publicdata/cms-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cms-gov/security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm
Scott Williams b906a0e722 Initial commit
2025-02-28 14:41:14 -05:00

1 line
No EOL
244 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" as="image" href="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg" fetchPriority="high"/><link rel="stylesheet" href="/_next/static/css/ef46db3751d8e999.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/0759e90f4fecfde7.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-182b67d00f496f9d.js"/><script src="/_next/static/chunks/fd9d1056-ad09c71b7719f2fb.js" async=""></script><script src="/_next/static/chunks/23-260042deb5df7a88.js" async=""></script><script src="/_next/static/chunks/main-app-6de3c3100b91a0a9.js" async=""></script><script src="/_next/static/chunks/30-49b1c1429d73281d.js" async=""></script><script src="/_next/static/chunks/317-0f87feacc1712b2f.js" async=""></script><script src="/_next/static/chunks/223-bc9ed43510898bbb.js" async=""></script><script src="/_next/static/chunks/app/layout-9fc24027bc047aa2.js" async=""></script><script src="/_next/static/chunks/972-6e520d137ef194fb.js" async=""></script><script src="/_next/static/chunks/app/page-cc829e051925e906.js" async=""></script><script src="/_next/static/chunks/app/template-d264bab5e3061841.js" async=""></script><script src="/_next/static/chunks/e37a0b60-b74be3d42787b18d.js" async=""></script><script src="/_next/static/chunks/904-dbddf7494c3e6975.js" async=""></script><script src="/_next/static/chunks/549-c87c1c3bbacc319f.js" async=""></script><script src="/_next/static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js" async=""></script><link rel="preload" href="/assets/javascript/uswds-init.min.js" as="script"/><link rel="preload" href="/assets/javascript/uswds.min.js" as="script"/><title>Continuous Diagnostics and Mitigation (CDM) | CMS Information Security &amp; Privacy Group</title><meta name="description" content="Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems"/><link rel="canonical" href="https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm"/><meta name="google-site-verification" content="GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M"/><meta property="og:title" content="Continuous Diagnostics and Mitigation (CDM) | CMS Information Security &amp; Privacy Group"/><meta property="og:description" content="Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems"/><meta property="og:url" content="https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm"/><meta property="og:image:type" content="image/jpeg"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta property="og:image" content="https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm/opengraph-image.jpg?d21225707c5ed280"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="Continuous Diagnostics and Mitigation (CDM) | CMS Information Security &amp; Privacy Group"/><meta name="twitter:description" content="Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems"/><meta name="twitter:image:type" content="image/jpeg"/><meta name="twitter:image:width" content="1200"/><meta name="twitter:image:height" content="630"/><meta name="twitter:image" content="https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm/opengraph-image.jpg?d21225707c5ed280"/><link rel="icon" href="/favicon.ico" type="image/x-icon" sizes="48x48"/><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds-init.min.js",{}])</script><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body><a class="usa-skipnav" href="#main">Skip to main content</a><section class="usa-banner" aria-label="Official website of the United States government"><div class="usa-accordion"><header class="usa-banner__header"><div class="usa-banner__inner"><div class="grid-col-auto"><img aria-hidden="true" alt="" loading="lazy" width="16" height="11" decoding="async" data-nimg="1" class="usa-banner__header-flag" style="color:transparent" srcSet="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=16&amp;q=75 1x, /_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75 2x" src="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75"/></div><div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"><p class="usa-banner__header-text">An official website of the United States government</p><p class="usa-banner__header-action">Here&#x27;s how you know</p></div><button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default-default"><span class="usa-banner__button-text">Here&#x27;s how you know</span></button></div></header><div class="usa-banner__content usa-accordion__content" id="gov-banner-default-default" hidden=""><div class="grid-row grid-gap-lg"><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-dot-gov.3e9cb1b5.svg"/><div class="usa-media-block__body"><p><strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States.</p></div></div><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-https.e7f1a222.svg"/><div class="usa-media-block__body"><p><strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> (<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"><title id="banner-lock-title-default">Lock</title><desc id="banner-lock-description-default">Locked padlock icon</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"></path></svg></span>) or <strong>https://</strong> means you&#x27;ve safely connected to the .gov website. Share sensitive information only on official, secure websites.</p></div></div></div></div></div></section><div class="usa-overlay"></div><header class="usa-header usa-header--extended"><div class="bg-primary-dark"><div class="usa-navbar"><div class="usa-logo padding-y-4 padding-right-3" id="CyberGeek-logo"><a title="CMS CyberGeek Home" href="/"><img alt="CyberGeek logo" fetchPriority="high" width="298" height="35" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a></div><button aria-label="Open menu" type="button" class="usa-menu-btn" data-cy="menu-button">Menu</button></div></div><nav aria-label="Primary navigation" class="usa-nav padding-0 desktop:width-auto bg-white grid-container float-none"><div class="usa-nav__inner"><button type="button" class="usa-nav__close margin-0"><img alt="Close" loading="lazy" width="24" height="24" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/close.1fafc2aa.svg"/></button><ul class="usa-nav__primary usa-accordion"><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="roles"><span>Roles</span></button><ul id="roles" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Roles</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/information-system-security-officer-isso">Information System Security Officer (ISSO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook"><span>ISSO Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos"><span>Getting started (for new ISSOs)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-mentorship-program"><span>ISSO Mentorship Program</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#training"><span>ISSO Training</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/data-guardian">Data Guardian</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/data-guardian-handbook"><span>Data Guardian Handbook</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cyber-risk-advisor-cra">Cyber Risk Advisor (CRA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters"><span>Risk Management Handbook (RMH)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/business-system-owner">Business / System Owner (BO/SO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity and Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-service"><span>ISSO As A Service</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="compliance-authorization"><span>Compliance &amp; Authorization</span></button><ul id="compliance-authorization" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Compliance &amp; Authorization</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/authorization-operate-ato">Authorization to Operate (ATO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato"><span>About ATO at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#types-of-authorizations"><span>Types of authorizations</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#ato-stakeholders"><span>ATO stakeholders</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#related-documents-and-resources"><span>ATO tools and resources</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-technical-reference-architecture-tra"><span>CMS Technical Reference Architecture (TRA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/ongoing-authorization-oa">Ongoing Authorization (OA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa"><span>About OA at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa"><span>OA eligibility requirements</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Assessments &amp; Audits</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/security-impact-analysis-sia"><span>Security Impact Analysis (SIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-audits"><span>System Audits</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="policy-guidance"><span>Policy &amp; Guidance</span></button><ul id="policy-guidance" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Policy &amp; Guidance</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cms-policies-and-guidance">CMS Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-acceptable-risk-safeguards-ars"><span>CMS Acceptable Risk Safeguards (ARS)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-systems-security-privacy-policy-is2p2"><span>CMS Information Security and Privacy Policy (IS2P2)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-risk-management-framework-rmf"><span>CMS Risk Management Framework (RMF)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/email-encryption-requirements-cms"><span>CMS Email Encryption</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/federal-policies-and-guidance">Federal Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/national-institute-standards-and-technology-nist"><span>National Institute of Standards and Technology (NIST)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/federal-information-security-modernization-act-fisma"><span>Federal Information Security Modernization Act (FISMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/fedramp"><span>Federal Risk and Authorization Management Program (FedRAMP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="system-security"><span>System Security</span></button><ul id="system-security" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">System Security</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/application-security">Application Security</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/software-bill-materials-sbom"><span>Software Bill of Materials (SBOM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/security-operations">Security Operations</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir"><span>Incident Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/risk-management-and-reporting">Risk Management and Reporting</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/plan-action-and-milestones-poam"><span>Plan of Action and Milestones (POA&amp;M)</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="privacy"><span>Privacy</span></button><ul id="privacy" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Privacy</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Agreements</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Activities</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/breach-response"><span>Breach Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-records-notice-sorn"><span>System of Records Notice (SORN)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Resources</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/ispg/privacy"><span>Privacy at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-breach-response-handbook"><span>CMS Breach Response Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/health-insurance-portability-and-accountability-act-1996-hipaa"><span>Health Insurance Portability and Accessibility Act (HIPAA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-privacy-impact-assessment-pia-handbook"><span>CMS Privacy Impact Assessment (PIA) Handbook</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="tools-services"><span>Tools &amp; Services</span></button><ul id="tools-services" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Tools &amp; Services</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Reporting &amp; Compliance</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/isso-service"><span>ISSO As A Service</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-fisma-continuous-tracking-system-cfacts"><span>CFACTS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports and Dashboards</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">System Security</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-security-data-lake-sdl"><span>CMS Security Data Lake (SDL)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Tests &amp; Assessments</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li></ul></section></div></li></ul></li></ul><div class="usa-nav__secondary padding-left-2"><section aria-label="Header search box"><form class="usa-search usa-search--small" role="search" action="/search"><label class="usa-sr-only" for="header-search-box">Search</label><input class="usa-input search__input" id="header-search-box" type="search" name="ispg[query]"/><button aria-label="header search box button" class="usa-button" id="header-search-box-btn" type="submit"><svg aria-describedby="searchIcon" class="usa-icon" aria-hidden="true" focusable="false" role="img"><title id="searchIcon">Search</title><use href="/assets/img/sprite.svg#search"></use></svg></button></form></section></div></div></nav></header><main id="main"><div id="template"><!--$--><!--/$--><section class="hero hero--theme-explainer undefined"><div class="maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7"><div class="tablet:grid-container position-relative "><div class="hero__row grid-row grid-gap"><div class="tablet:grid-col-5 widescreen:position-relative"></div><div class="hero__column tablet:grid-col-7 flow padding-bottom-2"><h1 class="hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2">Continuous Diagnostics and Mitigation (CDM)</h1><p class="hero__description">Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems</p><div class="hero__meta radius-lg padding-x-2 padding-y-1 bg-white font-sans-2xs line-height-sans-5 display-inline-block text-primary-darker">Contact: <span class="text-bold">CDM team</span><span class="hidden-mobile"> | </span><span class="break-mobile"><a href="mailto:CDMPMO@cms.hhs.gov">CDMPMO@cms.hhs.gov</a></span></div></div><div class="tablet:position-absolute tablet:top-0"><div class="[ flow ] bg-primary-light radius-lg padding-2 text-base-darkest maxw-mobile"><div class="display-flex flex-align-center font-sans-lg margin-bottom-2 text-italic desktop:text-no-wrap"><img alt="slack logo" loading="lazy" width="21" height="21" decoding="async" data-nimg="1" class="display-inline margin-right-1" style="color:transparent" src="/_next/static/media/slackLogo.f5836093.svg"/>CMS Slack Channel</div><ul class="add-list-reset"><li class="line-height-sans-5 margin-top-0">#cyber-risk-management</li></ul></div></div></div></div></div></section><div class="grid-container"><div class="grid-row grid-gap margin-top-5"><div class="tablet:grid-col-4"><nav class="table-of-contents overflow-y-auto overflow-x-hidden position-sticky top-3 padding-1 radius-lg shadow-2 display-none tablet:display-block" aria-label="Table of contents"><div class="text-uppercase text-bold border-bottom border-base-lighter padding-bottom-1">Table of Contents</div><p class="text-italic text-base font-sans-xs">No table of content entries to display.</p></nav></div><div class="tablet:grid-col-8 content"><section><div class="text-block text-block--theme-explainer"><h2>What is Continuous Diagnostics and Mitigation (CDM)?</h2><p>Continuous Diagnostics and Mitigation (CDM) helps strengthen the cybersecurity of government networks and systems by providing automated scanning and analysis of risk. CDM capabilities and tools help government agencies:</p><ul><li>Find cybersecurity risks on an ongoing basis</li><li>Prioritize those risks based on potential impacts</li><li>Enable cybersecurity personnel to focus on the most significant problems first</li></ul><p>CDM capabilities help agencies comply with mandates from the Office of Management and Budget (OMB) and the Federal Information Security Modernization Act (FISMA) that focus on continuous monitoring to keep information and systems safe.