3563\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eSystem Administrators assign you a CFACTS role and notify the ISSO that your role was assigned. The ISSO then assigns you to the correct system as a stakeholder.\u003c/p\u003e\u003cp\u003eIf needed, administrators will troubleshoot any access issues with you.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eSystem Administrators assign you a CFACTS role and notify the ISSO that your role was assigned. The ISSO then assigns you to the correct system as a stakeholder.\u003c/p\u003e\u003cp\u003eIf needed, administrators will troubleshoot any access issues with you.\u003c/p\u003e\"},\"field_list_item_title\":\"System assigned\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/260bc118-0b34-41b0-af66-080d25593510/paragraph_type?resourceVersion=id%3A19658\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/260bc118-0b34-41b0-af66-080d25593510/relationships/paragraph_type?resourceVersion=id%3A19658\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"e2ea1624-befd-40f7-b4d2-e336b60fd82c\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e2ea1624-befd-40f7-b4d2-e336b60fd82c?resourceVersion=id%3A19661\"}},\"attributes\":{\"drupal_internal__id\":3564,\"drupal_internal__revision_id\":19661,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:34:54+00:00\",\"parent_id\":\"3568\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eLog in to CFACTS.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eLog in to CFACTS.\u003c/p\u003e\"},\"field_list_item_title\":\"Log in\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e2ea1624-befd-40f7-b4d2-e336b60fd82c/paragraph_type?resourceVersion=id%3A19661\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e2ea1624-befd-40f7-b4d2-e336b60fd82c/relationships/paragraph_type?resourceVersion=id%3A19661\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"f3145901-0b26-454d-a708-3d85141d4527\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f3145901-0b26-454d-a708-3d85141d4527?resourceVersion=id%3A19662\"}},\"attributes\":{\"drupal_internal__id\":3565,\"drupal_internal__revision_id\":19662,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:35:07+00:00\",\"parent_id\":\"3568\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eOpen the Assessment \u0026amp; Authorization (A\u0026amp;A) tab at the top.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eOpen the Assessment \u0026amp; Authorization (A\u0026amp;A) tab at the top.\u003c/p\u003e\"},\"field_list_item_title\":\"Open Assessment \u0026 Authorization (A\u0026A)\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f3145901-0b26-454d-a708-3d85141d4527/paragraph_type?resourceVersion=id%3A19662\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f3145901-0b26-454d-a708-3d85141d4527/relationships/paragraph_type?resourceVersion=id%3A19662\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"f53da9a8-5f61-4922-8eb4-ba5614f3d423\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f53da9a8-5f61-4922-8eb4-ba5614f3d423?resourceVersion=id%3A19663\"}},\"attributes\":{\"drupal_internal__id\":3566,\"drupal_internal__revision_id\":19663,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:36:01+00:00\",\"parent_id\":\"3568\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eUsing the dashboard view of the A\u0026amp;A tab, find the name of the information system you want to assign the contractor to.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSelect the name to open that information system record.\u0026nbsp;\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eUsing the dashboard view of the A\u0026amp;A tab, find the name of the information system you want to assign the contractor to.\u0026nbsp;\u003c/p\u003e\u003cp\u003eSelect the name to open that information system record.\u0026nbsp;\u003c/p\u003e\"},\"field_list_item_title\":\"Find the information system\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f53da9a8-5f61-4922-8eb4-ba5614f3d423/paragraph_type?resourceVersion=id%3A19663\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f53da9a8-5f61-4922-8eb4-ba5614f3d423/relationships/paragraph_type?resourceVersion=id%3A19663\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"f7c40251-d8ba-48ff-88aa-848ffa5f12d8\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f7c40251-d8ba-48ff-88aa-848ffa5f12d8?resourceVersion=id%3A19664\"}},\"attributes\":{\"drupal_internal__id\":3567,\"drupal_internal__revision_id\":19664,\"langcode\":\"en\",\"status\":true,\"created\":\"2024-12-05T18:37:21+00:00\",\"parent_id\":\"3568\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eAssign the contractor to the system by entering their name into the appropriate space.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eAssign the contractor to the system by entering their name into the appropriate space.