1 line
No EOL
210 KiB
Text
1 line
No EOL
210 KiB
Text
<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" as="image" href="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg" fetchPriority="high"/><link rel="stylesheet" href="/_next/static/css/ef46db3751d8e999.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/0759e90f4fecfde7.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-182b67d00f496f9d.js"/><script src="/_next/static/chunks/fd9d1056-ad09c71b7719f2fb.js" async=""></script><script src="/_next/static/chunks/23-260042deb5df7a88.js" async=""></script><script src="/_next/static/chunks/main-app-6de3c3100b91a0a9.js" async=""></script><script src="/_next/static/chunks/30-49b1c1429d73281d.js" async=""></script><script src="/_next/static/chunks/317-0f87feacc1712b2f.js" async=""></script><script src="/_next/static/chunks/223-bc9ed43510898bbb.js" async=""></script><script src="/_next/static/chunks/app/layout-9fc24027bc047aa2.js" async=""></script><script src="/_next/static/chunks/972-6e520d137ef194fb.js" async=""></script><script src="/_next/static/chunks/app/page-cc829e051925e906.js" async=""></script><script src="/_next/static/chunks/app/template-d264bab5e3061841.js" async=""></script><script src="/_next/static/chunks/e37a0b60-b74be3d42787b18d.js" async=""></script><script src="/_next/static/chunks/904-dbddf7494c3e6975.js" async=""></script><script src="/_next/static/chunks/549-c87c1c3bbacc319f.js" async=""></script><script src="/_next/static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js" async=""></script><link rel="preload" href="/assets/javascript/uswds-init.min.js" as="script"/><link rel="preload" href="/assets/javascript/uswds.min.js" as="script"/><title>Data Sharing Agreements | CMS Information Security & Privacy Group</title><meta name="description" content="Agreements that establish how data will be managed and protected when shared between CMS and another agency"/><link rel="canonical" href="https://security.cms.gov/learn/data-sharing-agreements"/><meta name="google-site-verification" content="GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M"/><meta property="og:title" content="Data Sharing Agreements | CMS Information Security & Privacy Group"/><meta property="og:description" content="Agreements that establish how data will be managed and protected when shared between CMS and another agency"/><meta property="og:url" content="https://security.cms.gov/learn/data-sharing-agreements"/><meta property="og:image:type" content="image/jpeg"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta property="og:image" content="https://security.cms.gov/learn/data-sharing-agreements/opengraph-image.jpg?d21225707c5ed280"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="Data Sharing Agreements | CMS Information Security & Privacy Group"/><meta name="twitter:description" content="Agreements that establish how data will be managed and protected when shared between CMS and another agency"/><meta name="twitter:image:type" content="image/jpeg"/><meta name="twitter:image:width" content="1200"/><meta name="twitter:image:height" content="630"/><meta name="twitter:image" content="https://security.cms.gov/learn/data-sharing-agreements/opengraph-image.jpg?d21225707c5ed280"/><link rel="icon" href="/favicon.ico" type="image/x-icon" sizes="48x48"/><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds-init.min.js",{}])</script><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body><a class="usa-skipnav" href="#main">Skip to main content</a><section class="usa-banner" aria-label="Official website of the United States government"><div class="usa-accordion"><header class="usa-banner__header"><div class="usa-banner__inner"><div class="grid-col-auto"><img aria-hidden="true" alt="" loading="lazy" width="16" height="11" decoding="async" data-nimg="1" class="usa-banner__header-flag" style="color:transparent" srcSet="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&w=16&q=75 1x, /_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&w=32&q=75 2x" src="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&w=32&q=75"/></div><div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"><p class="usa-banner__header-text">An official website of the United States government</p><p class="usa-banner__header-action">Here's how you know</p></div><button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default-default"><span class="usa-banner__button-text">Here's how you know</span></button></div></header><div class="usa-banner__content usa-accordion__content" id="gov-banner-default-default" hidden=""><div class="grid-row grid-gap-lg"><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-dot-gov.3e9cb1b5.svg"/><div class="usa-media-block__body"><p><strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States.</p></div></div><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-https.e7f1a222.svg"/><div class="usa-media-block__body"><p><strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> (<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"><title id="banner-lock-title-default">Lock</title><desc id="banner-lock-description-default">Locked padlock icon</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"></path></svg></span>) or <strong>https://</strong> means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.</p></div></div></div></div></div></section><div class="usa-overlay"></div><header class="usa-header usa-header--extended"><div class="bg-primary-dark"><div class="usa-navbar"><div class="usa-logo padding-y-4 padding-right-3" id="CyberGeek-logo"><a title="CMS CyberGeek Home" href="/"><img alt="CyberGeek logo" fetchPriority="high" width="298" height="35" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a></div><button aria-label="Open menu" type="button" class="usa-menu-btn" data-cy="menu-button">Menu</button></div></div><nav aria-label="Primary navigation" class="usa-nav padding-0 desktop:width-auto bg-white grid-container float-none"><div class="usa-nav__inner"><button type="button" class="usa-nav__close margin-0"><img alt="Close" loading="lazy" width="24" height="24" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/close.1fafc2aa.svg"/></button><ul class="usa-nav__primary usa-accordion"><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="roles"><span>Roles</span></button><ul id="roles" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Roles</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/information-system-security-officer-isso">Information System Security Officer (ISSO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook"><span>ISSO Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos"><span>Getting started (for new ISSOs)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-mentorship-program"><span>ISSO Mentorship Program</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#training"><span>ISSO Training</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/data-guardian">Data Guardian</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/data-guardian-handbook"><span>Data Guardian Handbook</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cyber-risk-advisor-cra">Cyber Risk Advisor (CRA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters"><span>Risk Management Handbook (RMH)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/business-system-owner">Business / System Owner (BO/SO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity and Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-service"><span>ISSO As A Service</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="compliance-authorization"><span>Compliance & Authorization</span></button><ul id="compliance-authorization" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Compliance & Authorization</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/authorization-operate-ato">Authorization to Operate (ATO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato"><span>About ATO at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#types-of-authorizations"><span>Types of authorizations</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#ato-stakeholders"><span>ATO stakeholders</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#related-documents-and-resources"><span>ATO tools and resources</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-technical-reference-architecture-tra"><span>CMS Technical Reference Architecture (TRA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/ongoing-authorization-oa">Ongoing Authorization (OA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa"><span>About OA at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa"><span>OA eligibility requirements</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Assessments & Audits</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/security-impact-analysis-sia"><span>Security Impact Analysis (SIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-audits"><span>System Audits</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="policy-guidance"><span>Policy & Guidance</span></button><ul id="policy-guidance" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Policy & Guidance</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cms-policies-and-guidance">CMS Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-acceptable-risk-safeguards-ars"><span>CMS Acceptable Risk Safeguards (ARS)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-systems-security-privacy-policy-is2p2"><span>CMS Information Security and Privacy Policy (IS2P2)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-risk-management-framework-rmf"><span>CMS Risk Management Framework (RMF)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/email-encryption-requirements-cms"><span>CMS Email Encryption</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/federal-policies-and-guidance">Federal Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/national-institute-standards-and-technology-nist"><span>National Institute of Standards and Technology (NIST)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/federal-information-security-modernization-act-fisma"><span>Federal Information Security Modernization Act (FISMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/fedramp"><span>Federal Risk and Authorization Management Program (FedRAMP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="system-security"><span>System Security</span></button><ul id="system-security" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">System Security</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/application-security">Application Security</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/software-bill-materials-sbom"><span>Software Bill of Materials (SBOM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/security-operations">Security Operations</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir"><span>Incident Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/risk-management-and-reporting">Risk Management and Reporting</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/plan-action-and-milestones-poam"><span>Plan of Action and Milestones (POA&M)</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="privacy"><span>Privacy</span></button><ul id="privacy" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Privacy</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Agreements</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Activities</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/breach-response"><span>Breach Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-records-notice-sorn"><span>System of Records Notice (SORN)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Resources</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/ispg/privacy"><span>Privacy at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-breach-response-handbook"><span>CMS Breach Response Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/health-insurance-portability-and-accountability-act-1996-hipaa"><span>Health Insurance Portability and Accessibility Act (HIPAA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-privacy-impact-assessment-pia-handbook"><span>CMS Privacy Impact Assessment (PIA) Handbook</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="tools-services"><span>Tools & Services</span></button><ul id="tools-services" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Tools & Services</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Reporting & Compliance</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/isso-service"><span>ISSO As A Service</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-fisma-continuous-tracking-system-cfacts"><span>CFACTS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports and Dashboards</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">System Security</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-security-data-lake-sdl"><span>CMS Security Data Lake (SDL)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Tests & Assessments</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li></ul></section></div></li></ul></li></ul><div class="usa-nav__secondary padding-left-2"><section aria-label="Header search box"><form class="usa-search usa-search--small" role="search" action="/search"><label class="usa-sr-only" for="header-search-box">Search</label><input class="usa-input search__input" id="header-search-box" type="search" name="ispg[query]"/><button aria-label="header search box button" class="usa-button" id="header-search-box-btn" type="submit"><svg aria-describedby="searchIcon" class="usa-icon" aria-hidden="true" focusable="false" role="img"><title id="searchIcon">Search</title><use href="/assets/img/sprite.svg#search"></use></svg></button></form></section></div></div></nav></header><main id="main"><div id="template"><!--$--><!--/$--><section class="hero hero--theme-explainer undefined"><div class="maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7"><div class="tablet:grid-container position-relative "><div class="hero__row grid-row grid-gap"><div class="tablet:grid-col-5 widescreen:position-relative"></div><div class="hero__column tablet:grid-col-7 flow padding-bottom-2"><h1 class="hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2">Data Sharing Agreements</h1><p class="hero__description">Agreements that establish how data will be managed and protected when shared between CMS and another agency</p><div class="hero__meta radius-lg padding-x-2 padding-y-1 bg-white font-sans-2xs line-height-sans-5 display-inline-block text-primary-darker">Contact: <span class="text-bold">Privacy Office</span><span class="hidden-mobile"> | </span><span class="break-mobile"><a href="mailto:privacy@cms.hhs.gov">privacy@cms.hhs.gov</a></span></div></div><div class="tablet:position-absolute tablet:top-0"><div class="[ flow ] bg-primary-light radius-lg padding-2 text-base-darkest maxw-mobile"><div class="display-flex flex-align-center font-sans-lg margin-bottom-2 text-italic desktop:text-no-wrap"><img alt="slack logo" loading="lazy" width="21" height="21" decoding="async" data-nimg="1" class="display-inline margin-right-1" style="color:transparent" src="/_next/static/media/slackLogo.f5836093.svg"/>CMS Slack Channel</div><ul class="add-list-reset"><li class="line-height-sans-5 margin-top-0">#ispg-privacy-agreement-consults</li></ul></div></div></div></div></div></section><div class="grid-container"><div class="grid-row grid-gap margin-top-5"><div class="tablet:grid-col-4"><nav class="table-of-contents overflow-y-auto overflow-x-hidden position-sticky top-3 padding-1 radius-lg shadow-2 display-none tablet:display-block" aria-label="Table of contents"><div class="text-uppercase text-bold border-bottom border-base-lighter padding-bottom-1">Table of Contents</div><p class="text-italic text-base font-sans-xs">No table of content entries to display.</p></nav></div><div class="tablet:grid-col-8 content"><section><div class="text-block text-block--theme-explainer"><h2 dir="ltr">What is a Data Sharing Agreement?</h2><p dir="ltr">Whenever information or data will be shared between CMS and another agency, there are formal agreements that establish how the information will be shared and how it will be protected. </p><h2 dir="ltr">What type of agreement do I need?</h2><p dir="ltr">The CMS Privacy Office can help you determine the kind of agreement you need, based on the type of data that is being shared and the purpose for the sharing or comparing of data between agencies. The following guidance can get you started in the right direction.</p><h3 dir="ltr">When PII / PHI is involved</h3><p dir="ltr">If the data that will be shared includes protected health information (PHI) and/or personally identifiable information (PII), it’s likely that the CMS Privacy Office will be your point of contact to establish the required agreement. Email them at <a href="mailto:privacy@cms.hhs.gov">privacy@cms.hhs.gov</a> to confirm what kind of agreement you need.</p><h4 dir="ltr">Computer Matching Agreement (CMA)</h4><p dir="ltr">You might need a <strong>Computer Matching Agreement (CMA)</strong> if:</p><ul><li dir="ltr">A computer matching program is being proposed</li><li dir="ltr">Two or more automated systems of record are being compared between agencies</li><li dir="ltr">The data comparison will have an impact on individuals’ federal benefits</li><li dir="ltr">The data comparison will be used to recoup payments, investigate fraud, or verify compliance with federal benefits programs</li></ul><p dir="ltr"><a href="https://security.cms.gov/learn/cms-computer-matching-agreement-cma"><strong>Learn more about CMAs here</strong></a>.</p><h4 dir="ltr">Information Exchange Agreement (IEA)</h4><p dir="ltr">You might need an <strong>Information Exchange Agreement (IEA)</strong> if:</p><ul><li dir="ltr">CMS PII will be exchanged with another HHS OpDiv, or with a federal or state agency</li><li dir="ltr">There is no adverse impact on an individual’s federal benefits</li></ul><p dir="ltr"><a href="https://security.cms.gov/learn/cms-information-exchange-agreement-iea"><strong>Learn more about IEAs here</strong></a>.