</p><p>To implement CDM, agencies use commercial off-the-shelf tools that provide enterprise-wide visibility of what assets, users, and activities are on their networks. This actionable information helps agencies to effectively monitor and rapidly respond to cyber incidents. You can learn more about the federal CDM initiative at the <a href="https://www.dhs.gov/publication/dhsnppdpia-030-continuous-diagnostics-and-mitigation-cdm">Department of Homeland Security (DHS)</a> and <a href="https://www.cisa.gov/cdm">Cybersecurity and Infrastructure Agency (CISA)</a> websites.</p></div><section class="callout callout--type-explainer [ flow ] font-size-md radius-lg line-height-sans-5"><h1 class="callout__header text-bold font-sans-lg"><svg class="usa-icon" aria-hidden="true" focusable="false" role="img"><use href="/assets/img/sprite.svg#info_outline"></use></svg>CDM training from CISA</h1><p>The Cybersecurity and Infrastructure Agency (CISA) within DHS offers a variety of self-paced training in various formats to help anyone who is responsible for managing the security and privacy of information systems.</p><p><a href="https://www.cisa.gov/cdm-training">Get CDM training</a></p></section><div class="text-block text-block--theme-explainer"><h2>How CDM works at CMS</h2><p>At CMS, we use Continuous Diagnostics and Mitigation tools to support the overarching Cyber Risk Management Program, which focuses on proactive, risk-based decision making. This is an important part of our commitment to protecting the sensitive information entrusted to us by the people we serve. Healthcare systems continue to be a primary target for hackers with an ever-growing spectrum of cyber threats. To be vigilant in protecting patient data, CMS Business Owners need to build security automation into their systems through programs like CDM.</p><p>To implement CDM, we use the security capabilities at each CMS data center to create an integrated ecosystem of overall continuous monitoring across the agency. CDM sensors automate identification of known cyber vulnerabilities, and then send that information to analytics tools to create dashboards that:</p><ul><li><strong>Alert</strong> system managers about risks for remediation</li><li><strong>Report</strong> security / privacy posture to CMS</li><li><strong>Share</strong> aggregated information at the federal level</li></ul><p>This process allows System / Business Owners to make risk-based decisions quickly and prioritize the most significant threats first. All CDM data from CMS is also shared to federal dashboards, which are used to provide situational awareness of the current cybersecurity posture of the federal government as a whole.</p><h3>CDM implementation</h3><p>The CDM program is being implemented at CMS in four phases, which will build on each other to provide a complete picture of the assets, users, activities, and data on CMS networks.</p><p><strong>Phase 1: What is on the network?</strong></p><p>This phase is focused on providing information security continuous monitoring (ISCM) tools and capabilities to support asset management, security configuration, and vulnerability scanning. This includes:</p><ul><li>HWAM Hardware Asset Management</li><li>SWAM Software Asset Management</li><li>CSM Configuration Settings Management</li><li>VUL Vulnerability Management</li></ul><p><strong>Phase 2: Who is on the network?</strong></p><p>This phase is focused on who is accessing the system, what their privileges are, and how they are trained. It includes:</p><ul><li>TRUST Access Control Management</li><li>BEHV Security-Related Behavior Management</li><li>CRED Credentials and Authentication Management</li><li>PRIV Privileges</li></ul><p><strong>Phase 3: What is happening on the network?</strong></p><p>This phase is focused on enhancing boundary protections and event management capabilities. It includes:</p><ul><li>Planning for threats and events</li><li>Responding to threats and events</li><li>Generic auditing and monitoring</li><li>Documenting requirements, policies, etc.</li><li>Quality management</li><li>Data loss detection</li><li>Boundary protection (Network, Physical, Virtual)</li></ul><p><strong>Phase 4: How is data protected?</strong></p><p>This phase is focused on protecting and encrypting data on federal networks. It includes:</p><ul><li>Enhanced data encryption</li><li>Mobile security</li><li>Risk management</li><li>Data loss prevention tools</li></ul><h3>Continuous monitoring for information privacy</h3><p>In addition to protecting systems against security vulnerabilities, CMS takes a proactive approach to protecting the privacy of personal and health information. We do this through the CMS Privacy Continuous Monitoring Program, which will eventually be merged with the CDM program. Currently, there are some privacy controls that can be tested under CDM. We are working to mature the capabilities across both of these programs.</p><h3>The future of CDM at CMS</h3><p>CDM is a part of a multi-year effort to modernize CMS overall approach to information and system security. Instead of taking a reactive approach focused on “compliance”, we are moving toward a proactive approach that focuses on<strong> continuous evaluation, identification, and management of risk</strong>. This approach helps us:</p><ul><li>Build security into development pipelines (DevSecOps)</li><li>Tailor system testing (such as <a rel="noopener noreferrer" href="https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap">Cybersecurity and Risk Assessment Program (CSRAP</a>) to more specific uses</li><li>Expedite the ATO process&nbsp;</li><li>Approve and onboard more systems to Ongoing Authorization</li></ul><p>All of this means that information security and privacy activities at CMS will be aligned with federal standards for a risk-based approach, which are outlined in the <a href="/learn/national-institute-standards-and-technology-nist#nist-cybersecurity-framework-csf">NIST Cybersecurity Framework</a> and the Federal Information Security Management Act (FISMA).</p></div></section></div></div></div><div class="cg-cards grid-container"><h2 class="cg-cards__heading" id="related-documents-and-resources">Related documents and resources</h2><ul aria-label="cards" class="usa-card-group"><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/federal-information-security-modernization-act-fisma">Federal Information Security Modernization Act (FISMA)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/national-institute-standards-and-technology-nist">National Institute of Standards and Technology (NIST)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Information about NIST and how the agency&#x27;s policies and guidance relate to security and privacy at CMS</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/cyber-risk-reports">Cyber Risk Reports (CRR)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Reports and dashboards to help stakeholders of CMS FISMA systems identify risk-reduction activities and protect sensitive data from cyber threats</p></div></div></li></ul></div></div></main><footer class="usa-footer usa-footer--slim"><div class="grid-container"><div class="grid-row flex-align-end"><div class="grid-col"><div class="usa-footer__return-to-top"><a class="font-sans-xs" href="#">Return to top</a></div></div><div class="grid-col padding-bottom-2 padding-top-4 display-flex flex-justify-end"><a class="usa-button" href="/feedback">Give feedback</a></div></div></div><div class="usa-footer__primary-section"><div class="usa-footer__primary-container grid-row"><div class="tablet:grid-col-3"><a class="usa-footer__primary-link" href="/"><img alt="CyberGeek logo" loading="lazy" width="142" height="26" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a><p class="usa-footer__logo-heading display-none tablet-lg:display-block">The official website of the CMS Information Security and Privacy Group (ISPG)</p></div><div class="tablet:grid-col-12 tablet-lg:grid-col-9"><nav class="usa-footer__nav" aria-label="Footer navigation,"><ul class="grid-row grid-gap"><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="/learn/about-ispg-cybergeek">What is CyberGeek?</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/privacy">Privacy policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/about-cms/information-systems/privacy/vulnerability-disclosure-policy">CMS Vulnerability Disclosure Policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/About-CMS/Agency-Information/Aboutwebsite/Policiesforaccessibility">Accessibility</a></li></ul></nav></div></div></div><div class="usa-footer__secondary-section"><div class="grid-container"><div class="usa-footer__logo grid-row grid-gap-2"><div class="mobile-lg:grid-col-3"><a href="https://www.cms.gov/"><img alt="CMS homepage" loading="lazy" width="124" height="29" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/cmsLogo.10a64ce4.svg"/></a></div><div class="mobile-lg:grid-col-7"><p class="font-sans-3xs line-height-sans-3">A federal government website managed and paid for by the U.S. Centers for Medicare &amp; Medicaid Services.</p><address class="font-sans-3xs line-height-sans-3">7500 Security Boulevard, Baltimore, MD 21244</address></div></div></div></div></footer><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds.min.js",{}])</script><script src="/_next/static/chunks/webpack-182b67d00f496f9d.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/ef46db3751d8e999.css\",\"style\"]\n2:HL[\"/_next/static/css/0759e90f4fecfde7.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"3:I[5751,[],\"\"]\n6:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\nb:I[6130,[],\"\"]\n7:[\"slug\",\"continuous-diagnostics-and-mitigation-cdm\",\"d\"]\nc:[]\n0:[\"$\",\"$L3\",null,{\"buildId\":\"m9SaS4P6zugJbBHpXSk5Y\",\"assetPrefix\":\"\",\"urlParts\":[\"\",\"learn\",\"continuous-diagnostics-and-mitigation-cdm\"],\"initialTree\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"continuous-diagnostics-and-mitigation-cdm\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"continuous-diagnostics-and-mitigation-cdm\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L4\",\"$L5\",null],null],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/ef46db3751d8e999.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/0759e90f4fecfde7.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],\"$L9\"],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$La\"],\"globalErrorComponent\":\"$b\",\"missingSlots\":\"$Wc\"}]\n"])</script><script>self.__next_f.push([1,"d:I[4080,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"\"]\ne:I[8173,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"Image\"]\nf:I[7529,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n11:I[231,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"\"]\n12:I[7303,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n13:I[8521,[\"489\",\"static/chunks/app/template-d264bab5e3061841.js\"],\"default\"]\n14:I[5922,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"default\"]\n15:I[7182,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n16:I[4180,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"TealiumTagManager\"]\n10:Tdced,"])</script><script>self.__next_f.push([1,"{\"id\":\"mega-menu\",\"linkset\":{\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87},\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87,\"tree\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]}]}"])</script><script>self.__next_f.push([1,"9:[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[[\"$\",\"head\",null,{\"children\":[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds-init.min.js\",\"strategy\":\"beforeInteractive\"}]}],[\"$\",\"body\",null,{\"children\":[[[\"$\",\"a\",null,{\"className\":\"usa-skipnav\",\"href\":\"#main\",\"children\":\"Skip to main content\"}],[\"$\",\"section\",null,{\"className\":\"usa-banner\",\"aria-label\":\"Official website of the United States government\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-accordion\",\"children\":[[\"$\",\"header\",null,{\"className\":\"usa-banner__header\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-banner__inner\",\"children\":[[\"$\",\"div\",null,{\"className\":\"grid-col-auto\",\"children\":[\"$\",\"$Le\",null,{\"aria-hidden\":\"true\",\"className\":\"usa-banner__header-flag\",\"src\":\"/assets/img/us_flag_small.png\",\"alt\":\"\",\"width\":\"16\",\"height\":\"11\"}]}],[\"$\",\"div\",null,{\"className\":\"grid-col-fill tablet:grid-col-auto\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"p\",null,{\"className\":\"usa-banner__header-text\",\"children\":\"An official website of the United States government\"}],[\"$\",\"p\",null,{\"className\":\"usa-banner__header-action\",\"children\":\"Here's how you know\"}]]}],[\"$\",\"button\",null,{\"type\":\"button\",\"className\":\"usa-accordion__button usa-banner__button\",\"aria-expanded\":\"false\",\"aria-controls\":\"gov-banner-default-default\",\"children\":[\"$\",\"span\",null,{\"className\":\"usa-banner__button-text\",\"children\":\"Here's how you know\"}]}]]}]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__content usa-accordion__content\",\"id\":\"gov-banner-default-default\",\"hidden\":true,\"children\":[\"$\",\"div\",null,{\"className\":\"grid-row grid-gap-lg\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-dot-gov.3e9cb1b5.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Official websites use .gov\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\".gov\"}],\" website belongs to an official government organization in the United States.\"]}]}]]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-https.e7f1a222.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Secure .gov websites use HTTPS\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\"lock\"}],\" (\",[\"$\",\"span\",null,{\"className\":\"icon-lock\",\"children\":[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":\"52\",\"height\":\"64\",\"viewBox\":\"0 0 52 64\",\"className\":\"usa-banner__lock-image\",\"role\":\"img\",\"aria-labelledby\":\"banner-lock-description-default\",\"focusable\":\"false\",\"children\":[[\"$\",\"title\",null,{\"id\":\"banner-lock-title-default\",\"children\":\"Lock\"}],[\"$\",\"desc\",null,{\"id\":\"banner-lock-description-default\",\"children\":\"Locked padlock icon\"}],[\"$\",\"path\",null,{\"fill\":\"#000000\",\"fillRule\":\"evenodd\",\"d\":\"M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z\"}]]}]}],\") or \",[\"$\",\"strong\",null,{\"children\":\"https://\"}],\" means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.\"]}]}]]}]]}]}]]}]}]],[\"$\",\"$Lf\",null,{\"value\":\"$10\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-overlay\"}],[\"$\",\"header\",null,{\"className\":\"usa-header usa-header--extended\",\"children\":[[\"$\",\"div\",null,{\"className\":\"bg-primary-dark\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-navbar\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-logo padding-y-4 padding-right-3\",\"id\":\"CyberGeek-logo\",\"children\":[\"$\",\"$L11\",null,{\"href\":\"/\",\"title\":\"CMS CyberGeek Home\",\"children\":[\"$\",\"$Le\",null,{\"src\":{\"src\":\"/_next/static/media/CyberGeek-logo.8e9bbd2b.svg\",\"height\":50,\"width\":425,\"blurWidth\":0,\"blurHeight\":0},\"alt\":\"CyberGeek logo\",\"width\":\"298\",\"height\":\"35\",\"priority\":true}]}]}],[\"$\",\"button\",null,{\"aria-label\":\"Open menu\",\"type\":\"button\",\"className\":\"usa-menu-btn\",\"data-cy\":\"menu-button\",\"children\":\"Menu\"}]]}]}],[\"$\",\"$L12\",null,{}]]}]]}],[\"$\",\"main\",null,{\"id\":\"main\",\"children\":[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L13\",null,{\"children\":[\"$\",\"$L8\",null,{}]}],\"templateStyles\":[],\"templateScripts\":[],\"notFound\":[\"$\",\"section\",null,{\"className\":\"hero hero--theme-content-not-found undefined\",\"children\":[[\"$\",\"$Le\",null,{\"alt\":\"404 page not found\",\"className\":\"hero__graphic\",\"priority\":true,\"src\":{\"src\":\"/_next/static/media/content-not-found-graphic.8f104f47.svg\",\"height\":551,\"width\":948,\"blurWidth\":0,\"blurHeight\":0}}],[\"$\",\"div\",null,{\"className\":\"maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7\",\"children\":[\"$\",\"div\",null,{\"className\":\"tablet:grid-container position-relative \",\"children\":[\"$\",\"div\",null,{\"className\":\"hero__row grid-row grid-gap\",\"children\":[[\"$\",\"div\",null,{\"className\":\"tablet:grid-col-5 widescreen:position-relative\",\"children\":[false,false]}],[\"$\",\"div\",null,{\"className\":\"hero__column tablet:grid-col-7 flow padding-bottom-2\",\"children\":[\"$undefined\",\"$undefined\",false,[\"$\",\"h1\",null,{\"className\":\"hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2\",\"children\":\"We can't find that page.