\u003c/p\u003e\"},\"field_list_item_title\":\"Assign the contractor\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f7c40251-d8ba-48ff-88aa-848ffa5f12d8/paragraph_type?resourceVersion=id%3A19664\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f7c40251-d8ba-48ff-88aa-848ffa5f12d8/relationships/paragraph_type?resourceVersion=id%3A19664\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"76dcb171-ae0a-42ba-b330-b93b63633cdd\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd?resourceVersion=id%3A19668\"}},\"attributes\":{\"drupal_internal__id\":1816,\"drupal_internal__revision_id\":19668,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:57:44+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd/paragraph_type?resourceVersion=id%3A19668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd/relationships/paragraph_type?resourceVersion=id%3A19668\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"fb20ba48-336f-4acc-b27a-55e07c1766df\",\"meta\":{\"drupal_internal__target_id\":426}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd/field_link?resourceVersion=id%3A19668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/76dcb171-ae0a-42ba-b330-b93b63633cdd/relationships/field_link?resourceVersion=id%3A19668\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"7f340091-9774-491a-817d-0cdfaf0c72d1\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1?resourceVersion=id%3A19669\"}},\"attributes\":{\"drupal_internal__id\":1821,\"drupal_internal__revision_id\":19669,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:57:50+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1/paragraph_type?resourceVersion=id%3A19669\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1/relationships/paragraph_type?resourceVersion=id%3A19669\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"6586d174-482d-43d2-9d86-2f0a42dc8a81\",\"meta\":{\"drupal_internal__target_id\":396}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1/field_link?resourceVersion=id%3A19669\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7f340091-9774-491a-817d-0cdfaf0c72d1/relationships/field_link?resourceVersion=id%3A19669\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"4b7486bb-57c5-440b-b07c-54deb80f1ca1\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1?resourceVersion=id%3A19670\"}},\"attributes\":{\"drupal_internal__id\":1826,\"drupal_internal__revision_id\":19670,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:58:44+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1/paragraph_type?resourceVersion=id%3A19670\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1/relationships/paragraph_type?resourceVersion=id%3A19670\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15\",\"meta\":{\"drupal_internal__target_id\":666}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1/field_link?resourceVersion=id%3A19670\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/4b7486bb-57c5-440b-b07c-54deb80f1ca1/relationships/field_link?resourceVersion=id%3A19670\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"d72a41d1-1d17-452f-9375-aea58d84e8e7\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7?resourceVersion=id%3A19671\"}},\"attributes\":{\"drupal_internal__id\":1831,\"drupal_internal__revision_id\":19671,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T17:59:19+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7/paragraph_type?resourceVersion=id%3A19671\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7/relationships/paragraph_type?resourceVersion=id%3A19671\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"a74e943d-f87d-4688-81e7-65a4013fa320\",\"meta\":{\"drupal_internal__target_id\":201}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7/field_link?resourceVersion=id%3A19671\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/d72a41d1-1d17-452f-9375-aea58d84e8e7/relationships/field_link?resourceVersion=id%3A19671\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"726e3057-d549-4d7d-80c7-0f4c5d5f8007\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007?resourceVersion=id%3A19672\"}},\"attributes\":{\"drupal_internal__id\":3462,\"drupal_internal__revision_id\":19672,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-10-16T13:53:28+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007/paragraph_type?resourceVersion=id%3A19672\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007/relationships/paragraph_type?resourceVersion=id%3A19672\"}}},\"field_link\":{\"data\":{\"type\":\"node--blog\",\"id\":\"9c778c45-d1f7-4833-8e23-aaad386c3314\",\"meta\":{\"drupal_internal__target_id\":1152}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007/field_link?resourceVersion=id%3A19672\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/726e3057-d549-4d7d-80c7-0f4c5d5f8007/relationships/field_link?resourceVersion=id%3A19672\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"dbde5fa8-5137-4df4-af83-a4330e0778c7\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7?resourceVersion=id%3A19673\"}},\"attributes\":{\"drupal_internal__id\":3463,\"drupal_internal__revision_id\":19673,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-10-16T13:53:48+00:00\",\"parent_id\":\"261\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7/paragraph_type?resourceVersion=id%3A19673\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7/relationships/paragraph_type?resourceVersion=id%3A19673\"}}},\"field_link\":{\"data\":{\"type\":\"node--blog\",\"id\":\"f601d782-a1c3-41d3-8927-5fbba258da6b\",\"meta\":{\"drupal_internal__target_id\":1139}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7/field_link?resourceVersion=id%3A19673\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/dbde5fa8-5137-4df4-af83-a4330e0778c7/relationships/field_link?resourceVersion=id%3A19673\"}}}}},{\"type\":\"node--explainer\",\"id\":\"fb20ba48-336f-4acc-b27a-55e07c1766df\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df?resourceVersion=id%3A5565\"}},\"attributes\":{\"drupal_internal__nid\":426,\"drupal_internal__vid\":5565,\"langcode\":\"en\",\"revision_timestamp\":\"2024-06-07T20:12:34+00:00\",\"status\":true,\"title\":\"Privacy