</p><h4 dir="ltr">Data Use Agreement (DUA)</h4><p dir="ltr">You might need a <strong>Data Use Agreement (DUA)</strong> if:</p><ul><li dir="ltr">Another agency is asking for disclosure of PII and/or PHI from CMS</li></ul><p dir="ltr">When requests for disclosures of protected health information (PHI) and/or personally identifiable information (PII) are made to CMS, a Data Use Agreement (DUA) is signed to ensure that data requesters adhere to CMS privacy and security requirements and data release policies. Learn more about <a href="https://www.cms.gov/data-research/files-for-order/data-disclosures-and-data-use-agreements-duas">Data Disclosures and Data Use Agreements on cms.gov</a>.</p><p dir="ltr"><strong>DUAs are not managed by the CMS Privacy Office</strong>. They are administered by the <a href="https://www.cms.gov/about-cms/leadership/office-enterprise-data-analytics">CMS Office of Enterprise Data and Analytics</a>. To learn more or get help with a DUA, email: <a href="mailto:DataUseAgreement@cms.hhs.gov">DataUseAgreement@cms.hhs.gov</a>.</p><p dir="ltr"><em>Note: There are times when a DUA must be accompanied by an IEA.</em></p><h3 dir="ltr">When PII / PHI is not involved</h3><p dir="ltr">For data sharing that does <strong>not</strong> include protected health information (PHI) and/or personally identifiable information (PII), it is likely you need an agreement that is not managed by the CMS Privacy Office. Several types of agreements are listed below, along with the appropriate CMS Office to contact for more information.</p><h4 dir="ltr">Inter-Agency/Intra-Agency Agreements (IAA)</h4><p dir="ltr">This is a written contract in which a Federal agency agrees to provide to, purchase from, or exchange with another Federal agency:</p><ul><li dir="ltr">Services (including data)</li><li dir="ltr">Supplies</li><li dir="ltr">Equipment</li></ul><p dir="ltr"><strong>Inter-agency</strong> agreements are between at least one component within DHHS and another Federal agency or component thereof. <strong>Intra-agency</strong> agreements are between two or more agencies within DHHS. Many federal agencies use IAAs as the mechanism for paying data fees. </p><p dir="ltr"><strong>IAAs are not managed by the CMS Privacy Office</strong>. They are administered by the <a href="https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management">CMS Office of Acquisition and Grants Management</a>. To learn about the agreements available from OAGM (including IAAs), email: <a href="mailto:InterAgencyAgreements@cms.hhs.gov">InterAgencyAgreements@cms.hhs.gov</a> </p><h4 dir="ltr">Memorandum of Understanding (MOU)</h4><p dir="ltr">A Memorandum of Understanding (MOU) is an important part of any formal arrangement for cooperation between two or more federal agencies. It serves as a statement of intent between the participating organizations to work together to achieve a shared goal.</p><p dir="ltr">Many CMS systems share data with other systems within CMS and across different agencies. To safeguard the data they share, it often makes sense for connected systems to enter into security agreements. An MOU is signed between two or more systems approved under the same Authorization Official (AO) at CMS.</p><p dir="ltr">If your data sharing partner is located outside CMS and their system is approved by a different Authorization Official (AO), you will need an <a href="https://security.cms.gov/learn/cms-interconnection-security-agreement-isa">Interconnection Security Agreement (ISA)</a> instead of a MOU.</p><p dir="ltr"><strong>MOUs are not managed by the CMS Privacy Office</strong>. They are administered by the <a href="https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management">CMS Office of Acquisition and Grants Management</a>. To learn about the agreements available from OAGM (including MOUs), email: <a href="mailto:InterAgencyAgreements@cms.hhs.gov">InterAgencyAgreements@cms.hhs.gov</a>.</p><p><em>Are you looking for information about <strong>Memorandum of Agreement (MOA)</strong>? This is the same thing as an MOU. At CMS, Memorandum of Agreement has been replaced by Memorandum of Understanding, although some legacy MOAs still remain in use.</em></p></div></section></div></div></div><div class="cg-cards grid-container"><h2 class="cg-cards__heading" id="related-documents-and-resources">Related documents and resources</h2><ul aria-label="cards" class="usa-card-group"><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/cms-information-exchange-agreement-iea">CMS Information Exchange Agreement (IEA)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Business Owners and Privacy Advisors working together to determine the terms of sharing PII with other federal or state agencies</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/cms-computer-matching-agreement-cma">CMS Computer Matching Agreement (CMA)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Written agreement used in the comparison of automated systems of record between federal or state agencies</p></div></div></li></ul></div></div></main><footer class="usa-footer usa-footer--slim"><div class="grid-container"><div class="grid-row flex-align-end"><div class="grid-col"><div class="usa-footer__return-to-top"><a class="font-sans-xs" href="#">Return to top</a></div></div><div class="grid-col padding-bottom-2 padding-top-4 display-flex flex-justify-end"><a class="usa-button" href="/feedback">Give feedback</a></div></div></div><div class="usa-footer__primary-section"><div class="usa-footer__primary-container grid-row"><div class="tablet:grid-col-3"><a class="usa-footer__primary-link" href="/"><img alt="CyberGeek logo" loading="lazy" width="142" height="26" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a><p class="usa-footer__logo-heading display-none tablet-lg:display-block">The official website of the CMS Information Security and Privacy Group (ISPG)</p></div><div class="tablet:grid-col-12 tablet-lg:grid-col-9"><nav class="usa-footer__nav" aria-label="Footer navigation,"><ul class="grid-row grid-gap"><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="/learn/about-ispg-cybergeek">What is CyberGeek?</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/privacy">Privacy policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/about-cms/information-systems/privacy/vulnerability-disclosure-policy">CMS Vulnerability Disclosure Policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/About-CMS/Agency-Information/Aboutwebsite/Policiesforaccessibility">Accessibility</a></li></ul></nav></div></div></div><div class="usa-footer__secondary-section"><div class="grid-container"><div class="usa-footer__logo grid-row grid-gap-2"><div class="mobile-lg:grid-col-3"><a href="https://www.cms.gov/"><img alt="CMS homepage" loading="lazy" width="124" height="29" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/cmsLogo.10a64ce4.svg"/></a></div><div class="mobile-lg:grid-col-7"><p class="font-sans-3xs line-height-sans-3">A federal government website managed and paid for by the U.S. Centers for Medicare & Medicaid Services.</p><address class="font-sans-3xs line-height-sans-3">7500 Security Boulevard, Baltimore, MD 21244</address></div></div></div></div></footer><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds.min.js",{}])</script><script src="/_next/static/chunks/webpack-182b67d00f496f9d.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/ef46db3751d8e999.css\",\"style\"]\n2:HL[\"/_next/static/css/0759e90f4fecfde7.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"3:I[5751,[],\"\"]\n6:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\nb:I[6130,[],\"\"]\n7:[\"slug\",\"data-sharing-agreements\",\"d\"]\nc:[]\n0:[\"$\",\"$L3\",null,{\"buildId\":\"m9SaS4P6zugJbBHpXSk5Y\",\"assetPrefix\":\"\",\"urlParts\":[\"\",\"learn\",\"data-sharing-agreements\"],\"initialTree\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"data-sharing-agreements\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"data-sharing-agreements\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L4\",\"$L5\",null],null],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/ef46db3751d8e999.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/0759e90f4fecfde7.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],\"$L9\"],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$La\"],\"globalErrorComponent\":\"$b\",\"missingSlots\":\"$Wc\"}]\n"])</script><script>self.__next_f.push([1,"d:I[4080,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"\"]\ne:I[8173,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"Image\"]\nf:I[7529,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n11:I[231,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"\"]\n12:I[7303,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n13:I[8521,[\"489\",\"static/chunks/app/template-d264bab5e3061841.js\"],\"default\"]\n14:I[5922,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"default\"]\n15:I[7182,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n16:I[4180,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"TealiumTagManager\"]\n10:Tdced,"])</script><script>self.__next_f.push([1,"{\"id\":\"mega-menu\",\"linkset\":{\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87},\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87,\"tree\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]}]}"])</script><script>self.