\"}],\"$undefined\",\"$undefined\",false,[\"$\",\"div\",null,{\"children\":[[\"$\",\"div\",null,{\"className\":\"hero__description\",\"children\":[[\"The page you're looking for may have been moved or retired. You can\",\" \",[\"$\",\"$L11\",null,{\"href\":\"/\",\"children\":\"visit our home page\"}],\" or use the search box to find helpful resources.\"]]}],[\"$\",\"div\",null,{\"className\":\"margin-top-6 search-container\",\"children\":[\"$\",\"$L14\",null,{\"theme\":\"content-not-found\"}]}]]}],false]}],false,false]}]}]}]]}],\"notFoundStyles\":[]}]}],[\"$\",\"$L15\",null,{}],[\"$\",\"$L16\",null,{}],[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds.min.js\",\"strategy\":\"beforeInteractive\"}]]}]]}]\n"])</script><script>self.__next_f.push([1,"17:I[9461,[\"866\",\"static/chunks/e37a0b60-b74be3d42787b18d.js\",\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"904\",\"static/chunks/904-dbddf7494c3e6975.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"549\",\"static/chunks/549-c87c1c3bbacc319f.js\",\"192\",\"static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js\"],\"default\"]\n18:T531,\u003ch2\u003e\u003cstrong\u003eWhat is Continuous Diagnostics and Mitigation (CDM)?\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eContinuous Diagnostics and Mitigation (CDM) helps strengthen the cybersecurity of government networks and systems by providing automated scanning and analysis of risk. CDM capabilities and tools help government agencies:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFind cybersecurity risks on an ongoing basis\u003c/li\u003e\u003cli\u003ePrioritize those risks based on potential impacts\u003c/li\u003e\u003cli\u003eEnable cybersecurity personnel to focus on the most significant problems first\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCDM capabilities help agencies comply with mandates from the Office of Management and Budget (OMB) and the Federal Information Security Modernization Act (FISMA) that focus on continuous monitoring to keep information and systems safe.\u003c/p\u003e\u003cp\u003eTo implement CDM, agencies use commercial off-the-shelf tools that provide enterprise-wide visibility of what assets, users, and activities are on their networks. This actionable information helps agencies to effectively monitor and rapidly respond to cyber incidents. You can learn more about the federal CDM initiative at the \u003ca href=\"https://www.dhs.gov/publication/dhsnppdpia-030-continuous-diagnostics-and-mitigation-cdm\"\u003eDepartment of Homeland Security (DHS)\u003c/a\u003e and \u003ca href=\"https://www.cisa.gov/cdm\"\u003eCybersecurity and Infrastructure Agency (CISA)\u003c/a\u003e websites.\u003c/p\u003e19:T531,\u003ch2\u003e\u003cstrong\u003eWhat is Continuous Diagnostics and Mitigation (CDM)?\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eContinuous Diagnostics and Mitigation (CDM) helps strengthen the cybersecurity of government networks and systems by providing automated scanning and analysis of risk. CDM capabilities and tools help government agencies:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFind cybersecurity r"])</script><script>self.__next_f.push([1,"isks on an ongoing basis\u003c/li\u003e\u003cli\u003ePrioritize those risks based on potential impacts\u003c/li\u003e\u003cli\u003eEnable cybersecurity personnel to focus on the most significant problems first\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCDM capabilities help agencies comply with mandates from the Office of Management and Budget (OMB) and the Federal Information Security Modernization Act (FISMA) that focus on continuous monitoring to keep information and systems safe.\u003c/p\u003e\u003cp\u003eTo implement CDM, agencies use commercial off-the-shelf tools that provide enterprise-wide visibility of what assets, users, and activities are on their networks. This actionable information helps agencies to effectively monitor and rapidly respond to cyber incidents. You can learn more about the federal CDM initiative at the \u003ca href=\"https://www.dhs.gov/publication/dhsnppdpia-030-continuous-diagnostics-and-mitigation-cdm\"\u003eDepartment of Homeland Security (DHS)\u003c/a\u003e and \u003ca href=\"https://www.cisa.gov/cdm\"\u003eCybersecurity and Infrastructure Agency (CISA)\u003c/a\u003e websites.\u003c/p\u003e1a:T1350,"])</script><script>self.__next_f.push([1,"\u003ch2\u003e\u003cstrong\u003eHow CDM works at CMS\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eAt CMS, we use Continuous Diagnostics and Mitigation tools to support the overarching Cyber Risk Management Program, which focuses on proactive, risk-based decision making. This is an important part of our commitment to protecting the sensitive information entrusted to us by the people we serve. Healthcare systems continue to be a primary target for hackers with an ever-growing spectrum of cyber threats. To be vigilant in protecting patient data, CMS Business Owners need to build security automation into their systems through programs like CDM.\u003c/p\u003e\u003cp\u003eTo implement CDM, we use the security capabilities at each CMS data center to create an integrated ecosystem of overall continuous monitoring across the agency. CDM sensors automate identification of known cyber vulnerabilities, and then send that information to analytics tools to create dashboards that:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eAlert\u003c/strong\u003e system managers about risks for remediation\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReport\u003c/strong\u003e security / privacy posture to CMS\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eShare\u003c/strong\u003e aggregated information at the federal level\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis process allows System / Business Owners to make risk-based decisions quickly and prioritize the most significant threats first. All CDM data from CMS is also shared to federal dashboards, which are used to provide situational awareness of the current cybersecurity posture of the federal government as a whole.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eCDM implementation\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eThe CDM program is being implemented at CMS in four phases, which will build on each other to provide a complete picture of the assets, users, activities, and data on CMS networks.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003ePhase 1: What is on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on providing information security continuous monitoring (ISCM) tools and capabilities to support asset management, security configuration, and vulnerability scanning. This includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eHWAM Hardware Asset Management\u003c/li\u003e\u003cli\u003eSWAM Software Asset Management\u003c/li\u003e\u003cli\u003eCSM Configuration Settings Management\u003c/li\u003e\u003cli\u003eVUL Vulnerability Management\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 2: Who is on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on who is accessing the system, what their privileges are, and how they are trained. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eTRUST Access Control Management\u003c/li\u003e\u003cli\u003eBEHV Security-Related Behavior Management\u003c/li\u003e\u003cli\u003eCRED Credentials and Authentication Management\u003c/li\u003e\u003cli\u003ePRIV Privileges\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 3: What is happening on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on enhancing boundary protections and event management capabilities. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePlanning for threats and events\u003c/li\u003e\u003cli\u003eResponding to threats and events\u003c/li\u003e\u003cli\u003eGeneric auditing and monitoring\u003c/li\u003e\u003cli\u003eDocumenting requirements, policies, etc.\u003c/li\u003e\u003cli\u003eQuality management\u003c/li\u003e\u003cli\u003eData loss detection\u003c/li\u003e\u003cli\u003eBoundary protection (Network, Physical, Virtual)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 4: How is data protected?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on protecting and encrypting data on federal networks. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnhanced data encryption\u003c/li\u003e\u003cli\u003eMobile security\u003c/li\u003e\u003cli\u003eRisk management\u003c/li\u003e\u003cli\u003eData loss prevention tools\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003eContinuous monitoring for information privacy\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eIn addition to protecting systems against security vulnerabilities, CMS takes a proactive approach to protecting the privacy of personal and health information. We do this through the CMS Privacy Continuous Monitoring Program, which will eventually be merged with the CDM program. Currently, there are some privacy controls that can be tested under CDM. We are working to mature the capabilities across both of these programs.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eThe future of CDM at CMS\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eCDM is a part of a multi-year effort to modernize CMS overall approach to information and system security. Instead of taking a reactive approach focused on “compliance”, we are moving toward a proactive approach that focuses on\u003cstrong\u003e continuous evaluation, identification, and management of risk\u003c/strong\u003e. This approach helps us:\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuild security into development pipelines (DevSecOps)\u003c/li\u003e\u003cli\u003eTailor system testing (such as \u003ca href=\"https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eCybersecurity and Risk Assessment Program (CSRAP\u003c/a\u003e) to more specific uses\u003c/li\u003e\u003cli\u003eExpedite the ATO process\u0026nbsp;\u003c/li\u003e\u003cli\u003eApprove and onboard more systems to Ongoing Authorization\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAll of this means that information security and privacy activities at CMS will be aligned with federal standards for a risk-based approach, which are outlined in the \u003ca href=\"/learn/national-institute-standards-and-technology-nist#nist-cybersecurity-framework-csf\"\u003eNIST Cybersecurity Framework\u003c/a\u003e and the Federal Information Security Management Act (FISMA).\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1b:T1350,"])</script><script>self.__next_f.push([1,"\u003ch2\u003e\u003cstrong\u003eHow CDM works at CMS\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eAt CMS, we use Continuous Diagnostics and Mitigation tools to support the overarching Cyber Risk Management Program, which focuses on proactive, risk-based decision making. This is an important part of our commitment to protecting the sensitive information entrusted to us by the people we serve. Healthcare systems continue to be a primary target for hackers with an ever-growing spectrum of cyber threats. To be vigilant in protecting patient data, CMS Business Owners need to build security automation into their systems through programs like CDM.\u003c/p\u003e\u003cp\u003eTo implement CDM, we use the security capabilities at each CMS data center to create an integrated ecosystem of overall continuous monitoring across the agency. CDM sensors automate identification of known cyber vulnerabilities, and then send that information to analytics tools to create dashboards that:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eAlert\u003c/strong\u003e system managers about risks for remediation\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReport\u003c/strong\u003e security / privacy posture to CMS\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eShare\u003c/strong\u003e aggregated information at the federal level\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis process allows System / Business Owners to make risk-based decisions quickly and prioritize the most significant threats first. All CDM data from CMS is also shared to federal dashboards, which are used to provide situational awareness of the current cybersecurity posture of the federal government as a whole.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eCDM implementation\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eThe CDM program is being implemented at CMS in four phases, which will build on each other to provide a complete picture of the assets, users, activities, and data on CMS networks.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003ePhase 1: What is on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on providing information security continuous monitoring (ISCM) tools and capabilities to support asset management, security configuration, and vulnerability scanning. This includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eHWAM Hardware Asset Management\u003c/li\u003e\u003cli\u003eSWAM Software Asset Management\u003c/li\u003e\u003cli\u003eCSM Configuration Settings Management\u003c/li\u003e\u003cli\u003eVUL Vulnerability Management\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 2: Who is on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on who is accessing the system, what their privileges are, and how they are trained. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eTRUST Access Control Management\u003c/li\u003e\u003cli\u003eBEHV Security-Related Behavior Management\u003c/li\u003e\u003cli\u003eCRED Credentials and Authentication Management\u003c/li\u003e\u003cli\u003ePRIV Privileges\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 3: What is happening on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on enhancing boundary protections and event management capabilities. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePlanning for threats and events\u003c/li\u003e\u003cli\u003eResponding to threats and events\u003c/li\u003e\u003cli\u003eGeneric auditing and monitoring\u003c/li\u003e\u003cli\u003eDocumenting requirements, policies, etc.\u003c/li\u003e\u003cli\u003eQuality management\u003c/li\u003e\u003cli\u003eData loss detection\u003c/li\u003e\u003cli\u003eBoundary protection (Network, Physical, Virtual)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 4: How is data protected?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on protecting and encrypting data on federal networks. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnhanced data encryption\u003c/li\u003e\u003cli\u003eMobile security\u003c/li\u003e\u003cli\u003eRisk management\u003c/li\u003e\u003cli\u003eData loss prevention tools\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003eContinuous monitoring for information privacy\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eIn addition to protecting systems against security vulnerabilities, CMS takes a proactive approach to protecting the privacy of personal and health information. We do this through the CMS Privacy Continuous Monitoring Program, which will eventually be merged with the CDM program. Currently, there are some privacy controls that can be tested under CDM. We are working to mature the capabilities across both of these programs.