Impact Assessment (PIA)\",\"created\":\"2022-08-29T17:16:06+00:00\",\"changed\":\"2024-06-06T17:13:30+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/privacy-impact-assessment-pia\",\"pid\":416,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"privacy@cms.hhs.gov\",\"field_contact_name\":\"Privacy Office\",\"field_short_description\":{\"value\":\"Process that identifies and mitigates privacy risks for CMS systems regarding the use of Personally Identifiable Information (PII)\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eProcess that identifies and mitigates privacy risks for CMS systems regarding the use of Personally Identifiable Information (PII)\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#ispg-sec_privacy-policy\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/node_type?resourceVersion=id%3A5565\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/node_type?resourceVersion=id%3A5565\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"a54cc91d-d38c-4158-9cf3-d7bcda34fc84\",\"meta\":{\"drupal_internal__target_id\":110}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/revision_uid?resourceVersion=id%3A5565\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/revision_uid?resourceVersion=id%3A5565\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/uid?resourceVersion=id%3A5565\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/uid?resourceVersion=id%3A5565\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"6a7003c0-dd34-424b-abe5-dcdbb4ae4e21\",\"meta\":{\"target_revision_id\":18109,\"drupal_internal__target_id\":511}},{\"type\":\"paragraph--page_section\",\"id\":\"0a3e39c3-11df-48ee-acda-d4be29d1eb91\",\"meta\":{\"target_revision_id\":18116,\"drupal_internal__target_id\":3452}},{\"type\":\"paragraph--page_section\",\"id\":\"cd0b41ba-9490-40c4-b79f-df959006794c\",\"meta\":{\"target_revision_id\":18117,\"drupal_internal__target_id\":3495}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_page_section?resourceVersion=id%3A5565\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_page_section?resourceVersion=id%3A5565\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"06f52736-42ef-4a3e-a5a5-239887c37d8f\",\"meta\":{\"target_revision_id\":18118,\"drupal_internal__target_id\":2066}},{\"type\":\"paragraph--internal_link\",\"id\":\"8d2e8289-04d9-4f94-a59e-ea72edc28a57\",\"meta\":{\"target_revision_id\":18119,\"drupal_internal__target_id\":2071}},{\"type\":\"paragraph--internal_link\",\"id\":\"f809e191-d1ff-4924-8b94-9e0f705b1620\",\"meta\":{\"target_revision_id\":18120,\"drupal_internal__target_id\":2076}},{\"type\":\"paragraph--internal_link\",\"id\":\"fe146104-4cdc-4270-80c9-3cf6b03f6f4b\",\"meta\":{\"target_revision_id\":18121,\"drupal_internal__target_id\":2081}},{\"type\":\"paragraph--internal_link\",\"id\":\"9d66b298-b9ef-4ae5-8a79-b1613b838eb6\",\"meta\":{\"target_revision_id\":18122,\"drupal_internal__target_id\":2086}},{\"type\":\"paragraph--internal_link\",\"id\":\"71620d65-13f9-45f3-b8fb-0108fba8c4b0\",\"meta\":{\"target_revision_id\":18123,\"drupal_internal__target_id\":2091}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_related_collection?resourceVersion=id%3A5565\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_related_collection?resourceVersion=id%3A5565\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_resource_type?resourceVersion=id%3A5565\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_resource_type?resourceVersion=id%3A5565\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_roles?resourceVersion=id%3A5565\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_roles?resourceVersion=id%3A5565\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"7917cea4-02d7-4ebd-93a3-4c39d5f24674\",\"meta\":{\"drupal_internal__target_id\":6}},{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":{\"drupal_internal__target_id\":31}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/field_topics?resourceVersion=id%3A5565\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/fb20ba48-336f-4acc-b27a-55e07c1766df/relationships/field_topics?resourceVersion=id%3A5565\"}}}}},{\"type\":\"node--explainer\",\"id\":\"6586d174-482d-43d2-9d86-2f0a42dc8a81\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81?resourceVersion=id%3A5754\"}},\"attributes\":{\"drupal_internal__nid\":396,\"drupal_internal__vid\":5754,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-05T15:53:09+00:00\",\"status\":true,\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"created\":\"2022-08-29T16:56:42+00:00\",\"changed\":\"2024-08-05T15:53:09+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/plan-action-and-milestones-poam\",\"pid\":386,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":{\"value\":\"A