__next_f.push([1,"9:[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[[\"$\",\"head\",null,{\"children\":[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds-init.min.js\",\"strategy\":\"beforeInteractive\"}]}],[\"$\",\"body\",null,{\"children\":[[[\"$\",\"a\",null,{\"className\":\"usa-skipnav\",\"href\":\"#main\",\"children\":\"Skip to main content\"}],[\"$\",\"section\",null,{\"className\":\"usa-banner\",\"aria-label\":\"Official website of the United States government\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-accordion\",\"children\":[[\"$\",\"header\",null,{\"className\":\"usa-banner__header\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-banner__inner\",\"children\":[[\"$\",\"div\",null,{\"className\":\"grid-col-auto\",\"children\":[\"$\",\"$Le\",null,{\"aria-hidden\":\"true\",\"className\":\"usa-banner__header-flag\",\"src\":\"/assets/img/us_flag_small.png\",\"alt\":\"\",\"width\":\"16\",\"height\":\"11\"}]}],[\"$\",\"div\",null,{\"className\":\"grid-col-fill tablet:grid-col-auto\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"p\",null,{\"className\":\"usa-banner__header-text\",\"children\":\"An official website of the United States government\"}],[\"$\",\"p\",null,{\"className\":\"usa-banner__header-action\",\"children\":\"Here's how you know\"}]]}],[\"$\",\"button\",null,{\"type\":\"button\",\"className\":\"usa-accordion__button usa-banner__button\",\"aria-expanded\":\"false\",\"aria-controls\":\"gov-banner-default-default\",\"children\":[\"$\",\"span\",null,{\"className\":\"usa-banner__button-text\",\"children\":\"Here's how you know\"}]}]]}]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__content usa-accordion__content\",\"id\":\"gov-banner-default-default\",\"hidden\":true,\"children\":[\"$\",\"div\",null,{\"className\":\"grid-row grid-gap-lg\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-dot-gov.3e9cb1b5.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Official websites use .gov\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\".gov\"}],\" website belongs to an official government organization in the United States.\"]}]}]]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-https.e7f1a222.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Secure .gov websites use HTTPS\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\"lock\"}],\" (\",[\"$\",\"span\",null,{\"className\":\"icon-lock\",\"children\":[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":\"52\",\"height\":\"64\",\"viewBox\":\"0 0 52 64\",\"className\":\"usa-banner__lock-image\",\"role\":\"img\",\"aria-labelledby\":\"banner-lock-description-default\",\"focusable\":\"false\",\"children\":[[\"$\",\"title\",null,{\"id\":\"banner-lock-title-default\",\"children\":\"Lock\"}],[\"$\",\"desc\",null,{\"id\":\"banner-lock-description-default\",\"children\":\"Locked padlock icon\"}],[\"$\",\"path\",null,{\"fill\":\"#000000\",\"fillRule\":\"evenodd\",\"d\":\"M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z\"}]]}]}],\") or \",[\"$\",\"strong\",null,{\"children\":\"https://\"}],\" means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.\"]}]}]]}]]}]}]]}]}]],[\"$\",\"$Lf\",null,{\"value\":\"$10\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-overlay\"}],[\"$\",\"header\",null,{\"className\":\"usa-header usa-header--extended\",\"children\":[[\"$\",\"div\",null,{\"className\":\"bg-primary-dark\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-navbar\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-logo padding-y-4 padding-right-3\",\"id\":\"CyberGeek-logo\",\"children\":[\"$\",\"$L11\",null,{\"href\":\"/\",\"title\":\"CMS CyberGeek Home\",\"children\":[\"$\",\"$Le\",null,{\"src\":{\"src\":\"/_next/static/media/CyberGeek-logo.8e9bbd2b.svg\",\"height\":50,\"width\":425,\"blurWidth\":0,\"blurHeight\":0},\"alt\":\"CyberGeek logo\",\"width\":\"298\",\"height\":\"35\",\"priority\":true}]}]}],[\"$\",\"button\",null,{\"aria-label\":\"Open menu\",\"type\":\"button\",\"className\":\"usa-menu-btn\",\"data-cy\":\"menu-button\",\"children\":\"Menu\"}]]}]}],[\"$\",\"$L12\",null,{}]]}]]}],[\"$\",\"main\",null,{\"id\":\"main\",\"children\":[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L13\",null,{\"children\":[\"$\",\"$L8\",null,{}]}],\"templateStyles\":[],\"templateScripts\":[],\"notFound\":[\"$\",\"section\",null,{\"className\":\"hero hero--theme-content-not-found undefined\",\"children\":[[\"$\",\"$Le\",null,{\"alt\":\"404 page not found\",\"className\":\"hero__graphic\",\"priority\":true,\"src\":{\"src\":\"/_next/static/media/content-not-found-graphic.8f104f47.svg\",\"height\":551,\"width\":948,\"blurWidth\":0,\"blurHeight\":0}}],[\"$\",\"div\",null,{\"className\":\"maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7\",\"children\":[\"$\",\"div\",null,{\"className\":\"tablet:grid-container position-relative \",\"children\":[\"$\",\"div\",null,{\"className\":\"hero__row grid-row grid-gap\",\"children\":[[\"$\",\"div\",null,{\"className\":\"tablet:grid-col-5 widescreen:position-relative\",\"children\":[false,false]}],[\"$\",\"div\",null,{\"className\":\"hero__column tablet:grid-col-7 flow padding-bottom-2\",\"children\":[\"$undefined\",\"$undefined\",false,[\"$\",\"h1\",null,{\"className\":\"hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2\",\"children\":\"We can't find that page.\"}],\"$undefined\",\"$undefined\",false,[\"$\",\"div\",null,{\"children\":[[\"$\",\"div\",null,{\"className\":\"hero__description\",\"children\":[[\"The page you're looking for may have been moved or retired. You can\",\" \",[\"$\",\"$L11\",null,{\"href\":\"/\",\"children\":\"visit our home page\"}],\" or use the search box to find helpful resources.\"]]}],[\"$\",\"div\",null,{\"className\":\"margin-top-6 search-container\",\"children\":[\"$\",\"$L14\",null,{\"theme\":\"content-not-found\"}]}]]}],false]}],false,false]}]}]}]]}],\"notFoundStyles\":[]}]}],[\"$\",\"$L15\",null,{}],[\"$\",\"$L16\",null,{}],[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds.min.js\",\"strategy\":\"beforeInteractive\"}]]}]]}]\n"])</script><script>self.__next_f.push([1,"17:I[9461,[\"866\",\"static/chunks/e37a0b60-b74be3d42787b18d.js\",\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"904\",\"static/chunks/904-dbddf7494c3e6975.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"549\",\"static/chunks/549-c87c1c3bbacc319f.js\",\"192\",\"static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js\"],\"default\"]\n18:T1953,"])</script><script>self.__next_f.push([1,"\u003ch2 dir=\"ltr\"\u003eWhat is a Data Sharing Agreement?\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eWhenever information or data will be shared between CMS and another agency, there are formal agreements that establish how the information will be shared and how it will be protected.\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eWhat type of agreement do I need?\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eThe CMS Privacy Office can help you determine the kind of agreement you need, based on the type of data that is being shared and the purpose for the sharing or comparing of data between agencies. The following guidance can get you started in the right direction.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eWhen PII / PHI is involved\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eIf the data that will be shared includes protected health information (PHI) and/or personally identifiable information (PII), it’s likely that the CMS Privacy Office will be your point of contact to establish the required agreement. Email them at\u0026nbsp;\u003ca href=\"mailto:privacy@cms.hhs.gov\"\u003eprivacy@cms.hhs.gov\u003c/a\u003e to confirm what kind of agreement you need.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eComputer Matching Agreement (CMA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need a\u0026nbsp;\u003cstrong\u003eComputer Matching Agreement (CMA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eA computer matching program is being proposed\u003c/li\u003e\u003cli dir=\"ltr\"\u003eTwo or more automated systems of record are being compared between agencies\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThe data comparison will have an impact on individuals’ federal benefits\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThe data comparison will be used to recoup payments, investigate fraud, or verify compliance with federal benefits programs\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/cms-computer-matching-agreement-cma\"\u003e\u003cstrong\u003eLearn more about CMAs here\u003c/strong\u003e\u003c/a\u003e.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eInformation Exchange Agreement (IEA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need an\u0026nbsp;\u003cstrong\u003eInformation Exchange Agreement (IEA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eCMS PII will be exchanged with another HHS OpDiv, or with a federal or state agency\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThere is no adverse impact on an individual’s federal benefits\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/cms-information-exchange-agreement-iea\"\u003e\u003cstrong\u003eLearn more about IEAs here\u003c/strong\u003e\u003c/a\u003e.