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eThe future of CDM at CMS\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eCDM is a part of a multi-year effort to modernize CMS overall approach to information and system security. Instead of taking a reactive approach focused on “compliance”, we are moving toward a proactive approach that focuses on\u003cstrong\u003e continuous evaluation, identification, and management of risk\u003c/strong\u003e. This approach helps us:\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuild security into development pipelines (DevSecOps)\u003c/li\u003e\u003cli\u003eTailor system testing (such as \u003ca href=\"https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eCybersecurity and Risk Assessment Program (CSRAP\u003c/a\u003e) to more specific uses\u003c/li\u003e\u003cli\u003eExpedite the ATO process\u0026nbsp;\u003c/li\u003e\u003cli\u003eApprove and onboard more systems to Ongoing Authorization\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAll of this means that information security and privacy activities at CMS will be aligned with federal standards for a risk-based approach, which are outlined in the \u003ca href=\"/learn/national-institute-standards-and-technology-nist#nist-cybersecurity-framework-csf\"\u003eNIST Cybersecurity Framework\u003c/a\u003e and the Federal Information Security Management Act (FISMA).\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}\n1d:{\"self\":\"$1e\"}\n21:[\"menu_ui\",\"scheduler\"]\n20:{\"module\":\"$21\"}\n24:[]\n23:{\"available_menus\":\"$24\",\"parent\":\"\"}\n25:{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}\n22:{\"menu_ui\":\"$23\",\"scheduler\":\"$25\"}\n1f:{\"langcode\":\"en\",\"status\":true,\"dependencies\":\"$20\",\"third_party_settings\":\"$22\",\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}\n1c:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":\"$1d\",\"attributes\":\"$1f\"}\n28:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/7e79c546-d123-46dd-9480-b7f2e7d81691\"}\n27:{\"self\":\"$28\"}\n29:{\"display_name\":\"gollange\"}\n26:{\"type\":\"user--user\",\"id\":\"7e79c546-d123-46dd-9480-b7f2e7d81691\",\"links\":\"$27\",\"attributes\":\"$29\"}\n2c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/e352e203-fe9c-47ba-af75-2c7f8302fca8\"}\n2b:{\"self\":\"$2c\"}\n2d:{\"display_name\":\"mburgess\"}\n2a:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"links\":\"$2b\",\"attributes\":\"$2d\"}\n30:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4?resourceVersion=id%3A121\"}\n2f:{\"self\":\"$30\"}\n32:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n31:{\"drupal_internal__tid\":121,\"drupal_internal__revision_id\":121,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:12+00:00\",\"status\":true,\"name\":\"Tools / Services\",\"description\":null,\"weight\":5,\"changed\":\"2023-06-14T19:04:09+00:00\",\"defau"])</script><script>self.__next_f.push([1,"lt_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$32\"}\n36:{\"drupal_internal__target_id\":\"resource_type\"}\n35:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":\"$36\"}\n38:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/vid?resourceVersion=id%3A121\"}\n39:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/vid?resourceVersion=id%3A121\"}\n37:{\"related\":\"$38\",\"self\":\"$39\"}\n34:{\"data\":\"$35\",\"links\":\"$37\"}\n3c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/revision_user?resourceVersion=id%3A121\"}\n3d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/revision_user?resourceVersion=id%3A121\"}\n3b:{\"related\":\"$3c\",\"self\":\"$3d\"}\n3a:{\"data\":null,\"links\":\"$3b\"}\n44:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n43:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$44\"}\n42:{\"help\":\"$43\"}\n41:{\"links\":\"$42\"}\n40:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":\"$41\"}\n3f:[\"$40\"]\n46:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/parent?resourceVersion=id%3A121\"}\n47:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/parent?resourceVersion=id%3A121\"}\n45:{\"related\":\"$46\",\"self\":\"$47\"}\n3e:{\"data\":\"$3f\",\"links\":\"$45\"}\n33:{\"vid\":\"$34\",\"revision_user\":\"$3a\",\"parent\":\"$3e\"}\n2e:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"links\":\"$2f\",\"attributes\":\"$31\",\"relationships\":\"$33\"}\n4a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}\n49:{\"self\":\"$4a\"}\n4c:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n4b:{\"drupal_internal__tid\""])</script><script>self.__next_f.push([1,":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$4c\"}\n50:{\"drupal_internal__target_id\":\"roles\"}\n4f:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$50\"}\n52:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"}\n53:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}\n51:{\"related\":\"$52\",\"self\":\"$53\"}\n4e:{\"data\":\"$4f\",\"links\":\"$51\"}\n56:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"}\n57:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}\n55:{\"related\":\"$56\",\"self\":\"$57\"}\n54:{\"data\":null,\"links\":\"$55\"}\n5e:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n5d:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$5e\"}\n5c:{\"help\":\"$5d\"}\n5b:{\"links\":\"$5c\"}\n5a:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$5b\"}\n59:[\"$5a\"]\n60:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"}\n61:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}\n5f:{\"related\":\"$60\",\"self\":\"$61\"}\n58:{\"data\":\"$59\",\"links\":\"$5f\"}\n4d:{\"vid\":\"$4e\",\"revision_user\":\"$54\",\"parent\":\"$58\"}\n48:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":\"$49\",\"attributes\":\"$4b\",\"relationships\":\"$4d\"}\n64:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_"])</script><script>self.__next_f.push([1,"term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}\n63:{\"self\":\"$64\"}\n66:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n65:{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$66\"}\n6a:{\"drupal_internal__target_id\":\"roles\"}\n69:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$6a\"}\n6c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"}\n6d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}\n6b:{\"related\":\"$6c\",\"self\":\"$6d\"}\n68:{\"data\":\"$69\",\"links\":\"$6b\"}\n70:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"}\n71:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}\n6f:{\"related\":\"$70\",\"self\":\"$71\"}\n6e:{\"data\":null,\"links\":\"$6f\"}\n78:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n77:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$78\"}\n76:{\"help\":\"$77\"}\n75:{\"links\":\"$76\"}\n74:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$75\"}\n73:[\"$74\"]\n7a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"}\n7b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}\n79:{\"related\":\"$7a\",\"self\":\"$7b\"}\n72:{\"data\":\"$73\",\"links\":\"$79\"}\n67:{\"vid\":\"$68\",\"revision_user\":\"$6e\",\"parent\":\"$72\"}\n62:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f"])</script><script>self.__next_f.push([1,"442-c0b0-4b8e-af66-7998a3329f34\",\"links\":\"$63\",\"attributes\":\"$65\",\"relationships\":\"$67\"}\n7e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305?resourceVersion=id%3A36\"}\n7d:{\"self\":\"$7e\"}\n80:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n7f:{\"drupal_internal__tid\":36,\"drupal_internal__revision_id\":36,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:55+00:00\",\"status\":true,\"name\":\"Risk Management \u0026 Reporting\",\"description\":null,\"weight\":5,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$80\"}\n84:{\"drupal_internal__target_id\":\"topics\"}\n83:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$84\"}\n86:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/vid?resourceVersion=id%3A36\"}\n87:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/vid?resourceVersion=id%3A36\"}\n85:{\"related\":\"$86\",\"self\":\"$87\"}\n82:{\"data\":\"$83\",\"links\":\"$85\"}\n8a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/revision_user?resourceVersion=id%3A36\"}\n8b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/revision_user?resourceVersion=id%3A36\"}\n89:{\"related\":\"$8a\",\"self\":\"$8b\"}\n88:{\"data\":null,\"links\":\"$89\"}\n92:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n91:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$92\"}\n90:{\"help\":\"$91\"}\n8f:{\"links\":\"$90\"}\n8e:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$8f\"}\n8d:[\"$8e\"]\n94:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/parent?resourceVersion=id%3A36\"}\n95:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/parent?resourceVersion=id%3A36\"}\n93:{\"rel"])</script><script>self.__next_f.push([1,"ated\":\"$94\",\"self\":\"$95\"}\n8c:{\"data\":\"$8d\",\"links\":\"$93\"}\n81:{\"vid\":\"$82\",\"revision_user\":\"$88\",\"parent\":\"$8c\"}\n7c:{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"links\":\"$7d\",\"attributes\":\"$7f\",\"relationships\":\"$81\"}\n98:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e?resourceVersion=id%3A11\"}\n97:{\"self\":\"$98\"}\n9a:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n99:{\"drupal_internal__tid\":11,\"drupal_internal__revision_id\":11,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:12+00:00\",\"status\":true,\"name\":\"System Authorization\",\"description\":null,\"weight\":7,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$9a\"}\n9e:{\"drupal_internal__target_id\":\"topics\"}\n9d:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$9e\"}\na0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/vid?resourceVersion=id%3A11\"}\na1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/vid?resourceVersion=id%3A11\"}\n9f:{\"related\":\"$a0\",\"self\":\"$a1\"}\n9c:{\"data\":\"$9d\",\"links\":\"$9f\"}\na4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/revision_user?resourceVersion=id%3A11\"}\na5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/revision_user?resourceVersion=id%3A11\"}\na3:{\"related\":\"$a4\",\"self\":\"$a5\"}\na2:{\"data\":null,\"links\":\"$a3\"}\nac:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\nab:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$ac\"}\naa:{\"help\":\"$ab\"}\na9:{\"links\":\"$aa\"}\na8:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$a9\"}\na7:[\"$a8\"]\nae:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/parent?resourceVersion=id%3A11\"}\naf:{\"hre"])</script><script>self.__next_f.push([1,"f\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/parent?resourceVersion=id%3A11\"}\nad:{\"related\":\"$ae\",\"self\":\"$af\"}\na6:{\"data\":\"$a7\",\"links\":\"$ad\"}\n9b:{\"vid\":\"$9c\",\"revision_user\":\"$a2\",\"parent\":\"$a6\"}\n96:{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"links\":\"$97\",\"attributes\":\"$99\",\"relationships\":\"$9b\"}\nb2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41?resourceVersion=id%3A17929\"}\nb1:{\"self\":\"$b2\"}\nb4:[]\nb6:T531,\u003ch2\u003e\u003cstrong\u003eWhat is Continuous Diagnostics and Mitigation (CDM)?\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eContinuous Diagnostics and Mitigation (CDM) helps strengthen the cybersecurity of government networks and systems by providing automated scanning and analysis of risk. CDM capabilities and tools help government agencies:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFind cybersecurity risks on an ongoing basis\u003c/li\u003e\u003cli\u003ePrioritize those risks based on potential impacts\u003c/li\u003e\u003cli\u003eEnable cybersecurity personnel to focus on the most significant problems first\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCDM capabilities help agencies comply with mandates from the Office of Management and Budget (OMB) and the Federal Information Security Modernization Act (FISMA) that focus on continuous monitoring to keep information and systems safe.\u003c/p\u003e\u003cp\u003eTo implement CDM, agencies use commercial off-the-shelf tools that provide enterprise-wide visibility of what assets, users, and activities are on their networks. This actionable information helps agencies to effectively monitor and rapidly respond to cyber incidents. You can learn more about the federal CDM initiative at the \u003ca href=\"https://www.dhs.gov/publication/dhsnppdpia-030-continuous-diagnostics-and-mitigation-cdm\"\u003eDepartment of Homeland Security (DHS)\u003c/a\u003e and \u003ca href=\"https://www.cisa.gov/cdm\"\u003eCybersecurity and Infrastructure Agency (CISA)\u003c/a\u003e websites.\u003c/p\u003eb7:T531,\u003ch2\u003e\u003cstrong\u003eWhat is Continuous Diagnostics and Mitigation (CDM)?\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eContinuous Diagnostics and Mitigation (CDM) helps strengthen the "])</script><script>self.__next_f.push([1,"cybersecurity of government networks and systems by providing automated scanning and analysis of risk. CDM capabilities and tools help government agencies:\u003c/p\u003e\u003cul\u003e\u003cli\u003eFind cybersecurity risks on an ongoing basis\u003c/li\u003e\u003cli\u003ePrioritize those risks based on potential impacts\u003c/li\u003e\u003cli\u003eEnable cybersecurity personnel to focus on the most significant problems first\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eCDM capabilities help agencies comply with mandates from the Office of Management and Budget (OMB) and the Federal Information Security Modernization Act (FISMA) that focus on continuous monitoring to keep information and systems safe.\u003c/p\u003e\u003cp\u003eTo implement CDM, agencies use commercial off-the-shelf tools that provide enterprise-wide visibility of what assets, users, and activities are on their networks. This actionable information helps agencies to effectively monitor and rapidly respond to cyber incidents. You can learn more about the federal CDM initiative at the \u003ca href=\"https://www.dhs.gov/publication/dhsnppdpia-030-continuous-diagnostics-and-mitigation-cdm\"\u003eDepartment of Homeland Security (DHS)\u003c/a\u003e and \u003ca href=\"https://www.cisa.gov/cdm\"\u003eCybersecurity and Infrastructure Agency (CISA)\u003c/a\u003e websites.\u003c/p\u003eb5:{\"value\":\"$b6\",\"format\":\"body_text\",\"processed\":\"$b7\"}\nb3:{\"drupal_internal__id\":546,\"drupal_internal__revision_id\":17929,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-04T15:09:41+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$b4\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$b5\"}\nbb:{\"drupal_internal__target_id\":\"page_section\"}\nba:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$bb\"}\nbd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41/paragraph_type?resourceVersion=id%3A17929\"}\nbe:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41/relationships/paragraph_type?resourceVersion=id%3A17929\"}\nbc:{\"related"])</script><script>self.__next_f.push([1,"\":\"$bd\",\"self\":\"$be\"}\nb9:{\"data\":\"$ba\",\"links\":\"$bc\"}\nc1:{\"target_revision_id\":17928,\"drupal_internal__target_id\":541}\nc0:{\"type\":\"paragraph--call_out_box\",\"id\":\"9651d536-ad82-407a-a703-c3d54d592c93\",\"meta\":\"$c1\"}\nc3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41/field_specialty_item?resourceVersion=id%3A17929\"}\nc4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41/relationships/field_specialty_item?resourceVersion=id%3A17929\"}\nc2:{\"related\":\"$c3\",\"self\":\"$c4\"}\nbf:{\"data\":\"$c0\",\"links\":\"$c2\"}\nb8:{\"paragraph_type\":\"$b9\",\"field_specialty_item\":\"$bf\"}\nb0:{\"type\":\"paragraph--page_section\",\"id\":\"8b7bda2b-e3dc-4760-9901-27255f14ff41\",\"links\":\"$b1\",\"attributes\":\"$b3\",\"relationships\":\"$b8\"}\nc7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500?resourceVersion=id%3A17930\"}\nc6:{\"self\":\"$c7\"}\nc9:[]\ncb:T1350,"])</script><script>self.__next_f.push([1,"\u003ch2\u003e\u003cstrong\u003eHow CDM works at CMS\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eAt CMS, we use Continuous Diagnostics and Mitigation tools to support the overarching Cyber Risk Management Program, which focuses on proactive, risk-based decision making. This is an important part of our commitment to protecting the sensitive information entrusted to us by the people we serve. Healthcare systems continue to be a primary target for hackers with an ever-growing spectrum of cyber threats. To be vigilant in protecting patient data, CMS Business Owners need to build security automation into their systems through programs like CDM.\u003c/p\u003e\u003cp\u003eTo implement CDM, we use the security capabilities at each CMS data center to create an integrated ecosystem of overall continuous monitoring across the agency. CDM sensors automate identification of known cyber vulnerabilities, and then send that information to analytics tools to create dashboards that:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eAlert\u003c/strong\u003e system managers about risks for remediation\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReport\u003c/strong\u003e security / privacy posture to CMS\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eShare\u003c/strong\u003e aggregated information at the federal level\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis process allows System / Business Owners to make risk-based decisions quickly and prioritize the most significant threats first. All CDM data from CMS is also shared to federal dashboards, which are used to provide situational awareness of the current cybersecurity posture of the federal government as a whole.