corrective action plan roadmap to address system weaknesses and the resources required to fix them\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eA corrective action plan roadmap to address system weaknesses and the resources required to fix them\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#cra-help\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/node_type?resourceVersion=id%3A5754\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/node_type?resourceVersion=id%3A5754\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"meta\":{\"drupal_internal__target_id\":159}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/revision_uid?resourceVersion=id%3A5754\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/revision_uid?resourceVersion=id%3A5754\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/uid?resourceVersion=id%3A5754\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/uid?resourceVersion=id%3A5754\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"7a011f0b-d154-4824-a3d9-ab6d2d897205\",\"meta\":{\"target_revision_id\":19037,\"drupal_internal__target_id\":506}},{\"type\":\"paragraph--page_section\",\"id\":\"ee1fabb0-058d-4b71-a7db-8a9ce8319795\",\"meta\":{\"target_revision_id\":19038,\"drupal_internal__target_id\":3385}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_page_section?resourceVersion=id%3A5754\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_page_section?resourceVersion=id%3A5754\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"df30d570-d5dc-431f-bec8-3054b29243cb\",\"meta\":{\"target_revision_id\":19039,\"drupal_internal__target_id\":2041}},{\"type\":\"paragraph--internal_link\",\"id\":\"4bccf275-df68-449d-8a48-3ba2274c322a\",\"meta\":{\"target_revision_id\":19040,\"drupal_internal__target_id\":2046}},{\"type\":\"paragraph--internal_link\",\"id\":\"443bfeb0-96a1-4b88-bd6d-d93d1d744e64\",\"meta\":{\"target_revision_id\":19041,\"drupal_internal__target_id\":2051}},{\"type\":\"paragraph--internal_link\",\"id\":\"71549f27-6a6b-4a16-9304-6208d994604a\",\"meta\":{\"target_revision_id\":19042,\"drupal_internal__target_id\":2056}},{\"type\":\"paragraph--internal_link\",\"id\":\"ab8baea5-3667-47bd-b2c5-a8b59a3847ac\",\"meta\":{\"target_revision_id\":19043,\"drupal_internal__target_id\":2061}},{\"type\":\"paragraph--internal_link\",\"id\":\"6b40f485-c76e-44f6-8489-9bbf991c1f6c\",\"meta\":{\"target_revision_id\":19044,\"drupal_internal__target_id\":2551}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_related_collection?resourceVersion=id%3A5754\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_related_collection?resourceVersion=id%3A5754\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_resource_type?resourceVersion=id%3A5754\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_resource_type?resourceVersion=id%3A5754\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":{\"drupal_internal__target_id\":71}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_roles?resourceVersion=id%3A5754\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_roles?resourceVersion=id%3A5754\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"7917cea4-02d7-4ebd-93a3-4c39d5f24674\",\"meta\":{\"drupal_internal__target_id\":6}},{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":{\"drupal_internal__target_id\":36}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/field_topics?resourceVersion=id%3A5754\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/6586d174-482d-43d2-9d86-2f0a42dc8a81/relationships/field_topics?resourceVersion=id%3A5754\"}}}}},{\"type\":\"node--explainer\",\"id\":\"e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15?resourceVersion=id%3A5965\"}},\"attributes\":{\"drupal_internal__nid\":666,\"drupal_internal__vid\":5965,\"langcode\":\"en\",\"revision_timestamp\":\"2024-11-19T23:10:38+00:00\",\"status\":true,\"title\":\"System Security and Privacy Plan (SSPP)\",\"created\":\"2023-02-02T19:01:24+00:00\",\"changed\":\"2024-11-19T23:10:38+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/system-security-and-privacy-plan-sspp\",\"pid\":656,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":{\"value\":\"Documentation of a FISMA systems features and security requirements, along with controls and procedures for information protection\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eDocumentation of a FISMA systems features and security requirements, along with controls and procedures for information