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eData Use Agreement (DUA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need a\u0026nbsp;\u003cstrong\u003eData Use Agreement (DUA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eAnother agency is asking for disclosure of PII and/or PHI from CMS\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eWhen requests for disclosures of protected health information (PHI) and/or personally identifiable information (PII) are made to CMS, a Data Use Agreement (DUA) is signed to ensure that data requesters adhere to CMS privacy and security requirements and data release policies. Learn more about\u0026nbsp;\u003ca href=\"https://www.cms.gov/data-research/files-for-order/data-disclosures-and-data-use-agreements-duas\"\u003eData Disclosures and Data Use Agreements on cms.gov\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDUAs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-enterprise-data-analytics\"\u003eCMS Office of Enterprise Data and Analytics\u003c/a\u003e. To learn more or get help with a DUA, email:\u0026nbsp;\u003ca href=\"mailto:DataUseAgreement@cms.hhs.gov\"\u003eDataUseAgreement@cms.hhs.gov\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cem\u003eNote: There are times when a DUA must be accompanied by an IEA.\u003c/em\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eWhen PII / PHI is not involved\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eFor data sharing that does\u0026nbsp;\u003cstrong\u003enot\u003c/strong\u003e include protected health information (PHI) and/or personally identifiable information (PII), it is likely you need an agreement that is not managed by the CMS Privacy Office. Several types of agreements are listed below, along with the appropriate CMS Office to contact for more information.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eInter-Agency/Intra-Agency Agreements (IAA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eThis is a written contract in which a Federal agency agrees to provide to, purchase from, or exchange with another Federal agency:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eServices (including data)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSupplies\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEquipment\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eInter-agency\u003c/strong\u003e agreements are between at least one component within DHHS and another Federal agency or component thereof.\u0026nbsp;\u003cstrong\u003eIntra-agency\u003c/strong\u003e agreements are between two or more agencies within DHHS. Many federal agencies use IAAs as the mechanism for paying data fees.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eIAAs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management\"\u003eCMS Office of Acquisition and Grants Management\u003c/a\u003e. To learn about the agreements available from OAGM (including IAAs), email:\u0026nbsp;\u003ca href=\"mailto:InterAgencyAgreements@cms.hhs.gov\"\u003eInterAgencyAgreements@cms.hhs.gov\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eMemorandum of Understanding (MOU)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eA Memorandum of Understanding (MOU) is an important part of any formal arrangement for cooperation between two or more federal agencies. It serves as a statement of intent between the participating organizations to work together to achieve a shared goal.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMany CMS systems share data with other systems within CMS and across different agencies. To safeguard the data they share, it often makes sense for connected systems to enter into security agreements. An MOU is signed between two or more systems approved under the same Authorization Official (AO) at CMS.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf your data sharing partner is located outside CMS and their system is approved by a different Authorization Official (AO), you will need an\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-interconnection-security-agreement-isa\"\u003eInterconnection Security Agreement (ISA)\u003c/a\u003e instead of a MOU.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eMOUs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management\"\u003eCMS Office of Acquisition and Grants Management\u003c/a\u003e. To learn about the agreements available from OAGM (including MOUs), email:\u0026nbsp;\u003ca href=\"mailto:InterAgencyAgreements@cms.hhs.gov\"\u003eInterAgencyAgreements@cms.hhs.gov\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cem\u003eAre you looking for information about\u0026nbsp;\u003cstrong\u003eMemorandum of Agreement (MOA)\u003c/strong\u003e? This is the same thing as an MOU. At CMS, Memorandum of Agreement has been replaced by Memorandum of Understanding, although some legacy MOAs still remain in use.\u003c/em\u003e\u003c/p\u003e"])</script><script>self.__next_f.push([1,"19:T1953,"])</script><script>self.__next_f.push([1,"\u003ch2 dir=\"ltr\"\u003eWhat is a Data Sharing Agreement?\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eWhenever information or data will be shared between CMS and another agency, there are formal agreements that establish how the information will be shared and how it will be protected.\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eWhat type of agreement do I need?\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eThe CMS Privacy Office can help you determine the kind of agreement you need, based on the type of data that is being shared and the purpose for the sharing or comparing of data between agencies. The following guidance can get you started in the right direction.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eWhen PII / PHI is involved\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eIf the data that will be shared includes protected health information (PHI) and/or personally identifiable information (PII), it’s likely that the CMS Privacy Office will be your point of contact to establish the required agreement. Email them at\u0026nbsp;\u003ca href=\"mailto:privacy@cms.hhs.gov\"\u003eprivacy@cms.hhs.gov\u003c/a\u003e to confirm what kind of agreement you need.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eComputer Matching Agreement (CMA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need a\u0026nbsp;\u003cstrong\u003eComputer Matching Agreement (CMA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eA computer matching program is being proposed\u003c/li\u003e\u003cli dir=\"ltr\"\u003eTwo or more automated systems of record are being compared between agencies\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThe data comparison will have an impact on individuals’ federal benefits\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThe data comparison will be used to recoup payments, investigate fraud, or verify compliance with federal benefits programs\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/cms-computer-matching-agreement-cma\"\u003e\u003cstrong\u003eLearn more about CMAs here\u003c/strong\u003e\u003c/a\u003e.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eInformation Exchange Agreement (IEA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need an\u0026nbsp;\u003cstrong\u003eInformation Exchange Agreement (IEA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eCMS PII will be exchanged with another HHS OpDiv, or with a federal or state agency\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThere is no adverse impact on an individual’s federal benefits\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/cms-information-exchange-agreement-iea\"\u003e\u003cstrong\u003eLearn more about IEAs here\u003c/strong\u003e\u003c/a\u003e.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eData Use Agreement (DUA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need a\u0026nbsp;\u003cstrong\u003eData Use Agreement (DUA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eAnother agency is asking for disclosure of PII and/or PHI from CMS\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eWhen requests for disclosures of protected health information (PHI) and/or personally identifiable information (PII) are made to CMS, a Data Use Agreement (DUA) is signed to ensure that data requesters adhere to CMS privacy and security requirements and data release policies. Learn more about\u0026nbsp;\u003ca href=\"https://www.cms.gov/data-research/files-for-order/data-disclosures-and-data-use-agreements-duas\"\u003eData Disclosures and Data Use Agreements on cms.gov\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDUAs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-enterprise-data-analytics\"\u003eCMS Office of Enterprise Data and Analytics\u003c/a\u003e. To learn more or get help with a DUA, email:\u0026nbsp;\u003ca href=\"mailto:DataUseAgreement@cms.hhs.gov\"\u003eDataUseAgreement@cms.hhs.gov\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cem\u003eNote: There are times when a DUA must be accompanied by an IEA.\u003c/em\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eWhen PII / PHI is not involved\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eFor data sharing that does\u0026nbsp;\u003cstrong\u003enot\u003c/strong\u003e include protected health information (PHI) and/or personally identifiable information (PII), it is likely you need an agreement that is not managed by the CMS Privacy Office. Several types of agreements are listed below, along with the appropriate CMS Office to contact for more information.