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eCDM implementation\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eThe CDM program is being implemented at CMS in four phases, which will build on each other to provide a complete picture of the assets, users, activities, and data on CMS networks.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003ePhase 1: What is on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on providing information security continuous monitoring (ISCM) tools and capabilities to support asset management, security configuration, and vulnerability scanning. This includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eHWAM Hardware Asset Management\u003c/li\u003e\u003cli\u003eSWAM Software Asset Management\u003c/li\u003e\u003cli\u003eCSM Configuration Settings Management\u003c/li\u003e\u003cli\u003eVUL Vulnerability Management\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 2: Who is on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on who is accessing the system, what their privileges are, and how they are trained. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eTRUST Access Control Management\u003c/li\u003e\u003cli\u003eBEHV Security-Related Behavior Management\u003c/li\u003e\u003cli\u003eCRED Credentials and Authentication Management\u003c/li\u003e\u003cli\u003ePRIV Privileges\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 3: What is happening on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on enhancing boundary protections and event management capabilities. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePlanning for threats and events\u003c/li\u003e\u003cli\u003eResponding to threats and events\u003c/li\u003e\u003cli\u003eGeneric auditing and monitoring\u003c/li\u003e\u003cli\u003eDocumenting requirements, policies, etc.\u003c/li\u003e\u003cli\u003eQuality management\u003c/li\u003e\u003cli\u003eData loss detection\u003c/li\u003e\u003cli\u003eBoundary protection (Network, Physical, Virtual)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 4: How is data protected?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on protecting and encrypting data on federal networks. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnhanced data encryption\u003c/li\u003e\u003cli\u003eMobile security\u003c/li\u003e\u003cli\u003eRisk management\u003c/li\u003e\u003cli\u003eData loss prevention tools\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003eContinuous monitoring for information privacy\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eIn addition to protecting systems against security vulnerabilities, CMS takes a proactive approach to protecting the privacy of personal and health information. We do this through the CMS Privacy Continuous Monitoring Program, which will eventually be merged with the CDM program. Currently, there are some privacy controls that can be tested under CDM. We are working to mature the capabilities across both of these programs.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eThe future of CDM at CMS\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eCDM is a part of a multi-year effort to modernize CMS overall approach to information and system security. Instead of taking a reactive approach focused on “compliance”, we are moving toward a proactive approach that focuses on\u003cstrong\u003e continuous evaluation, identification, and management of risk\u003c/strong\u003e. This approach helps us:\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuild security into development pipelines (DevSecOps)\u003c/li\u003e\u003cli\u003eTailor system testing (such as \u003ca href=\"https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eCybersecurity and Risk Assessment Program (CSRAP\u003c/a\u003e) to more specific uses\u003c/li\u003e\u003cli\u003eExpedite the ATO process\u0026nbsp;\u003c/li\u003e\u003cli\u003eApprove and onboard more systems to Ongoing Authorization\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAll of this means that information security and privacy activities at CMS will be aligned with federal standards for a risk-based approach, which are outlined in the \u003ca href=\"/learn/national-institute-standards-and-technology-nist#nist-cybersecurity-framework-csf\"\u003eNIST Cybersecurity Framework\u003c/a\u003e and the Federal Information Security Management Act (FISMA).\u003c/p\u003e"])</script><script>self.__next_f.push([1,"cc:T1350,"])</script><script>self.__next_f.push([1,"\u003ch2\u003e\u003cstrong\u003eHow CDM works at CMS\u003c/strong\u003e\u003c/h2\u003e\u003cp\u003eAt CMS, we use Continuous Diagnostics and Mitigation tools to support the overarching Cyber Risk Management Program, which focuses on proactive, risk-based decision making. This is an important part of our commitment to protecting the sensitive information entrusted to us by the people we serve. Healthcare systems continue to be a primary target for hackers with an ever-growing spectrum of cyber threats. To be vigilant in protecting patient data, CMS Business Owners need to build security automation into their systems through programs like CDM.\u003c/p\u003e\u003cp\u003eTo implement CDM, we use the security capabilities at each CMS data center to create an integrated ecosystem of overall continuous monitoring across the agency. CDM sensors automate identification of known cyber vulnerabilities, and then send that information to analytics tools to create dashboards that:\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cstrong\u003eAlert\u003c/strong\u003e system managers about risks for remediation\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eReport\u003c/strong\u003e security / privacy posture to CMS\u003c/li\u003e\u003cli\u003e\u003cstrong\u003eShare\u003c/strong\u003e aggregated information at the federal level\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eThis process allows System / Business Owners to make risk-based decisions quickly and prioritize the most significant threats first. All CDM data from CMS is also shared to federal dashboards, which are used to provide situational awareness of the current cybersecurity posture of the federal government as a whole.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eCDM implementation\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eThe CDM program is being implemented at CMS in four phases, which will build on each other to provide a complete picture of the assets, users, activities, and data on CMS networks.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003ePhase 1: What is on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on providing information security continuous monitoring (ISCM) tools and capabilities to support asset management, security configuration, and vulnerability scanning. This includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eHWAM Hardware Asset Management\u003c/li\u003e\u003cli\u003eSWAM Software Asset Management\u003c/li\u003e\u003cli\u003eCSM Configuration Settings Management\u003c/li\u003e\u003cli\u003eVUL Vulnerability Management\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 2: Who is on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on who is accessing the system, what their privileges are, and how they are trained. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eTRUST Access Control Management\u003c/li\u003e\u003cli\u003eBEHV Security-Related Behavior Management\u003c/li\u003e\u003cli\u003eCRED Credentials and Authentication Management\u003c/li\u003e\u003cli\u003ePRIV Privileges\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 3: What is happening on the network?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on enhancing boundary protections and event management capabilities. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003ePlanning for threats and events\u003c/li\u003e\u003cli\u003eResponding to threats and events\u003c/li\u003e\u003cli\u003eGeneric auditing and monitoring\u003c/li\u003e\u003cli\u003eDocumenting requirements, policies, etc.\u003c/li\u003e\u003cli\u003eQuality management\u003c/li\u003e\u003cli\u003eData loss detection\u003c/li\u003e\u003cli\u003eBoundary protection (Network, Physical, Virtual)\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cstrong\u003ePhase 4: How is data protected?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eThis phase is focused on protecting and encrypting data on federal networks. It includes:\u003c/p\u003e\u003cul\u003e\u003cli\u003eEnhanced data encryption\u003c/li\u003e\u003cli\u003eMobile security\u003c/li\u003e\u003cli\u003eRisk management\u003c/li\u003e\u003cli\u003eData loss prevention tools\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003eContinuous monitoring for information privacy\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eIn addition to protecting systems against security vulnerabilities, CMS takes a proactive approach to protecting the privacy of personal and health information. We do this through the CMS Privacy Continuous Monitoring Program, which will eventually be merged with the CDM program. Currently, there are some privacy controls that can be tested under CDM. We are working to mature the capabilities across both of these programs.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eThe future of CDM at CMS\u003c/strong\u003e\u003c/h3\u003e\u003cp\u003eCDM is a part of a multi-year effort to modernize CMS overall approach to information and system security. Instead of taking a reactive approach focused on “compliance”, we are moving toward a proactive approach that focuses on\u003cstrong\u003e continuous evaluation, identification, and management of risk\u003c/strong\u003e. This approach helps us:\u003c/p\u003e\u003cul\u003e\u003cli\u003eBuild security into development pipelines (DevSecOps)\u003c/li\u003e\u003cli\u003eTailor system testing (such as \u003ca href=\"https://security.cms.gov/learn/cybersecurity-risk-assessment-program-csrap\" target=\"_blank\" rel=\"noopener noreferrer\"\u003eCybersecurity and Risk Assessment Program (CSRAP\u003c/a\u003e) to more specific uses\u003c/li\u003e\u003cli\u003eExpedite the ATO process\u0026nbsp;\u003c/li\u003e\u003cli\u003eApprove and onboard more systems to Ongoing Authorization\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAll of this means that information security and privacy activities at CMS will be aligned with federal standards for a risk-based approach, which are outlined in the \u003ca href=\"/learn/national-institute-standards-and-technology-nist#nist-cybersecurity-framework-csf\"\u003eNIST Cybersecurity Framework\u003c/a\u003e and the Federal Information Security Management Act (FISMA).\u003c/p\u003e"])</script><script>self.__next_f.push([1,"ca:{\"value\":\"$cb\",\"format\":\"body_text\",\"processed\":\"$cc\"}\nc8:{\"drupal_internal__id\":551,\"drupal_internal__revision_id\":17930,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-04T15:33:13+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$c9\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$ca\"}\nd0:{\"drupal_internal__target_id\":\"page_section\"}\ncf:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$d0\"}\nd2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500/paragraph_type?resourceVersion=id%3A17930\"}\nd3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500/relationships/paragraph_type?resourceVersion=id%3A17930\"}\nd1:{\"related\":\"$d2\",\"self\":\"$d3\"}\nce:{\"data\":\"$cf\",\"links\":\"$d1\"}\nd6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500/field_specialty_item?resourceVersion=id%3A17930\"}\nd7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500/relationships/field_specialty_item?resourceVersion=id%3A17930\"}\nd5:{\"related\":\"$d6\",\"self\":\"$d7\"}\nd4:{\"data\":null,\"links\":\"$d5\"}\ncd:{\"paragraph_type\":\"$ce\",\"field_specialty_item\":\"$d4\"}\nc5:{\"type\":\"paragraph--page_section\",\"id\":\"8e76f588-fd94-4439-b7e3-73c8b83e3500\",\"links\":\"$c6\",\"attributes\":\"$c8\",\"relationships\":\"$cd\"}\nda:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/9651d536-ad82-407a-a703-c3d54d592c93?resourceVersion=id%3A17928\"}\nd9:{\"self\":\"$da\"}\ndc:[]\nde:[]\ndd:{\"uri\":\"https://www.cisa.gov/cdm-training\",\"title\":\"\",\"options\":\"$de\",\"url\":\"https://www.cisa.gov/cdm-training\"}\ndf:{\"value\":\"The Cybersecurity and Infrastructure Agency (CISA) within DHS offers a variety of self-paced training in various formats to help anyone who is responsible for managing the security and privacy of information systems.\",\"format\":\"plain_text\",\"processed"])</script><script>self.__next_f.push([1,"\":\"\u003cp\u003eThe Cybersecurity and Infrastructure Agency (CISA) within DHS offers a variety of self-paced training in various formats to help anyone who is responsible for managing the security and privacy of information systems.\u003c/p\u003e\\n\"}\ndb:{\"drupal_internal__id\":541,\"drupal_internal__revision_id\":17928,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-04T15:09:41+00:00\",\"parent_id\":\"546\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":\"$dc\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_call_out_link\":\"$dd\",\"field_call_out_link_text\":\"Get CDM training\",\"field_call_out_text\":\"$df\",\"field_header\":\"CDM training from CISA\"}\ne3:{\"drupal_internal__target_id\":\"call_out_box\"}\ne2:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"a1d0a205-c6c9-4816-b701-4763d05de8e8\",\"meta\":\"$e3\"}\ne5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/9651d536-ad82-407a-a703-c3d54d592c93/paragraph_type?resourceVersion=id%3A17928\"}\ne6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/9651d536-ad82-407a-a703-c3d54d592c93/relationships/paragraph_type?resourceVersion=id%3A17928\"}\ne4:{\"related\":\"$e5\",\"self\":\"$e6\"}\ne1:{\"data\":\"$e2\",\"links\":\"$e4\"}\ne0:{\"paragraph_type\":\"$e1\"}\nd8:{\"type\":\"paragraph--call_out_box\",\"id\":\"9651d536-ad82-407a-a703-c3d54d592c93\",\"links\":\"$d9\",\"attributes\":\"$db\",\"relationships\":\"$e0\"}\ne9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded?resourceVersion=id%3A17931\"}\ne8:{\"self\":\"$e9\"}\neb:[]\nea:{\"drupal_internal__id\":1891,\"drupal_internal__revision_id\":17931,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:14:31+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$eb\",\"default_langcode\":true,\"revision_translation_affected\":true}\nef:{\"drupal_internal__target_id\":\"internal_link\"}\nee:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$ef\"}\nf1:{\"href\":\"https://cybergeek.cms.gov/jsona"])</script><script>self.__next_f.push([1,"pi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded/paragraph_type?resourceVersion=id%3A17931\"}\nf2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded/relationships/paragraph_type?resourceVersion=id%3A17931\"}\nf0:{\"related\":\"$f1\",\"self\":\"$f2\"}\ned:{\"data\":\"$ee\",\"links\":\"$f0\"}\nf5:{\"drupal_internal__target_id\":316}\nf4:{\"type\":\"node--explainer\",\"id\":\"a0111527-6756-4576-8c52-5a7f3a032b20\",\"meta\":\"$f5\"}\nf7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded/field_link?resourceVersion=id%3A17931\"}\nf8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded/relationships/field_link?resourceVersion=id%3A17931\"}\nf6:{\"related\":\"$f7\",\"self\":\"$f8\"}\nf3:{\"data\":\"$f4\",\"links\":\"$f6\"}\nec:{\"paragraph_type\":\"$ed\",\"field_link\":\"$f3\"}\ne7:{\"type\":\"paragraph--internal_link\",\"id\":\"bc285af3-dba7-4a12-8881-a8fed446dded\",\"links\":\"$e8\",\"attributes\":\"$ea\",\"relationships\":\"$ec\"}\nfb:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3?resourceVersion=id%3A17932\"}\nfa:{\"self\":\"$fb\"}\nfd:[]\nfc:{\"drupal_internal__id\":1896,\"drupal_internal__revision_id\":17932,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:15:00+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$fd\",\"default_langcode\":true,\"revision_translation_affected\":true}\n101:{\"drupal_internal__target_id\":\"internal_link\"}\n100:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$101\"}\n103:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3/paragraph_type?resourceVersion=id%3A17932\"}\n104:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3/relationships/paragraph_type?resourceVersion=id%3A17932\"}\n102:{\"related\":\"$103\",\"self\":\"$104\"}\nff:{\"data\":\"$100\",\"links\":\"$102\"}\n107:{\"dru"])</script><script>self.