protection\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#CFACTS_community\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/node_type?resourceVersion=id%3A5965\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/node_type?resourceVersion=id%3A5965\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/revision_uid?resourceVersion=id%3A5965\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/revision_uid?resourceVersion=id%3A5965\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/uid?resourceVersion=id%3A5965\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/uid?resourceVersion=id%3A5965\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"830b220c-0b4e-42e7-8768-f0e366e2e394\",\"meta\":{\"target_revision_id\":19524,\"drupal_internal__target_id\":531}},{\"type\":\"paragraph--page_section\",\"id\":\"0809565b-c9be-43d4-af0f-30e8770ed6a2\",\"meta\":{\"target_revision_id\":19529,\"drupal_internal__target_id\":3471}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_page_section?resourceVersion=id%3A5965\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_page_section?resourceVersion=id%3A5965\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"9d67ade3-a2a1-4c6b-883d-eb2bab7ee929\",\"meta\":{\"target_revision_id\":19530,\"drupal_internal__target_id\":1636}},{\"type\":\"paragraph--internal_link\",\"id\":\"58395445-a7b1-4f8f-9aa8-867695cee5ff\",\"meta\":{\"target_revision_id\":19531,\"drupal_internal__target_id\":1641}},{\"type\":\"paragraph--internal_link\",\"id\":\"d75e6c82-2c87-4709-95f8-9320a54bf92a\",\"meta\":{\"target_revision_id\":19532,\"drupal_internal__target_id\":1646}},{\"type\":\"paragraph--internal_link\",\"id\":\"f0fa4163-1622-4ac8-aefb-1795d0813853\",\"meta\":{\"target_revision_id\":19533,\"drupal_internal__target_id\":1651}},{\"type\":\"paragraph--internal_link\",\"id\":\"b52610a5-ba07-4eba-85b4-fc6415050a84\",\"meta\":{\"target_revision_id\":19534,\"drupal_internal__target_id\":1656}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_related_collection?resourceVersion=id%3A5965\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_related_collection?resourceVersion=id%3A5965\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_resource_type?resourceVersion=id%3A5965\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_resource_type?resourceVersion=id%3A5965\"}}},\"field_roles\":{\"data\":[],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_roles?resourceVersion=id%3A5965\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_roles?resourceVersion=id%3A5965\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":{\"drupal_internal__target_id\":31}},{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"meta\":{\"drupal_internal__target_id\":11}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/field_topics?resourceVersion=id%3A5965\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15/relationships/field_topics?resourceVersion=id%3A5965\"}}}}},{\"type\":\"node--explainer\",\"id\":\"a74e943d-f87d-4688-81e7-65a4013fa320\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320?resourceVersion=id%3A5941\"}},\"attributes\":{\"drupal_internal__nid\":201,\"drupal_internal__vid\":5941,\"langcode\":\"en\",\"revision_timestamp\":\"2024-10-17T14:04:35+00:00\",\"status\":true,\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"created\":\"2022-08-25T18:58:52+00:00\",\"changed\":\"2024-10-07T20:27:11+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"pid\":191,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CSRAP@cms.hhs.gov\",\"field_contact_name\":\"CSRAP Team\",\"field_short_description\":{\"value\":\"A streamlined risk-based control(s) testing methodology designed to relieve operational burden.\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eA streamlined risk-based control(s) testing methodology designed to relieve operational burden.\u003c/p\u003e\\n\"},\"field_slack_channel\":[]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/node_type?resourceVersion=id%3A5941\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/node_type?resourceVersion=id%3A5941\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"39240c69-3096-49cd-a07c-3843b6c48c5f\",\"meta\":{\"drupal_internal__target_id\":95}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/revision_uid?resourceVersion=id%3A5941\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/revision_uid?resourceVersion=id%3A5941\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/uid?resourceVersion=id%3A5941\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/uid?resourceVersion=id%3A5941\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"f36fb6d1-0795-400f-8a15-36d1979118b0\",\"meta\":{\"target_revision_id\":19433,\"drupal_internal__target_id\":3501}},{\"type\":\"paragraph--page_section\",\"id\":\"eb5b28d8-8825-43c5-a889-513068f48fd8\",\"meta\":{\"target_revision_id\":19434,\"drupal_internal__target_id\":611}},{\"type\":\"paragraph--page_section\",\"id\":\"269aaf52-85f1-411f-a67e-e9d9ad620d8a\",\"meta\":{\"target_revision_id\":19435,\"drupal_internal__target_id\":651}},{\"type\":\"paragraph--page_section\",\"id\":\"3a3615ff-9d53-40d6-8291-fd4516dbc893\",\"meta\":{\"target_revision_id\":19442,\"drupal_internal__target_id\":3502}},{\"type\":\"paragraph--page_section\",\"id\":\"cbe6ce50-d7fa-40ac-afe1-00d600e4a4aa\",\"meta\":{\"target_revision_id\":19443,\"drupal_internal__target_id\":3503}},{\"type\":\"paragraph--page_section\",\"id\":\"a46d03b7-7478-40f1-a7da-3171ffcfaa2d\",\"meta\":{\"target_revision_id\":19444,\"drupal_internal__target_id\":3504}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_page_section?resourceVersion=id%3A5941\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_page_section?resourceVersion=id%3A5941\