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eInter-Agency/Intra-Agency Agreements (IAA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eThis is a written contract in which a Federal agency agrees to provide to, purchase from, or exchange with another Federal agency:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eServices (including data)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSupplies\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEquipment\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eInter-agency\u003c/strong\u003e agreements are between at least one component within DHHS and another Federal agency or component thereof.\u0026nbsp;\u003cstrong\u003eIntra-agency\u003c/strong\u003e agreements are between two or more agencies within DHHS. Many federal agencies use IAAs as the mechanism for paying data fees.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eIAAs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management\"\u003eCMS Office of Acquisition and Grants Management\u003c/a\u003e. To learn about the agreements available from OAGM (including IAAs), email:\u0026nbsp;\u003ca href=\"mailto:InterAgencyAgreements@cms.hhs.gov\"\u003eInterAgencyAgreements@cms.hhs.gov\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eMemorandum of Understanding (MOU)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eA Memorandum of Understanding (MOU) is an important part of any formal arrangement for cooperation between two or more federal agencies. It serves as a statement of intent between the participating organizations to work together to achieve a shared goal.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMany CMS systems share data with other systems within CMS and across different agencies. To safeguard the data they share, it often makes sense for connected systems to enter into security agreements. An MOU is signed between two or more systems approved under the same Authorization Official (AO) at CMS.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf your data sharing partner is located outside CMS and their system is approved by a different Authorization Official (AO), you will need an\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-interconnection-security-agreement-isa\"\u003eInterconnection Security Agreement (ISA)\u003c/a\u003e instead of a MOU.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eMOUs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management\"\u003eCMS Office of Acquisition and Grants Management\u003c/a\u003e. To learn about the agreements available from OAGM (including MOUs), email:\u0026nbsp;\u003ca href=\"mailto:InterAgencyAgreements@cms.hhs.gov\"\u003eInterAgencyAgreements@cms.hhs.gov\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cem\u003eAre you looking for information about\u0026nbsp;\u003cstrong\u003eMemorandum of Agreement (MOA)\u003c/strong\u003e? This is the same thing as an MOU. At CMS, Memorandum of Agreement has been replaced by Memorandum of Understanding, although some legacy MOAs still remain in use.\u003c/em\u003e\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}\n1b:{\"self\":\"$1c\"}\n1f:[\"menu_ui\",\"scheduler\"]\n1e:{\"module\":\"$1f\"}\n22:[]\n21:{\"available_menus\":\"$22\",\"parent\":\"\"}\n23:{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}\n20:{\"menu_ui\":\"$21\",\"scheduler\":\"$23\"}\n1d:{\"langcode\":\"en\",\"status\":true,\"dependencies\":\"$1e\",\"third_party_settings\":\"$20\",\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}\n1a:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":\"$1b\",\"attributes\":\"$1d\"}\n26:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/e352e203-fe9c-47ba-af75-2c7f8302fca8\"}\n25:{\"self\":\"$26\"}\n27:{\"display_name\":\"mburgess\"}\n24:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"links\":\"$25\",\"attributes\":\"$27\"}\n2a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22?resourceVersion=id%3A131\"}\n29:{\"self\":\"$2a\"}\n2c:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n2b:{\"drupal_internal__tid\":131,\"drupal_internal__revision_id\":131,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:33+00:00\",\"status\":true,\"name\":\"General Information\",\"description\":null,\"weight\":2,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$2c\"}\n30:{\"drupal_internal__target_id\":\"resource_type\"}\n2f:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":\"$30\"}\n32:{\"href\":\""])</script><script>self.__next_f.push([1,"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/vid?resourceVersion=id%3A131\"}\n33:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/vid?resourceVersion=id%3A131\"}\n31:{\"related\":\"$32\",\"self\":\"$33\"}\n2e:{\"data\":\"$2f\",\"links\":\"$31\"}\n36:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/revision_user?resourceVersion=id%3A131\"}\n37:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/revision_user?resourceVersion=id%3A131\"}\n35:{\"related\":\"$36\",\"self\":\"$37\"}\n34:{\"data\":null,\"links\":\"$35\"}\n3e:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n3d:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$3e\"}\n3c:{\"help\":\"$3d\"}\n3b:{\"links\":\"$3c\"}\n3a:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":\"$3b\"}\n39:[\"$3a\"]\n40:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/parent?resourceVersion=id%3A131\"}\n41:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/parent?resourceVersion=id%3A131\"}\n3f:{\"related\":\"$40\",\"self\":\"$41\"}\n38:{\"data\":\"$39\",\"links\":\"$3f\"}\n2d:{\"vid\":\"$2e\",\"revision_user\":\"$34\",\"parent\":\"$38\"}\n28:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"links\":\"$29\",\"attributes\":\"$2b\",\"relationships\":\"$2d\"}\n44:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}\n43:{\"self\":\"$44\"}\n46:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n45:{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default"])</script><script>self.__next_f.push([1,"_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$46\"}\n4a:{\"drupal_internal__target_id\":\"roles\"}\n49:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$4a\"}\n4c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"}\n4d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}\n4b:{\"related\":\"$4c\",\"self\":\"$4d\"}\n48:{\"data\":\"$49\",\"links\":\"$4b\"}\n50:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"}\n51:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}\n4f:{\"related\":\"$50\",\"self\":\"$51\"}\n4e:{\"data\":null,\"links\":\"$4f\"}\n58:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n57:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$58\"}\n56:{\"help\":\"$57\"}\n55:{\"links\":\"$56\"}\n54:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$55\"}\n53:[\"$54\"]\n5a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"}\n5b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}\n59:{\"related\":\"$5a\",\"self\":\"$5b\"}\n52:{\"data\":\"$53\",\"links\":\"$59\"}\n47:{\"vid\":\"$48\",\"revision_user\":\"$4e\",\"parent\":\"$52\"}\n42:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":\"$43\",\"attributes\":\"$45\",\"relationships\":\"$47\"}\n5e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}\n5d:{\"self\":\"$5e\"}\n60:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n5f:{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-0"])</script><script>self.__next_f.push([1,"8-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$60\"}\n64:{\"drupal_internal__target_id\":\"roles\"}\n63:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$64\"}\n66:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"}\n67:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}\n65:{\"related\":\"$66\",\"self\":\"$67\"}\n62:{\"data\":\"$63\",\"links\":\"$65\"}\n6a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"}\n6b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}\n69:{\"related\":\"$6a\",\"self\":\"$6b\"}\n68:{\"data\":null,\"links\":\"$69\"}\n72:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n71:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$72\"}\n70:{\"help\":\"$71\"}\n6f:{\"links\":\"$70\"}\n6e:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$6f\"}\n6d:[\"$6e\"]\n74:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"}\n75:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}\n73:{\"related\":\"$74\",\"self\":\"$75\"}\n6c:{\"data\":\"$6d\",\"links\":\"$73\"}\n61:{\"vid\":\"$62\",\"revision_user\":\"$68\",\"parent\":\"$6c\"}\n5c:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":\"$5d\",\"attributes\":\"$5f\",\"relationships\":\"$61\"}\n78:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf?resourceVersion=id%3A31\"}\n77:{\"self\":\"$78\"}\n7a:{\"a"])</script><script>self.