__next_f.push([1,"pal_internal__target_id\":381}\n106:{\"type\":\"node--explainer\",\"id\":\"af385f5f-f61b-47af-a235-7dc48efd251e\",\"meta\":\"$107\"}\n109:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3/field_link?resourceVersion=id%3A17932\"}\n10a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3/relationships/field_link?resourceVersion=id%3A17932\"}\n108:{\"related\":\"$109\",\"self\":\"$10a\"}\n105:{\"data\":\"$106\",\"links\":\"$108\"}\nfe:{\"paragraph_type\":\"$ff\",\"field_link\":\"$105\"}\nf9:{\"type\":\"paragraph--internal_link\",\"id\":\"1bc4b03f-652f-4fbf-8024-43e830b4b0a3\",\"links\":\"$fa\",\"attributes\":\"$fc\",\"relationships\":\"$fe\"}\n10d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39?resourceVersion=id%3A17933\"}\n10c:{\"self\":\"$10d\"}\n10f:[]\n10e:{\"drupal_internal__id\":1906,\"drupal_internal__revision_id\":17933,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:17:30+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$10f\",\"default_langcode\":true,\"revision_translation_affected\":true}\n113:{\"drupal_internal__target_id\":\"internal_link\"}\n112:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$113\"}\n115:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39/paragraph_type?resourceVersion=id%3A17933\"}\n116:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39/relationships/paragraph_type?resourceVersion=id%3A17933\"}\n114:{\"related\":\"$115\",\"self\":\"$116\"}\n111:{\"data\":\"$112\",\"links\":\"$114\"}\n119:{\"drupal_internal__target_id\":276}\n118:{\"type\":\"node--explainer\",\"id\":\"2bfd3478-c381-432c-a7ec-53fa803668ee\",\"meta\":\"$119\"}\n11b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39/field_link?resourceVersion=id%3A17933\"}\n11c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/inter"])</script><script>self.__next_f.push([1,"nal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39/relationships/field_link?resourceVersion=id%3A17933\"}\n11a:{\"related\":\"$11b\",\"self\":\"$11c\"}\n117:{\"data\":\"$118\",\"links\":\"$11a\"}\n110:{\"paragraph_type\":\"$111\",\"field_link\":\"$117\"}\n10b:{\"type\":\"paragraph--internal_link\",\"id\":\"05f865ef-4960-439b-9fca-9e7d70dfbe39\",\"links\":\"$10c\",\"attributes\":\"$10e\",\"relationships\":\"$110\"}\n11f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20?resourceVersion=id%3A5748\"}\n11e:{\"self\":\"$11f\"}\n121:{\"alias\":\"/learn/federal-information-security-modernization-act-fisma\",\"pid\":306,\"langcode\":\"en\"}\n122:{\"value\":\"FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eFISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\\n\"}\n123:[\"#ispg-sec_privacy-policy\"]\n120:{\"drupal_internal__nid\":316,\"drupal_internal__vid\":5748,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-05T15:50:25+00:00\",\"status\":true,\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"created\":\"2022-08-29T15:11:08+00:00\",\"changed\":\"2024-08-05T15:50:25+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$121\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":\"$122\",\"field_slack_channel\":\"$123\"}\n127:{\"drupal_internal__target_id\":\"explainer\"}\n126:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$127\"}\n129:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/node_type?resourceVersion=id%3A5748\"}\n12a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-67"])</script><script>self.__next_f.push([1,"56-4576-8c52-5a7f3a032b20/relationships/node_type?resourceVersion=id%3A5748\"}\n128:{\"related\":\"$129\",\"self\":\"$12a\"}\n125:{\"data\":\"$126\",\"links\":\"$128\"}\n12d:{\"drupal_internal__target_id\":159}\n12c:{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"meta\":\"$12d\"}\n12f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/revision_uid?resourceVersion=id%3A5748\"}\n130:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/revision_uid?resourceVersion=id%3A5748\"}\n12e:{\"related\":\"$12f\",\"self\":\"$130\"}\n12b:{\"data\":\"$12c\",\"links\":\"$12e\"}\n133:{\"drupal_internal__target_id\":26}\n132:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$133\"}\n135:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/uid?resourceVersion=id%3A5748\"}\n136:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/uid?resourceVersion=id%3A5748\"}\n134:{\"related\":\"$135\",\"self\":\"$136\"}\n131:{\"data\":\"$132\",\"links\":\"$134\"}\n13a:{\"target_revision_id\":19016,\"drupal_internal__target_id\":1146}\n139:{\"type\":\"paragraph--page_section\",\"id\":\"4ffd074a-8ca7-41ad-8c6c-d270330af3fa\",\"meta\":\"$13a\"}\n138:[\"$139\"]\n13c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_page_section?resourceVersion=id%3A5748\"}\n13d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_page_section?resourceVersion=id%3A5748\"}\n13b:{\"related\":\"$13c\",\"self\":\"$13d\"}\n137:{\"data\":\"$138\",\"links\":\"$13b\"}\n141:{\"target_revision_id\":19017,\"drupal_internal__target_id\":1941}\n140:{\"type\":\"paragraph--internal_link\",\"id\":\"3d88d941-7844-4a24-8d87-b884cf205f36\",\"meta\":\"$141\"}\n143:{\"target_revision_id\":19018,\"drupal_internal__target_id\":1946}\n142:{\"type\":\"paragraph--internal_link\",\"id\":\"5087f368-5c99-41a5-b39b-e27bc9df3950\",\"meta\":\"$143\"}\n145:{\"target_revision_id\":19019,\"drupal_internal__targ"])</script><script>self.__next_f.push([1,"et_id\":1951}\n144:{\"type\":\"paragraph--internal_link\",\"id\":\"4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793\",\"meta\":\"$145\"}\n147:{\"target_revision_id\":19020,\"drupal_internal__target_id\":3517}\n146:{\"type\":\"paragraph--internal_link\",\"id\":\"dd735dee-c392-4312-bc59-7a2163ad21a6\",\"meta\":\"$147\"}\n149:{\"target_revision_id\":19021,\"drupal_internal__target_id\":3518}\n148:{\"type\":\"paragraph--internal_link\",\"id\":\"b88a7b64-a818-4f85-b969-a2f77482f8ce\",\"meta\":\"$149\"}\n13f:[\"$140\",\"$142\",\"$144\",\"$146\",\"$148\"]\n14b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_related_collection?resourceVersion=id%3A5748\"}\n14c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_related_collection?resourceVersion=id%3A5748\"}\n14a:{\"related\":\"$14b\",\"self\":\"$14c\"}\n13e:{\"data\":\"$13f\",\"links\":\"$14a\"}\n14f:{\"drupal_internal__target_id\":131}\n14e:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$14f\"}\n151:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_resource_type?resourceVersion=id%3A5748\"}\n152:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_resource_type?resourceVersion=id%3A5748\"}\n150:{\"related\":\"$151\",\"self\":\"$152\"}\n14d:{\"data\":\"$14e\",\"links\":\"$150\"}\n156:{\"drupal_internal__target_id\":66}\n155:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$156\"}\n158:{\"drupal_internal__target_id\":81}\n157:{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"meta\":\"$158\"}\n15a:{\"drupal_internal__target_id\":61}\n159:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$15a\"}\n15c:{\"drupal_internal__target_id\":76}\n15b:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$15c\"}\n15e:{\"drupal_internal__target_id\":71}\n15d:{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":\"$1"])</script><script>self.__next_f.push([1,"5e\"}\n154:[\"$155\",\"$157\",\"$159\",\"$15b\",\"$15d\"]\n160:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_roles?resourceVersion=id%3A5748\"}\n161:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_roles?resourceVersion=id%3A5748\"}\n15f:{\"related\":\"$160\",\"self\":\"$161\"}\n153:{\"data\":\"$154\",\"links\":\"$15f\"}\n165:{\"drupal_internal__target_id\":21}\n164:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":\"$165\"}\n163:[\"$164\"]\n167:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_topics?resourceVersion=id%3A5748\"}\n168:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_topics?resourceVersion=id%3A5748\"}\n166:{\"related\":\"$167\",\"self\":\"$168\"}\n162:{\"data\":\"$163\",\"links\":\"$166\"}\n124:{\"node_type\":\"$125\",\"revision_uid\":\"$12b\",\"uid\":\"$131\",\"field_page_section\":\"$137\",\"field_related_collection\":\"$13e\",\"field_resource_type\":\"$14d\",\"field_roles\":\"$153\",\"field_topics\":\"$162\"}\n11d:{\"type\":\"node--explainer\",\"id\":\"a0111527-6756-4576-8c52-5a7f3a032b20\",\"links\":\"$11e\",\"attributes\":\"$120\",\"relationships\":\"$124\"}\n16b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e?resourceVersion=id%3A5993\"}\n16a:{\"self\":\"$16b\"}\n16d:{\"alias\":\"/learn/national-institute-standards-and-technology-nist\",\"pid\":371,\"langcode\":\"en\"}\n16e:{\"value\":\"Information about NIST and how the agency's policies and guidance relate to security and privacy at CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eInformation about NIST and how the agency\u0026#039;s policies and guidance relate to security and privacy at CMS\u003c/p\u003e\\n\"}\n16f:[\"#security_community\"]\n16c:{\"drupal_internal__nid\":381,\"drupal_internal__vid\":5993,\"langcode\":\"en\",\"revision_timestamp\":\"2024-12-03T14:43:06+00:00\",\"status\":true,\"title\":\"National Institute of Standards and Technology (NIST)\",\"created\":\"2022-08-29T16:46:36+00:00\",\"changed\":\""])</script><script>self.__next_f.push([1,"2024-12-03T14:43:06+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$16d\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":\"$16e\",\"field_slack_channel\":\"$16f\"}\n173:{\"drupal_internal__target_id\":\"explainer\"}\n172:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$173\"}\n175:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/node_type?resourceVersion=id%3A5993\"}\n176:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/node_type?resourceVersion=id%3A5993\"}\n174:{\"related\":\"$175\",\"self\":\"$176\"}\n171:{\"data\":\"$172\",\"links\":\"$174\"}\n179:{\"drupal_internal__target_id\":6}\n178:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$179\"}\n17b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/revision_uid?resourceVersion=id%3A5993\"}\n17c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/revision_uid?resourceVersion=id%3A5993\"}\n17a:{\"related\":\"$17b\",\"self\":\"$17c\"}\n177:{\"data\":\"$178\",\"links\":\"$17a\"}\n17f:{\"drupal_internal__target_id\":26}\n17e:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$17f\"}\n181:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/uid?resourceVersion=id%3A5993\"}\n182:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/uid?resourceVersion=id%3A5993\"}\n180:{\"related\":\"$181\",\"self\":\"$182\"}\n17d:{\"data\":\"$17e\",\"links\":\"$180\"}\n186:{\"target_revision_id\":19645,\"drupal_internal__target_id\":496}\n185:{\"type\":\"paragraph--page_section\",\"id\":\"65807e01-7389-4561-8818"])</script><script>self.__next_f.push([1,"-b4453d59c7ac\",\"meta\":\"$186\"}\n184:[\"$185\"]\n188:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_page_section?resourceVersion=id%3A5993\"}\n189:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_page_section?resourceVersion=id%3A5993\"}\n187:{\"related\":\"$188\",\"self\":\"$189\"}\n183:{\"data\":\"$184\",\"links\":\"$187\"}\n18d:{\"target_revision_id\":19646,\"drupal_internal__target_id\":2001}\n18c:{\"type\":\"paragraph--internal_link\",\"id\":\"858b57e7-3499-42a6-9fd4-b045a2aa9c42\",\"meta\":\"$18d\"}\n18f:{\"target_revision_id\":19647,\"drupal_internal__target_id\":2011}\n18e:{\"type\":\"paragraph--internal_link\",\"id\":\"d171c5fe-3bb3-47be-bd3e-c53cc75c4f9e\",\"meta\":\"$18f\"}\n191:{\"target_revision_id\":19648,\"drupal_internal__target_id\":2286}\n190:{\"type\":\"paragraph--internal_link\",\"id\":\"26c9c7a0-fcc3-4d04-ab8c-21924a868e28\",\"meta\":\"$191\"}\n193:{\"target_revision_id\":19649,\"drupal_internal__target_id\":2281}\n192:{\"type\":\"paragraph--internal_link\",\"id\":\"4e888450-31b6-43e1-95a0-9ac56298fcc9\",\"meta\":\"$193\"}\n195:{\"target_revision_id\":19650,\"drupal_internal__target_id\":2291}\n194:{\"type\":\"paragraph--internal_link\",\"id\":\"f43c4cb2-4d4e-4020-a165-aab378f6254d\",\"meta\":\"$195\"}\n18b:[\"$18c\",\"$18e\",\"$190\",\"$192\",\"$194\"]\n197:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_related_collection?resourceVersion=id%3A5993\"}\n198:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_related_collection?resourceVersion=id%3A5993\"}\n196:{\"related\":\"$197\",\"self\":\"$198\"}\n18a:{\"data\":\"$18b\",\"links\":\"$196\"}\n19b:{\"drupal_internal__target_id\":131}\n19a:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$19b\"}\n19d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_resource_type?resourceVersion=id%3A5993\"}\n19e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a2"])</script><script>self.__next_f.push([1,"35-7dc48efd251e/relationships/field_resource_type?resourceVersion=id%3A5993\"}\n19c:{\"related\":\"$19d\",\"self\":\"$19e\"}\n199:{\"data\":\"$19a\",\"links\":\"$19c\"}\n1a0:[]\n1a2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_roles?resourceVersion=id%3A5993\"}\n1a3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_roles?resourceVersion=id%3A5993\"}\n1a1:{\"related\":\"$1a2\",\"self\":\"$1a3\"}\n19f:{\"data\":\"$1a0\",\"links\":\"$1a1\"}\n1a7:{\"drupal_internal__target_id\":21}\n1a6:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":\"$1a7\"}\n1a5:[\"$1a6\"]\n1a9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_topics?resourceVersion=id%3A5993\"}\n1aa:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_topics?resourceVersion=id%3A5993\"}\n1a8:{\"related\":\"$1a9\",\"self\":\"$1aa\"}\n1a4:{\"data\":\"$1a5\",\"links\":\"$1a8\"}\n170:{\"node_type\":\"$171\",\"revision_uid\":\"$177\",\"uid\":\"$17d\",\"field_page_section\":\"$183\",\"field_related_collection\":\"$18a\",\"field_resource_type\":\"$199\",\"field_roles\":\"$19f\",\"field_topics\":\"$1a4\"}\n169:{\"type\":\"node--explainer\",\"id\":\"af385f5f-f61b-47af-a235-7dc48efd251e\",\"links\":\"$16a\",\"attributes\":\"$16c\",\"relationships\":\"$170\"}\n1ad:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee?resourceVersion=id%3A6081\"}\n1ac:{\"self\":\"$1ad\"}\n1af:{\"alias\":\"/learn/cyber-risk-reports\",\"pid\":266,\"langcode\":\"en\"}\n1b0:{\"value\":\"Reports and dashboards to help stakeholders of CMS FISMA systems identify risk-reduction activities and protect sensitive data from cyber threats\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eReports and dashboards to help stakeholders of CMS FISMA systems identify risk-reduction activities and protect sensitive data from cyber threats\u003c/p\u003e\\n\"}\n1b1:[\"#cyber-risk-management\"]\n1ae:{\"drupal_internal__nid\":276,\"drupal_internal__vid\":6081,\"langcode\":\"en\",\"revision_tim"])</script><script>self.__next_f.push([1,"estamp\":\"2025-01-15T19:24:02+00:00\",\"status\":true,\"title\":\"Cyber Risk Reports (CRR)\",\"created\":\"2022-08-26T15:05:42+00:00\",\"changed\":\"2025-01-14T20:34:25+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$1af\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CRMPMO@cms.hhs.gov\",\"field_contact_name\":\"CRM Team\",\"field_short_description\":\"$1b0\",\"field_slack_channel\":\"$1b1\"}\n1b5:{\"drupal_internal__target_id\":\"explainer\"}\n1b4:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$1b5\"}\n1b7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/node_type?resourceVersion=id%3A6081\"}\n1b8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/node_type?resourceVersion=id%3A6081\"}\n1b6:{\"related\":\"$1b7\",\"self\":\"$1b8\"}\n1b3:{\"data\":\"$1b4\",\"links\":\"$1b6\"}\n1bb:{\"drupal_internal__target_id\":107}\n1ba:{\"type\":\"user--user\",\"id\":\"7e79c546-d123-46dd-9480-b7f2e7d81691\",\"meta\":\"$1bb\"}\n1bd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/revision_uid?resourceVersion=id%3A6081\"}\n1be:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/revision_uid?resourceVersion=id%3A6081\"}\n1bc:{\"related\":\"$1bd\",\"self\":\"$1be\"}\n1b9:{\"data\":\"$1ba\",\"links\":\"$1bc\"}\n1c1:{\"drupal_internal__target_id\":26}\n1c0:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$1c1\"}\n1c3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/uid?resourceVersion=id%3A6081\"}\n1c4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/uid?resourceVersion=id%3A6081\"}\n1c2:{\"related\":\"$1c3\",\"self\":\"$1c4\"}\n1bf:{\"data\":\"$1c0\",\"links\":\"$1c2\"}\n1c8"])</script><script>self.