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"28dbad4c-79e6-4f83-bc5e-965ba6aa4926\",\"meta\":{\"target_revision_id\":19445,\"drupal_internal__target_id\":656}},{\"type\":\"paragraph--internal_link\",\"id\":\"9b8ddf12-5af3-4acf-a7bd-c5f629ddc1e2\",\"meta\":{\"target_revision_id\":19446,\"drupal_internal__target_id\":661}},{\"type\":\"paragraph--internal_link\",\"id\":\"77c203ce-2da8-4200-986c-1093acc2ff5a\",\"meta\":{\"target_revision_id\":19447,\"drupal_internal__target_id\":671}},{\"type\":\"paragraph--internal_link\",\"id\":\"50fa320c-23ef-4b7f-b3ee-4f4c55fe4a5a\",\"meta\":{\"target_revision_id\":19448,\"drupal_internal__target_id\":676}},{\"type\":\"paragraph--internal_link\",\"id\":\"c4a332dc-02ea-48f6-9c08-c12ca06e62b5\",\"meta\":{\"target_revision_id\":19449,\"drupal_internal__target_id\":681}},{\"type\":\"paragraph--internal_link\",\"id\":\"5cc61db4-e2f7-43ad-b914-3661d73886e9\",\"meta\":{\"target_revision_id\":19450,\"drupal_internal__target_id\":3505}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_related_collection?resourceVersion=id%3A5941\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_related_collection?resourceVersion=id%3A5941\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":{\"drupal_internal__target_id\":121}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_resource_type?resourceVersion=id%3A5941\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_resource_type?resourceVersion=id%3A5941\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_roles?resourceVersion=id%3A5941\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_roles?resourceVersion=id%3A5941\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"7917cea4-02d7-4ebd-93a3-4c39d5f24674\",\"meta\":{\"drupal_internal__target_id\":6}},{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":{\"drupal_internal__target_id\":36}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/field_topics?resourceVersion=id%3A5941\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a74e943d-f87d-4688-81e7-65a4013fa320/relationships/field_topics?resourceVersion=id%3A5941\"}}}}},{\"type\":\"node--blog\",\"id\":\"9c778c45-d1f7-4833-8e23-aaad386c3314\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314?resourceVersion=id%3A5824\"}},\"attributes\":{\"drupal_internal__nid\":1152,\"drupal_internal__vid\":5824,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-06T15:59:16+00:00\",\"status\":true,\"title\":\"Completing tasks in CFACTS is easy with \\\"CFACTS How-To\\\" videos\",\"created\":\"2023-09-26T15:56:18+00:00\",\"changed\":\"2024-08-06T15:59:16+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/posts/completing-tasks-cfacts-easy-cfacts-training-videos\",\"pid\":1003,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":{\"value\":\"$1e\",\"format\":\"body_text\",\"processed\":\"$1f\",\"summary\":\"\"},\"field_short_description\":{\"value\":\"Want to learn about new features and how to do tasks in CFACTS? How-To videos from CFACTS can help!\\r\\n\\r\\n\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eWant to learn about new features and how to do tasks in CFACTS? How-To videos from CFACTS can help!\u003c/p\u003e\\n\"},\"field_video_link\":null},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"f382c03e-0cc5-4892-aa46-653a2d90fc05\",\"meta\":{\"drupal_internal__target_id\":\"blog\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/node_type?resourceVersion=id%3A5824\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/node_type?resourceVersion=id%3A5824\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"c34b79d4-f936-45dd-968f-7efc22d4370b\",\"meta\":{\"drupal_internal__target_id\":94}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/revision_uid?resourceVersion=id%3A5824\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/revision_uid?resourceVersion=id%3A5824\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/uid?resourceVersion=id%3A5824\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/uid?resourceVersion=id%3A5824\"}}},\"field_cover_image\":{\"data\":{\"type\":\"media--blog_cover_image\",\"id\":\"e5856274-7e14-4dda-b584-1a676d261f6c\",\"meta\":{\"drupal_internal__target_id\":191}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_cover_image?resourceVersion=id%3A5824\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_cover_image?resourceVersion=id%3A5824\"}}},\"field_publisher_group\":{\"data\":{\"type\":\"group--team\",\"id\":\"7995b974-7ea1-448b-827d-7db797f4d769\",\"meta\":{\"drupal_internal__target_id\":23}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_publisher_group?resourceVersion=id%3A5824\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_publisher_group?resourceVersion=id%3A5824\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"cccd136f-b478-40f0-8ff8-fd73f75f4ab0\",\"meta\":{\"drupal_internal__target_id\":106}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_resource_type?resourceVersion=id%3A5824\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_resource_type?resourceVersion=id%3A5824\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_roles?resourceVersion=id%3A5824\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_roles?resourceVersion=id%3A5824\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":{\"drupal_internal__target_id\":36}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/field_topics?resourceVersion=id%3A5824\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/9c778c45-d1f7-4833-8e23-aaad386c3314/relationships/field_topics?resourceVersion=id%3A5824\"}}}}},{\"type\":\"node--blog\",\"id\":\"f601d782-a1c3-41d3-8927-5fbba258da6b\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b?resourceVersion=id%3A5791\"}},\"attributes\":{\"drupal_internal__nid\":1139,\"drupal_internal__vid\":5791,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-06T15:44:55+00:00\",\"status\":true,\"title\":\"Watch