__next_f.push([1,"lias\":null,\"pid\":null,\"langcode\":\"en\"}\n79:{\"drupal_internal__tid\":31,\"drupal_internal__revision_id\":31,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:48+00:00\",\"status\":true,\"name\":\"Privacy\",\"description\":null,\"weight\":4,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$7a\"}\n7e:{\"drupal_internal__target_id\":\"topics\"}\n7d:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$7e\"}\n80:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/vid?resourceVersion=id%3A31\"}\n81:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/relationships/vid?resourceVersion=id%3A31\"}\n7f:{\"related\":\"$80\",\"self\":\"$81\"}\n7c:{\"data\":\"$7d\",\"links\":\"$7f\"}\n84:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/revision_user?resourceVersion=id%3A31\"}\n85:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/relationships/revision_user?resourceVersion=id%3A31\"}\n83:{\"related\":\"$84\",\"self\":\"$85\"}\n82:{\"data\":null,\"links\":\"$83\"}\n8c:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n8b:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$8c\"}\n8a:{\"help\":\"$8b\"}\n89:{\"links\":\"$8a\"}\n88:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$89\"}\n87:[\"$88\"]\n8e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/parent?resourceVersion=id%3A31\"}\n8f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/relationships/parent?resourceVersion=id%3A31\"}\n8d:{\"related\":\"$8e\",\"self\":\"$8f\"}\n86:{\"data\":\"$87\",\"links\":\"$8d\"}\n7b:{\"vid\":\"$7c\",\"revision_user\":\"$82\",\"parent\":\"$86\"}\n76:{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"links\":\"$77\",\"attributes\":\"$79\",\"relationships\":\"$7b\"}\n92:{\"href\":\"http"])</script><script>self.__next_f.push([1,"s://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939?resourceVersion=id%3A20116\"}\n91:{\"self\":\"$92\"}\n94:[]\n96:T1953,"])</script><script>self.__next_f.push([1,"\u003ch2 dir=\"ltr\"\u003eWhat is a Data Sharing Agreement?\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eWhenever information or data will be shared between CMS and another agency, there are formal agreements that establish how the information will be shared and how it will be protected.\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eWhat type of agreement do I need?\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eThe CMS Privacy Office can help you determine the kind of agreement you need, based on the type of data that is being shared and the purpose for the sharing or comparing of data between agencies. The following guidance can get you started in the right direction.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eWhen PII / PHI is involved\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eIf the data that will be shared includes protected health information (PHI) and/or personally identifiable information (PII), it’s likely that the CMS Privacy Office will be your point of contact to establish the required agreement. Email them at\u0026nbsp;\u003ca href=\"mailto:privacy@cms.hhs.gov\"\u003eprivacy@cms.hhs.gov\u003c/a\u003e to confirm what kind of agreement you need.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eComputer Matching Agreement (CMA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need a\u0026nbsp;\u003cstrong\u003eComputer Matching Agreement (CMA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eA computer matching program is being proposed\u003c/li\u003e\u003cli dir=\"ltr\"\u003eTwo or more automated systems of record are being compared between agencies\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThe data comparison will have an impact on individuals’ federal benefits\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThe data comparison will be used to recoup payments, investigate fraud, or verify compliance with federal benefits programs\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/cms-computer-matching-agreement-cma\"\u003e\u003cstrong\u003eLearn more about CMAs here\u003c/strong\u003e\u003c/a\u003e.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eInformation Exchange Agreement (IEA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need an\u0026nbsp;\u003cstrong\u003eInformation Exchange Agreement (IEA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eCMS PII will be exchanged with another HHS OpDiv, or with a federal or state agency\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThere is no adverse impact on an individual’s federal benefits\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/cms-information-exchange-agreement-iea\"\u003e\u003cstrong\u003eLearn more about IEAs here\u003c/strong\u003e\u003c/a\u003e.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eData Use Agreement (DUA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need a\u0026nbsp;\u003cstrong\u003eData Use Agreement (DUA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eAnother agency is asking for disclosure of PII and/or PHI from CMS\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eWhen requests for disclosures of protected health information (PHI) and/or personally identifiable information (PII) are made to CMS, a Data Use Agreement (DUA) is signed to ensure that data requesters adhere to CMS privacy and security requirements and data release policies. Learn more about\u0026nbsp;\u003ca href=\"https://www.cms.gov/data-research/files-for-order/data-disclosures-and-data-use-agreements-duas\"\u003eData Disclosures and Data Use Agreements on cms.gov\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDUAs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-enterprise-data-analytics\"\u003eCMS Office of Enterprise Data and Analytics\u003c/a\u003e. To learn more or get help with a DUA, email:\u0026nbsp;\u003ca href=\"mailto:DataUseAgreement@cms.hhs.gov\"\u003eDataUseAgreement@cms.hhs.gov\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cem\u003eNote: There are times when a DUA must be accompanied by an IEA.\u003c/em\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eWhen PII / PHI is not involved\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eFor data sharing that does\u0026nbsp;\u003cstrong\u003enot\u003c/strong\u003e include protected health information (PHI) and/or personally identifiable information (PII), it is likely you need an agreement that is not managed by the CMS Privacy Office. Several types of agreements are listed below, along with the appropriate CMS Office to contact for more information.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eInter-Agency/Intra-Agency Agreements (IAA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eThis is a written contract in which a Federal agency agrees to provide to, purchase from, or exchange with another Federal agency:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eServices (including data)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSupplies\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEquipment\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eInter-agency\u003c/strong\u003e agreements are between at least one component within DHHS and another Federal agency or component thereof.\u0026nbsp;\u003cstrong\u003eIntra-agency\u003c/strong\u003e agreements are between two or more agencies within DHHS. Many federal agencies use IAAs as the mechanism for paying data fees.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eIAAs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management\"\u003eCMS Office of Acquisition and Grants Management\u003c/a\u003e. To learn about the agreements available from OAGM (including IAAs), email:\u0026nbsp;\u003ca href=\"mailto:InterAgencyAgreements@cms.hhs.gov\"\u003eInterAgencyAgreements@cms.hhs.gov\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eMemorandum of Understanding (MOU)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eA Memorandum of Understanding (MOU) is an important part of any formal arrangement for cooperation between two or more federal agencies. It serves as a statement of intent between the participating organizations to work together to achieve a shared goal.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMany CMS systems share data with other systems within CMS and across different agencies. To safeguard the data they share, it often makes sense for connected systems to enter into security agreements. An MOU is signed between two or more systems approved under the same Authorization Official (AO) at CMS.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf your data sharing partner is located outside CMS and their system is approved by a different Authorization Official (AO), you will need an\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-interconnection-security-agreement-isa\"\u003eInterconnection Security Agreement (ISA)\u003c/a\u003e instead of a MOU.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eMOUs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management\"\u003eCMS Office of Acquisition and Grants Management\u003c/a\u003e. To learn about the agreements available from OAGM (including MOUs), email:\u0026nbsp;\u003ca href=\"mailto:InterAgencyAgreements@cms.hhs.gov\"\u003eInterAgencyAgreements@cms.hhs.gov\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cem\u003eAre you looking for information about\u0026nbsp;\u003cstrong\u003eMemorandum of Agreement (MOA)\u003c/strong\u003e? This is the same thing as an MOU. At CMS, Memorandum of Agreement has been replaced by Memorandum of Understanding, although some legacy MOAs still remain in use.