__next_f.push([1,":{\"target_revision_id\":19976,\"drupal_internal__target_id\":1041}\n1c7:{\"type\":\"paragraph--page_section\",\"id\":\"99eb2a67-6873-48f2-9027-a58a87a1ef43\",\"meta\":\"$1c8\"}\n1ca:{\"target_revision_id\":19981,\"drupal_internal__target_id\":1051}\n1c9:{\"type\":\"paragraph--page_section\",\"id\":\"55411c7e-d16e-4e24-9ec0-e61d07f1aaab\",\"meta\":\"$1ca\"}\n1cc:{\"target_revision_id\":19986,\"drupal_internal__target_id\":1061}\n1cb:{\"type\":\"paragraph--page_section\",\"id\":\"1ed92f8d-8be4-41a2-bc9c-e012801a98bf\",\"meta\":\"$1cc\"}\n1ce:{\"target_revision_id\":19996,\"drupal_internal__target_id\":1071}\n1cd:{\"type\":\"paragraph--page_section\",\"id\":\"9ab563ca-90a0-4ff0-a86c-2b0de01421c2\",\"meta\":\"$1ce\"}\n1d0:{\"target_revision_id\":20006,\"drupal_internal__target_id\":1091}\n1cf:{\"type\":\"paragraph--page_section\",\"id\":\"d2de38a5-dc24-41cd-9344-bb7d2240b7f4\",\"meta\":\"$1d0\"}\n1d2:{\"target_revision_id\":20016,\"drupal_internal__target_id\":1101}\n1d1:{\"type\":\"paragraph--page_section\",\"id\":\"8383a3b3-7807-40a8-96f7-0197052ff373\",\"meta\":\"$1d2\"}\n1c6:[\"$1c7\",\"$1c9\",\"$1cb\",\"$1cd\",\"$1cf\",\"$1d1\"]\n1d4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_page_section?resourceVersion=id%3A6081\"}\n1d5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_page_section?resourceVersion=id%3A6081\"}\n1d3:{\"related\":\"$1d4\",\"self\":\"$1d5\"}\n1c5:{\"data\":\"$1c6\",\"links\":\"$1d3\"}\n1d9:{\"target_revision_id\":20021,\"drupal_internal__target_id\":1911}\n1d8:{\"type\":\"paragraph--internal_link\",\"id\":\"b0c313be-306b-48cd-b0bf-8a70f2bae7fb\",\"meta\":\"$1d9\"}\n1db:{\"target_revision_id\":20026,\"drupal_internal__target_id\":1916}\n1da:{\"type\":\"paragraph--internal_link\",\"id\":\"32ab944d-d8c2-480b-b01e-85fa1a7eaf17\",\"meta\":\"$1db\"}\n1dd:{\"target_revision_id\":20031,\"drupal_internal__target_id\":3386}\n1dc:{\"type\":\"paragraph--internal_link\",\"id\":\"21220e28-a46b-469f-9033-3e3482d07b4e\",\"meta\":\"$1dd\"}\n1df:{\"target_revision_id\":20036,\"drupal_internal__target_id\":3387}\n1de:{\"type\":\"paragraph--internal_link\",\"id\":\"1dc73a64-e5a5-419e-9363-9e91887427"])</script><script>self.__next_f.push([1,"be\",\"meta\":\"$1df\"}\n1d7:[\"$1d8\",\"$1da\",\"$1dc\",\"$1de\"]\n1e1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_related_collection?resourceVersion=id%3A6081\"}\n1e2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_related_collection?resourceVersion=id%3A6081\"}\n1e0:{\"related\":\"$1e1\",\"self\":\"$1e2\"}\n1d6:{\"data\":\"$1d7\",\"links\":\"$1e0\"}\n1e5:{\"drupal_internal__target_id\":121}\n1e4:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":\"$1e5\"}\n1e7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_resource_type?resourceVersion=id%3A6081\"}\n1e8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_resource_type?resourceVersion=id%3A6081\"}\n1e6:{\"related\":\"$1e7\",\"self\":\"$1e8\"}\n1e3:{\"data\":\"$1e4\",\"links\":\"$1e6\"}\n1ec:{\"drupal_internal__target_id\":66}\n1eb:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$1ec\"}\n1ee:{\"drupal_internal__target_id\":61}\n1ed:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$1ee\"}\n1f0:{\"drupal_internal__target_id\":76}\n1ef:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$1f0\"}\n1f2:{\"drupal_internal__target_id\":71}\n1f1:{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":\"$1f2\"}\n1ea:[\"$1eb\",\"$1ed\",\"$1ef\",\"$1f1\"]\n1f4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_roles?resourceVersion=id%3A6081\"}\n1f5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_roles?resourceVersion=id%3A6081\"}\n1f3:{\"related\":\"$1f4\",\"self\":\"$1f5\"}\n1e9:{\"data\":\"$1ea\",\"links\":\"$1f3\"}\n1f9:{\"drupal_internal__target_id\":36}\n1f8:{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":\"$1f9\"}\n1f7:[\"$1f8\"]\n1fb:{\"href\":"])</script><script>self.__next_f.push([1,"\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_topics?resourceVersion=id%3A6081\"}\n1fc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_topics?resourceVersion=id%3A6081\"}\n1fa:{\"related\":\"$1fb\",\"self\":\"$1fc\"}\n1f6:{\"data\":\"$1f7\",\"links\":\"$1fa\"}\n1b2:{\"node_type\":\"$1b3\",\"revision_uid\":\"$1b9\",\"uid\":\"$1bf\",\"field_page_section\":\"$1c5\",\"field_related_collection\":\"$1d6\",\"field_resource_type\":\"$1e3\",\"field_roles\":\"$1e9\",\"field_topics\":\"$1f6\"}\n1ab:{\"type\":\"node--explainer\",\"id\":\"2bfd3478-c381-432c-a7ec-53fa803668ee\",\"links\":\"$1ac\",\"attributes\":\"$1ae\",\"relationships\":\"$1b2\"}\n"])</script><script>self.__next_f.push([1,"5:[\"$\",\"$L17\",null,{\"content\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"1f32f891-d557-40ae-84b5-2cecc9300e08\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08?resourceVersion=id%3A5525\"}},\"attributes\":{\"drupal_internal__nid\":676,\"drupal_internal__vid\":5525,\"langcode\":\"en\",\"revision_timestamp\":\"2024-06-04T17:13:19+00:00\",\"status\":true,\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"created\":\"2023-02-04T14:55:07+00:00\",\"changed\":\"2024-06-04T17:13:19+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"pid\":666,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CDMPMO@cms.hhs.gov\",\"field_contact_name\":\"CDM team\",\"field_short_description\":{\"value\":\"Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eAutomated scanning and risk analysis to strengthen the security posture of CMS FISMA systems\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#cyber-risk-management\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/node_type?resourceVersion=id%3A5525\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/relationships/node_type?resourceVersion=id%3A5525\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"7e79c546-d123-46dd-9480-b7f2e7d81691\",\"meta\":{\"drupal_internal__target_id\":107}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/revision_uid?resourceVersion=id%3A5525\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/relationships/revision_uid?resourceVersion=id%3A5525\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/uid?resourceVersion=id%3A5525\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/relationships/uid?resourceVersion=id%3A5525\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"8b7bda2b-e3dc-4760-9901-27255f14ff41\",\"meta\":{\"target_revision_id\":17929,\"drupal_internal__target_id\":546}},{\"type\":\"paragraph--page_section\",\"id\":\"8e76f588-fd94-4439-b7e3-73c8b83e3500\",\"meta\":{\"target_revision_id\":17930,\"drupal_internal__target_id\":551}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/field_page_section?resourceVersion=id%3A5525\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/relationships/field_page_section?resourceVersion=id%3A5525\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"bc285af3-dba7-4a12-8881-a8fed446dded\",\"meta\":{\"target_revision_id\":17931,\"drupal_internal__target_id\":1891}},{\"type\":\"paragraph--internal_link\",\"id\":\"1bc4b03f-652f-4fbf-8024-43e830b4b0a3\",\"meta\":{\"target_revision_id\":17932,\"drupal_internal__target_id\":1896}},{\"type\":\"paragraph--internal_link\",\"id\":\"05f865ef-4960-439b-9fca-9e7d70dfbe39\",\"meta\":{\"target_revision_id\":17933,\"drupal_internal__target_id\":1906}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/field_related_collection?resourceVersion=id%3A5525\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/relationships/field_related_collection?resourceVersion=id%3A5525\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":{\"drupal_internal__target_id\":121}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/field_resource_type?resourceVersion=id%3A5525\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/relationships/field_resource_type?resourceVersion=id%3A5525\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/field_roles?resourceVersion=id%3A5525\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/relationships/field_roles?resourceVersion=id%3A5525\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":{\"drupal_internal__target_id\":36}},{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"meta\":{\"drupal_internal__target_id\":11}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/field_topics?resourceVersion=id%3A5525\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/1f32f891-d557-40ae-84b5-2cecc9300e08/relationships/field_topics?resourceVersion=id%3A5525\"}}}}},\"included\":[{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}},\"attributes\":{\"langcode\":\"en\",\"status\":true,\"dependencies\":{\"module\":[\"menu_ui\",\"scheduler\"]},\"third_party_settings\":{\"menu_ui\":{\"available_menus\":[],\"parent\":\"\"},\"scheduler\":{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}},\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}},{\"type\":\"user--user\",\"id\":\"7e79c546-d123-46dd-9480-b7f2e7d81691\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/7e79c546-d123-46dd-9480-b7f2e7d81691\"}},\"attributes\":{\"display_name\":\"gollange\"}},{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/e352e203-fe9c-47ba-af75-2c7f8302fca8\"}},\"attributes\":{\"display_name\":\"mburgess\"}},{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4?resourceVersion=id%3A121\"}},\"attributes\":{\"drupal_internal__tid\":121,\"drupal_internal__revision_id\":121,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:12+00:00\",\"status\":true,\"name\":\"Tools / Services\",\"description\":null,\"weight\":5,\"changed\":\"2023-06-14T19:04:09+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":{\"drupal_internal__target_id\":\"resource_type\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/vid?resourceVersion=id%3A121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/vid?resourceVersion=id%3A121\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/revision_user?resourceVersion=id%3A121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/revision_user?resourceVersion=id%3A121\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/parent?resourceVersion=id%3A121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/9e907eeb-b0a8-4dd3-8818-37cb1557a8f4/relationships/parent?resourceVersion=id%3A121\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}},\"attributes\":{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}},\"attributes\":{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305?resourceVersion=id%3A36\"}},\"attributes\":{\"drupal_internal__tid\":36,\"drupal_internal__revision_id\":36,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:55+00:00\",\"status\":true,\"name\":\"Risk Management \u0026 Reporting\",\"description\":null,\"weight\":5,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/vid?resourceVersion=id%3A36\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/vid?resourceVersion=id%3A36\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/revision_user?resourceVersion=id%3A36\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/revision_user?resourceVersion=id%3A36\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/parent?resourceVersion=id%3A36\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/65ef6410-4066-4db4-be03-c8eb26b63305/relationships/parent?resourceVersion=id%3A36\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e?resourceVersion=id%3A11\"}},\"attributes\":{\"drupal_internal__tid\":11,\"drupal_internal__revision_id\":11,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:12+00:00\",\"status\":true,\"name\":\"System Authorization\",\"description\":null,\"weight\":7,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/vid?resourceVersion=id%3A11\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/vid?resourceVersion=id%3A11\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/revision_user?resourceVersion=id%3A11\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/revision_user?resourceVersion=id%3A11\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/parent?resourceVersion=id%3A11\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/0bc7c1d0-b569-4514-b66c-367457dead7e/relationships/parent?resourceVersion=id%3A11\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"8b7bda2b-e3dc-4760-9901-27255f14ff41\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41?resourceVersion=id%3A17929\"}},\"attributes\":{\"drupal_internal__id\":546,\"drupal_internal__revision_id\":17929,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-04T15:09:41+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$18\",\"format\":\"body_text\",\"processed\":\"$19\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41/paragraph_type?resourceVersion=id%3A17929\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41/relationships/paragraph_type?resourceVersion=id%3A17929\"}}},\"field_specialty_item\":{\"data\":{\"type\":\"paragraph--call_out_box\",\"id\":\"9651d536-ad82-407a-a703-c3d54d592c93\",\"meta\":{\"target_revision_id\":17928,\"drupal_internal__target_id\":541}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41/field_specialty_item?resourceVersion=id%3A17929\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8b7bda2b-e3dc-4760-9901-27255f14ff41/relationships/field_specialty_item?resourceVersion=id%3A17929\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"8e76f588-fd94-4439-b7e3-73c8b83e3500\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500?resourceVersion=id%3A17930\"}},\"attributes\":{\"drupal_internal__id\":551,\"drupal_internal__revision_id\":17930,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-04T15:33:13+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$1a\",\"format\":\"body_text\",\"processed\":\"$1b\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500/paragraph_type?resourceVersion=id%3A17930\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500/relationships/paragraph_type?resourceVersion=id%3A17930\"}}},\"field_specialty_item\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500/field_specialty_item?resourceVersion=id%3A17930\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/8e76f588-fd94-4439-b7e3-73c8b83e3500/relationships/field_specialty_item?resourceVersion=id%3A17930\"}}}}},{\"type\":\"paragraph--call_out_box\",\"id\":\"9651d536-ad82-407a-a703-c3d54d592c93\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/9651d536-ad82-407a-a703-c3d54d592c93?resourceVersion=id%3A17928\"}},\"attributes\":{\"drupal_internal__id\":541,\"drupal_internal__revision_id\":17928,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-04T15:09:41+00:00\",\"parent_id\":\"546\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_call_out_link\":{\"uri\":\"https://www.cisa.gov/cdm-training\",\"title\":\"\",\"options\":[],\"url\":\"https://www.cisa.gov/cdm-training\"},\"field_call_out_link_text\":\"Get CDM training\",\"field_call_out_text\":{\"value\":\"The Cybersecurity and Infrastructure Agency (CISA) within DHS offers a variety of self-paced training in various formats to help anyone who is responsible for managing the security and privacy of information systems.\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eThe Cybersecurity and Infrastructure Agency (CISA) within DHS offers a variety of self-paced training in various formats to help anyone who is responsible for managing the security and privacy of information systems.