and Learn: System Categorization in CFACTS\",\"created\":\"2023-08-22T15:32:02+00:00\",\"changed\":\"2024-08-06T15:44:55+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/posts/watch-and-learn-system-categorization-cfacts\",\"pid\":991,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":{\"value\":\"\u003cp\u003eEach new CMS FISMA system must define its security categorization based on the \u003ca href=\\\"http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf\\\"\u003eFederal Information Processing Standards Publication 199 (FIPS 199)\u003c/a\u003e. Each system must be reviewed in the following categories:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eConfidentiality\u003c/li\u003e\u003cli\u003eIntegrity\u003c/li\u003e\u003cli\u003eAvailability\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eDuring review, each category is assigned a rating of low, moderate, or high impact. The most severe rating from any category becomes the system's overall security categorization.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn the past, the ISSO completed this review using the System Categorization Worksheet (SCW). The SCW is outdated and has been retired.\u0026nbsp;ISSOs can now complete their system categorization using CFACTS. Watch the video to learn about this process.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIf you have questions, you can contact the CFACTS Team in CMS Slack in the #\u003cstrong\u003ecfacts_community \u003c/strong\u003echannel\u003cstrong\u003e.\u003c/strong\u003e\u003c/p\u003e\",\"format\":\"body_text\",\"processed\":\"\u003cp\u003eEach new CMS FISMA system must define its security categorization based on the \u003ca href=\\\"http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf\\\"\u003eFederal Information Processing Standards Publication 199 (FIPS 199)\u003c/a\u003e. Each system must be reviewed in the following categories:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eConfidentiality\u003c/li\u003e\u003cli\u003eIntegrity\u003c/li\u003e\u003cli\u003eAvailability\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eDuring review, each category is assigned a rating of low, moderate, or high impact. The most severe rating from any category becomes the system's overall security categorization.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIn the past, the ISSO completed this review using the System Categorization Worksheet (SCW). The SCW is outdated and has been retired.\u0026nbsp;ISSOs can now complete their system categorization using CFACTS. Watch the video to learn about this process.\u0026nbsp;\u003c/p\u003e\u003cp\u003eIf you have questions, you can contact the CFACTS Team in CMS Slack in the #\u003cstrong\u003ecfacts_community \u003c/strong\u003echannel\u003cstrong\u003e.\u003c/strong\u003e\u003c/p\u003e\",\"summary\":\"\"},\"field_short_description\":{\"value\":\"Watch the video about assigning a FIPS 199 Security Category to your system, and learn how to use CFACTS to simplify the process\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eWatch the video about assigning a FIPS 199 Security Category to your system, and learn how to use CFACTS to simplify the process\u003c/p\u003e\\n\"},\"field_video_link\":\"https://www.youtube.com/watch?v=GjpHR6UeSkA\"},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"f382c03e-0cc5-4892-aa46-653a2d90fc05\",\"meta\":{\"drupal_internal__target_id\":\"blog\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/node_type?resourceVersion=id%3A5791\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/node_type?resourceVersion=id%3A5791\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"c34b79d4-f936-45dd-968f-7efc22d4370b\",\"meta\":{\"drupal_internal__target_id\":94}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/revision_uid?resourceVersion=id%3A5791\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/revision_uid?resourceVersion=id%3A5791\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/uid?resourceVersion=id%3A5791\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/uid?resourceVersion=id%3A5791\"}}},\"field_cover_image\":{\"data\":{\"type\":\"media--blog_cover_image\",\"id\":\"c0318530-736d-47a4-89c3-78616da050c1\",\"meta\":{\"drupal_internal__target_id\":86}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_cover_image?resourceVersion=id%3A5791\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_cover_image?resourceVersion=id%3A5791\"}}},\"field_publisher_group\":{\"data\":{\"type\":\"group--team\",\"id\":\"7995b974-7ea1-448b-827d-7db797f4d769\",\"meta\":{\"drupal_internal__target_id\":23}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_publisher_group?resourceVersion=id%3A5791\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_publisher_group?resourceVersion=id%3A5791\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"cccd136f-b478-40f0-8ff8-fd73f75f4ab0\",\"meta\":{\"drupal_internal__target_id\":106}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_resource_type?resourceVersion=id%3A5791\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_resource_type?resourceVersion=id%3A5791\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_roles?resourceVersion=id%3A5791\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_roles?resourceVersion=id%3A5791\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":{\"drupal_internal__target_id\":36}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/field_topics?resourceVersion=id%3A5791\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/blog/f601d782-a1c3-41d3-8927-5fbba258da6b/relationships/field_topics?resourceVersion=id%3A5791\"}}}}}],\"includedMap\":{\"d185e460-4998-4d2b-85cb-b04f304dfb1b\":\"$20\",\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\":\"$2a\",\"dca2c49b-4a12-4d5f-859d-a759444160a4\":\"$2e\",\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\":\"$32\",\"9d999ae3-b43c-45fb-973e-dffe50c27da5\":\"$4c\",\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\":\"$66\",\"f591f442-c0b0-4b8e-af66-7998a3329f34\":\"$80\",\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\":\"$9a\",\"65ef6410-4066-4db4-be03-c8eb26b63305\":\"$b4\",\"0bc7c1d0-b569-4514-b66c-367457dead7e\":\"$ce\",\"963db416-cca0-421d-8c3e-40c8e2ce190f\":\"$e8\",\"9b87eb1d-cb43-472b-9b5b-8618d2688563\":\"$fb\",\"122a8de9-c38d-492b-bc93-b43b270f2933\":\"$110\",\"594617c8-824a-4962-aa08-fdf8dd4677fb\":\"$125\",\"0133f338-f61a-45ab-8fd5-600be40c30d4\":\"$138\",\"8243dd59-39ab-4e89-984a-6c14b074e237\":\"$147\",\"380f7345-d826-49bf-99a2-ae0eb21201c8\":\"$15e\",\"d418f5bc-b857-4a90-a2a7-e7afeaa1fd0a\":\"$177\",\"39004fd8-5d09-4cea-b000-0e15d4e88e98\":\"$184\",\"260bc118-0b34-41b0-af66-080d25593510\":\"$191\",\"e2ea1624-befd-40f7-b4d2-e336b60fd82c\":\"$19e\",\"f3145901-0b26-454d-a708-3d85141d4527\":\"$1ab\",\"f53da9a8-5f61-4922-8eb4-ba5614f3d423\":\"$1b8\",\"f7c40251-d8ba-48ff-88aa-848ffa5f12d8\":\"$1c5\",\"76dcb171-ae0a-42ba-b330-b93b63633cdd\":\"$1d2\",\"7f340091-9774-491a-817d-0cdfaf0c72d1\":\"$1e4\",\"4b7486bb-57c5-440b-b07c-54deb80f1ca1\":\"$1f6\",\"d72a41d1-1d17-452f-9375-aea58d84e8e7\":\"$208\",\"726e3057-d549-4d7d-80c7-0f4c5d5f8007\":\"$21a\",\"dbde5fa8-5137-4df4-af83-a4330e0778c7\":\"$22c\",\"fb20ba48-336f-4acc-b27a-55e07c1766df\":\"$23e\",\"6586d174-482d-43d2-9d86-2f0a42dc8a81\":\"$28e\",\"e36ecfdd-ed37-4ebb-b9a1-e5f8b05a7c15\":\"$2de\",\"a74e943d-f87d-4688-81e7-65a4013fa320\":\"$324\",\"9c778c45-d1f7-4833-8e23-aaad386c3314\":\"$37a\",\"f601d782-a1c3-41d3-8927-5fbba258da6b\":\"$3ba\"}}}]\n"])</script><script>self.__next_f.push([1,"a:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"CMS FISMA Continuous Tracking System (CFACTS) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"CFACTS is a CMS database that tracks application security deficiencies and POA\u0026Ms, and supports the ATO process\"}],[\"$\",\"link\",\"4\",{\"rel\":\"canonical\",\"href\":\"https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts\"}],[\"$\",\"meta\",\"5\",{\"name\":\"google-site-verification\",\"content\":\"GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"CMS FISMA Continuous Tracking System (CFACTS) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"CFACTS is a CMS database that tracks application security deficiencies and POA\u0026Ms, and supports the ATO process\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"10\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"11\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"12\",{\"property\":\"og:image\",\"content\":\"https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"meta\",\"13\",{\"property\":\"og:type\",\"content\":\"website\"}],[\"$\",\"meta\",\"14\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"15\",{\"name\":\"twitter:title\",\"content\":\"CMS FISMA Continuous Tracking System (CFACTS) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"16\",{\"name\":\"twitter:description\",\"content\":\"CFACTS is a CMS database that tracks application security deficiencies and POA\u0026Ms, and supports the ATO process\"}],[\"$\",\"meta\",\"17\",{\"name\":\"twitter:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"18\",{\"name\":\"twitter:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"19\",{\"name\":\"twitter:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"20\",{\"name\":\"twitter:image\",\"content\":\"https://security.cms.gov/learn/cms-fisma-continuous-tracking-system-cfacts/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"link\",\"21\",{\"rel\":\"icon\",\"href\":\"/favicon.ico\",\"type\":\"image/x-icon\",\"sizes\":\"48x48\"}]]\n"])</script><script>self.__next_f.push([1,"4:null\n"])</script></body></html>
Reference in a new issue View git blame Copy permalink