\u003c/p\u003e\\n\"},\"field_header\":\"CDM training from CISA\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"a1d0a205-c6c9-4816-b701-4763d05de8e8\",\"meta\":{\"drupal_internal__target_id\":\"call_out_box\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/9651d536-ad82-407a-a703-c3d54d592c93/paragraph_type?resourceVersion=id%3A17928\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/9651d536-ad82-407a-a703-c3d54d592c93/relationships/paragraph_type?resourceVersion=id%3A17928\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"bc285af3-dba7-4a12-8881-a8fed446dded\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded?resourceVersion=id%3A17931\"}},\"attributes\":{\"drupal_internal__id\":1891,\"drupal_internal__revision_id\":17931,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:14:31+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded/paragraph_type?resourceVersion=id%3A17931\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded/relationships/paragraph_type?resourceVersion=id%3A17931\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"a0111527-6756-4576-8c52-5a7f3a032b20\",\"meta\":{\"drupal_internal__target_id\":316}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded/field_link?resourceVersion=id%3A17931\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/bc285af3-dba7-4a12-8881-a8fed446dded/relationships/field_link?resourceVersion=id%3A17931\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"1bc4b03f-652f-4fbf-8024-43e830b4b0a3\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3?resourceVersion=id%3A17932\"}},\"attributes\":{\"drupal_internal__id\":1896,\"drupal_internal__revision_id\":17932,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:15:00+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3/paragraph_type?resourceVersion=id%3A17932\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3/relationships/paragraph_type?resourceVersion=id%3A17932\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"af385f5f-f61b-47af-a235-7dc48efd251e\",\"meta\":{\"drupal_internal__target_id\":381}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3/field_link?resourceVersion=id%3A17932\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/1bc4b03f-652f-4fbf-8024-43e830b4b0a3/relationships/field_link?resourceVersion=id%3A17932\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"05f865ef-4960-439b-9fca-9e7d70dfbe39\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39?resourceVersion=id%3A17933\"}},\"attributes\":{\"drupal_internal__id\":1906,\"drupal_internal__revision_id\":17933,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:17:30+00:00\",\"parent_id\":\"676\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39/paragraph_type?resourceVersion=id%3A17933\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39/relationships/paragraph_type?resourceVersion=id%3A17933\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"2bfd3478-c381-432c-a7ec-53fa803668ee\",\"meta\":{\"drupal_internal__target_id\":276}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39/field_link?resourceVersion=id%3A17933\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/05f865ef-4960-439b-9fca-9e7d70dfbe39/relationships/field_link?resourceVersion=id%3A17933\"}}}}},{\"type\":\"node--explainer\",\"id\":\"a0111527-6756-4576-8c52-5a7f3a032b20\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20?resourceVersion=id%3A5748\"}},\"attributes\":{\"drupal_internal__nid\":316,\"drupal_internal__vid\":5748,\"langcode\":\"en\",\"revision_timestamp\":\"2024-08-05T15:50:25+00:00\",\"status\":true,\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"created\":\"2022-08-29T15:11:08+00:00\",\"changed\":\"2024-08-05T15:50:25+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/federal-information-security-modernization-act-fisma\",\"pid\":306,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":{\"value\":\"FISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eFISMA is federal legislation that defines a framework of guidelines and security standards to protect government information and operations\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#ispg-sec_privacy-policy\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/node_type?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/node_type?resourceVersion=id%3A5748\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"4420e728-6dc2-4022-bf8d-5bd1329e5e64\",\"meta\":{\"drupal_internal__target_id\":159}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/revision_uid?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/revision_uid?resourceVersion=id%3A5748\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/uid?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/uid?resourceVersion=id%3A5748\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"4ffd074a-8ca7-41ad-8c6c-d270330af3fa\",\"meta\":{\"target_revision_id\":19016,\"drupal_internal__target_id\":1146}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_page_section?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_page_section?resourceVersion=id%3A5748\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"3d88d941-7844-4a24-8d87-b884cf205f36\",\"meta\":{\"target_revision_id\":19017,\"drupal_internal__target_id\":1941}},{\"type\":\"paragraph--internal_link\",\"id\":\"5087f368-5c99-41a5-b39b-e27bc9df3950\",\"meta\":{\"target_revision_id\":19018,\"drupal_internal__target_id\":1946}},{\"type\":\"paragraph--internal_link\",\"id\":\"4b2ee6b4-cbfd-46c8-a65f-9b2b18e1a793\",\"meta\":{\"target_revision_id\":19019,\"drupal_internal__target_id\":1951}},{\"type\":\"paragraph--internal_link\",\"id\":\"dd735dee-c392-4312-bc59-7a2163ad21a6\",\"meta\":{\"target_revision_id\":19020,\"drupal_internal__target_id\":3517}},{\"type\":\"paragraph--internal_link\",\"id\":\"b88a7b64-a818-4f85-b969-a2f77482f8ce\",\"meta\":{\"target_revision_id\":19021,\"drupal_internal__target_id\":3518}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_related_collection?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_related_collection?resourceVersion=id%3A5748\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_resource_type?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_resource_type?resourceVersion=id%3A5748\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"meta\":{\"drupal_internal__target_id\":81}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":{\"drupal_internal__target_id\":71}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_roles?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_roles?resourceVersion=id%3A5748\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/field_topics?resourceVersion=id%3A5748\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a0111527-6756-4576-8c52-5a7f3a032b20/relationships/field_topics?resourceVersion=id%3A5748\"}}}}},{\"type\":\"node--explainer\",\"id\":\"af385f5f-f61b-47af-a235-7dc48efd251e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e?resourceVersion=id%3A5993\"}},\"attributes\":{\"drupal_internal__nid\":381,\"drupal_internal__vid\":5993,\"langcode\":\"en\",\"revision_timestamp\":\"2024-12-03T14:43:06+00:00\",\"status\":true,\"title\":\"National Institute of Standards and Technology (NIST)\",\"created\":\"2022-08-29T16:46:36+00:00\",\"changed\":\"2024-12-03T14:43:06+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/national-institute-standards-and-technology-nist\",\"pid\":371,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":{\"value\":\"Information about NIST and how the agency's policies and guidance relate to security and privacy at CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eInformation about NIST and how the agency\u0026#039;s policies and guidance relate to security and privacy at CMS\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#security_community\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/node_type?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/node_type?resourceVersion=id%3A5993\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/revision_uid?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/revision_uid?resourceVersion=id%3A5993\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/uid?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/uid?resourceVersion=id%3A5993\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"65807e01-7389-4561-8818-b4453d59c7ac\",\"meta\":{\"target_revision_id\":19645,\"drupal_internal__target_id\":496}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_page_section?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_page_section?resourceVersion=id%3A5993\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"858b57e7-3499-42a6-9fd4-b045a2aa9c42\",\"meta\":{\"target_revision_id\":19646,\"drupal_internal__target_id\":2001}},{\"type\":\"paragraph--internal_link\",\"id\":\"d171c5fe-3bb3-47be-bd3e-c53cc75c4f9e\",\"meta\":{\"target_revision_id\":19647,\"drupal_internal__target_id\":2011}},{\"type\":\"paragraph--internal_link\",\"id\":\"26c9c7a0-fcc3-4d04-ab8c-21924a868e28\",\"meta\":{\"target_revision_id\":19648,\"drupal_internal__target_id\":2286}},{\"type\":\"paragraph--internal_link\",\"id\":\"4e888450-31b6-43e1-95a0-9ac56298fcc9\",\"meta\":{\"target_revision_id\":19649,\"drupal_internal__target_id\":2281}},{\"type\":\"paragraph--internal_link\",\"id\":\"f43c4cb2-4d4e-4020-a165-aab378f6254d\",\"meta\":{\"target_revision_id\":19650,\"drupal_internal__target_id\":2291}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_related_collection?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_related_collection?resourceVersion=id%3A5993\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_resource_type?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_resource_type?resourceVersion=id%3A5993\"}}},\"field_roles\":{\"data\":[],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_roles?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_roles?resourceVersion=id%3A5993\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/field_topics?resourceVersion=id%3A5993\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/af385f5f-f61b-47af-a235-7dc48efd251e/relationships/field_topics?resourceVersion=id%3A5993\"}}}}},{\"type\":\"node--explainer\",\"id\":\"2bfd3478-c381-432c-a7ec-53fa803668ee\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee?resourceVersion=id%3A6081\"}},\"attributes\":{\"drupal_internal__nid\":276,\"drupal_internal__vid\":6081,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-15T19:24:02+00:00\",\"status\":true,\"title\":\"Cyber Risk Reports (CRR)\",\"created\":\"2022-08-26T15:05:42+00:00\",\"changed\":\"2025-01-14T20:34:25+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/cyber-risk-reports\",\"pid\":266,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CRMPMO@cms.hhs.gov\",\"field_contact_name\":\"CRM Team\",\"field_short_description\":{\"value\":\"Reports and dashboards to help stakeholders of CMS FISMA systems identify risk-reduction activities and protect sensitive data from cyber threats\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eReports and dashboards to help stakeholders of CMS FISMA systems identify risk-reduction activities and protect sensitive data from cyber threats\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#cyber-risk-management\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/node_type?resourceVersion=id%3A6081\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/node_type?resourceVersion=id%3A6081\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"7e79c546-d123-46dd-9480-b7f2e7d81691\",\"meta\":{\"drupal_internal__target_id\":107}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/revision_uid?resourceVersion=id%3A6081\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/revision_uid?resourceVersion=id%3A6081\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/uid?resourceVersion=id%3A6081\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/uid?resourceVersion=id%3A6081\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"99eb2a67-6873-48f2-9027-a58a87a1ef43\",\"meta\":{\"target_revision_id\":19976,\"drupal_internal__target_id\":1041}},{\"type\":\"paragraph--page_section\",\"id\":\"55411c7e-d16e-4e24-9ec0-e61d07f1aaab\",\"meta\":{\"target_revision_id\":19981,\"drupal_internal__target_id\":1051}},{\"type\":\"paragraph--page_section\",\"id\":\"1ed92f8d-8be4-41a2-bc9c-e012801a98bf\",\"meta\":{\"target_revision_id\":19986,\"drupal_internal__target_id\":1061}},{\"type\":\"paragraph--page_section\",\"id\":\"9ab563ca-90a0-4ff0-a86c-2b0de01421c2\",\"meta\":{\"target_revision_id\":19996,\"drupal_internal__target_id\":1071}},{\"type\":\"paragraph--page_section\",\"id\":\"d2de38a5-dc24-41cd-9344-bb7d2240b7f4\",\"meta\":{\"target_revision_id\":20006,\"drupal_internal__target_id\":1091}},{\"type\":\"paragraph--page_section\",\"id\":\"8383a3b3-7807-40a8-96f7-0197052ff373\",\"meta\":{\"target_revision_id\":20016,\"drupal_internal__target_id\":1101}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_page_section?resourceVersion=id%3A6081\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_page_section?resourceVersion=id%3A6081\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"b0c313be-306b-48cd-b0bf-8a70f2bae7fb\",\"meta\":{\"target_revision_id\":20021,\"drupal_internal__target_id\":1911}},{\"type\":\"paragraph--internal_link\",\"id\":\"32ab944d-d8c2-480b-b01e-85fa1a7eaf17\",\"meta\":{\"target_revision_id\":20026,\"drupal_internal__target_id\":1916}},{\"type\":\"paragraph--internal_link\",\"id\":\"21220e28-a46b-469f-9033-3e3482d07b4e\",\"meta\":{\"target_revision_id\":20031,\"drupal_internal__target_id\":3386}},{\"type\":\"paragraph--internal_link\",\"id\":\"1dc73a64-e5a5-419e-9363-9e91887427be\",\"meta\":{\"target_revision_id\":20036,\"drupal_internal__target_id\":3387}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_related_collection?resourceVersion=id%3A6081\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_related_collection?resourceVersion=id%3A6081\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":{\"drupal_internal__target_id\":121}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_resource_type?resourceVersion=id%3A6081\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_resource_type?resourceVersion=id%3A6081\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":{\"drupal_internal__target_id\":71}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_roles?resourceVersion=id%3A6081\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_roles?resourceVersion=id%3A6081\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"65ef6410-4066-4db4-be03-c8eb26b63305\",\"meta\":{\"drupal_internal__target_id\":36}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/field_topics?resourceVersion=id%3A6081\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/2bfd3478-c381-432c-a7ec-53fa803668ee/relationships/field_topics?resourceVersion=id%3A6081\"}}}}}],\"includedMap\":{\"d185e460-4998-4d2b-85cb-b04f304dfb1b\":\"$1c\",\"7e79c546-d123-46dd-9480-b7f2e7d81691\":\"$26\",\"e352e203-fe9c-47ba-af75-2c7f8302fca8\":\"$2a\",\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\":\"$2e\",\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\":\"$48\",\"f591f442-c0b0-4b8e-af66-7998a3329f34\":\"$62\",\"65ef6410-4066-4db4-be03-c8eb26b63305\":\"$7c\",\"0bc7c1d0-b569-4514-b66c-367457dead7e\":\"$96\",\"8b7bda2b-e3dc-4760-9901-27255f14ff41\":\"$b0\",\"8e76f588-fd94-4439-b7e3-73c8b83e3500\":\"$c5\",\"9651d536-ad82-407a-a703-c3d54d592c93\":\"$d8\",\"bc285af3-dba7-4a12-8881-a8fed446dded\":\"$e7\",\"1bc4b03f-652f-4fbf-8024-43e830b4b0a3\":\"$f9\",\"05f865ef-4960-439b-9fca-9e7d70dfbe39\":\"$10b\",\"a0111527-6756-4576-8c52-5a7f3a032b20\":\"$11d\",\"af385f5f-f61b-47af-a235-7dc48efd251e\":\"$169\",\"2bfd3478-c381-432c-a7ec-53fa803668ee\":\"$1ab\"}}}]\n"])</script><script>self.__next_f.push([1,"a:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"Continuous Diagnostics and Mitigation (CDM) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems\"}],[\"$\",\"link\",\"4\",{\"rel\":\"canonical\",\"href\":\"https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm\"}],[\"$\",\"meta\",\"5\",{\"name\":\"google-site-verification\",\"content\":\"GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"Continuous Diagnostics and Mitigation (CDM) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"10\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"11\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"12\",{\"property\":\"og:image\",\"content\":\"https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"meta\",\"13\",{\"property\":\"og:type\",\"content\":\"website\"}],[\"$\",\"meta\",\"14\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"15\",{\"name\":\"twitter:title\",\"content\":\"Continuous Diagnostics and Mitigation (CDM) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"16\",{\"name\":\"twitter:description\",\"content\":\"Automated scanning and risk analysis to strengthen the security posture of CMS FISMA systems\"}],[\"$\",\"meta\",\"17\",{\"name\":\"twitter:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"18\",{\"name\":\"twitter:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"19\",{\"name\":\"twitter:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"20\",{\"name\":\"twitter:image\",\"content\":\"https://security.cms.gov/learn/continuous-diagnostics-and-mitigation-cdm/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"link\",\"21\",{\"rel\":\"icon\",\"href\":\"/favicon.ico\",\"type\":\"image/x-icon\",\"sizes\":\"48x48\"}]]\n"])</script><script>self.__next_f.push([1,"4:null\n"])</script></body></html>
Reference in a new issue View git blame Copy permalink