\u003c/em\u003e\u003c/p\u003e"])</script><script>self.__next_f.push([1,"97:T1953,"])</script><script>self.__next_f.push([1,"\u003ch2 dir=\"ltr\"\u003eWhat is a Data Sharing Agreement?\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eWhenever information or data will be shared between CMS and another agency, there are formal agreements that establish how the information will be shared and how it will be protected.\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eWhat type of agreement do I need?\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eThe CMS Privacy Office can help you determine the kind of agreement you need, based on the type of data that is being shared and the purpose for the sharing or comparing of data between agencies. The following guidance can get you started in the right direction.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eWhen PII / PHI is involved\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eIf the data that will be shared includes protected health information (PHI) and/or personally identifiable information (PII), it’s likely that the CMS Privacy Office will be your point of contact to establish the required agreement. Email them at\u0026nbsp;\u003ca href=\"mailto:privacy@cms.hhs.gov\"\u003eprivacy@cms.hhs.gov\u003c/a\u003e to confirm what kind of agreement you need.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eComputer Matching Agreement (CMA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need a\u0026nbsp;\u003cstrong\u003eComputer Matching Agreement (CMA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eA computer matching program is being proposed\u003c/li\u003e\u003cli dir=\"ltr\"\u003eTwo or more automated systems of record are being compared between agencies\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThe data comparison will have an impact on individuals’ federal benefits\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThe data comparison will be used to recoup payments, investigate fraud, or verify compliance with federal benefits programs\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/cms-computer-matching-agreement-cma\"\u003e\u003cstrong\u003eLearn more about CMAs here\u003c/strong\u003e\u003c/a\u003e.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eInformation Exchange Agreement (IEA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need an\u0026nbsp;\u003cstrong\u003eInformation Exchange Agreement (IEA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eCMS PII will be exchanged with another HHS OpDiv, or with a federal or state agency\u003c/li\u003e\u003cli dir=\"ltr\"\u003eThere is no adverse impact on an individual’s federal benefits\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/cms-information-exchange-agreement-iea\"\u003e\u003cstrong\u003eLearn more about IEAs here\u003c/strong\u003e\u003c/a\u003e.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eData Use Agreement (DUA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eYou might need a\u0026nbsp;\u003cstrong\u003eData Use Agreement (DUA)\u003c/strong\u003e if:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eAnother agency is asking for disclosure of PII and/or PHI from CMS\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eWhen requests for disclosures of protected health information (PHI) and/or personally identifiable information (PII) are made to CMS, a Data Use Agreement (DUA) is signed to ensure that data requesters adhere to CMS privacy and security requirements and data release policies. Learn more about\u0026nbsp;\u003ca href=\"https://www.cms.gov/data-research/files-for-order/data-disclosures-and-data-use-agreements-duas\"\u003eData Disclosures and Data Use Agreements on cms.gov\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eDUAs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-enterprise-data-analytics\"\u003eCMS Office of Enterprise Data and Analytics\u003c/a\u003e. To learn more or get help with a DUA, email:\u0026nbsp;\u003ca href=\"mailto:DataUseAgreement@cms.hhs.gov\"\u003eDataUseAgreement@cms.hhs.gov\u003c/a\u003e.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cem\u003eNote: There are times when a DUA must be accompanied by an IEA.\u003c/em\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003eWhen PII / PHI is not involved\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eFor data sharing that does\u0026nbsp;\u003cstrong\u003enot\u003c/strong\u003e include protected health information (PHI) and/or personally identifiable information (PII), it is likely you need an agreement that is not managed by the CMS Privacy Office. Several types of agreements are listed below, along with the appropriate CMS Office to contact for more information.\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eInter-Agency/Intra-Agency Agreements (IAA)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eThis is a written contract in which a Federal agency agrees to provide to, purchase from, or exchange with another Federal agency:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eServices (including data)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSupplies\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEquipment\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eInter-agency\u003c/strong\u003e agreements are between at least one component within DHHS and another Federal agency or component thereof.\u0026nbsp;\u003cstrong\u003eIntra-agency\u003c/strong\u003e agreements are between two or more agencies within DHHS. Many federal agencies use IAAs as the mechanism for paying data fees.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eIAAs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management\"\u003eCMS Office of Acquisition and Grants Management\u003c/a\u003e. To learn about the agreements available from OAGM (including IAAs), email:\u0026nbsp;\u003ca href=\"mailto:InterAgencyAgreements@cms.hhs.gov\"\u003eInterAgencyAgreements@cms.hhs.gov\u003c/a\u003e\u0026nbsp;\u003c/p\u003e\u003ch4 dir=\"ltr\"\u003eMemorandum of Understanding (MOU)\u003c/h4\u003e\u003cp dir=\"ltr\"\u003eA Memorandum of Understanding (MOU) is an important part of any formal arrangement for cooperation between two or more federal agencies. It serves as a statement of intent between the participating organizations to work together to achieve a shared goal.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMany CMS systems share data with other systems within CMS and across different agencies. To safeguard the data they share, it often makes sense for connected systems to enter into security agreements. An MOU is signed between two or more systems approved under the same Authorization Official (AO) at CMS.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf your data sharing partner is located outside CMS and their system is approved by a different Authorization Official (AO), you will need an\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-interconnection-security-agreement-isa\"\u003eInterconnection Security Agreement (ISA)\u003c/a\u003e instead of a MOU.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eMOUs are not managed by the CMS Privacy Office\u003c/strong\u003e. They are administered by the\u0026nbsp;\u003ca href=\"https://www.cms.gov/about-cms/leadership/office-acquisition-grants-management\"\u003eCMS Office of Acquisition and Grants Management\u003c/a\u003e. To learn about the agreements available from OAGM (including MOUs), email:\u0026nbsp;\u003ca href=\"mailto:InterAgencyAgreements@cms.hhs.gov\"\u003eInterAgencyAgreements@cms.hhs.gov\u003c/a\u003e.\u003c/p\u003e\u003cp\u003e\u003cem\u003eAre you looking for information about\u0026nbsp;\u003cstrong\u003eMemorandum of Agreement (MOA)\u003c/strong\u003e? This is the same thing as an MOU. At CMS, Memorandum of Agreement has been replaced by Memorandum of Understanding, although some legacy MOAs still remain in use.\u003c/em\u003e\u003c/p\u003e"])</script><script>self.__next_f.push([1,"95:{\"value\":\"$96\",\"format\":\"body_text\",\"processed\":\"$97\"}\n93:{\"drupal_internal__id\":3571,\"drupal_internal__revision_id\":20116,\"langcode\":\"en\",\"status\":true,\"created\":\"2025-01-16T20:28:57+00:00\",\"parent_id\":\"1246\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$94\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$95\"}\n9b:{\"drupal_internal__target_id\":\"page_section\"}\n9a:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$9b\"}\n9d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939/paragraph_type?resourceVersion=id%3A20116\"}\n9e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939/relationships/paragraph_type?resourceVersion=id%3A20116\"}\n9c:{\"related\":\"$9d\",\"self\":\"$9e\"}\n99:{\"data\":\"$9a\",\"links\":\"$9c\"}\na1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939/field_specialty_item?resourceVersion=id%3A20116\"}\na2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939/relationships/field_specialty_item?resourceVersion=id%3A20116\"}\na0:{\"related\":\"$a1\",\"self\":\"$a2\"}\n9f:{\"data\":null,\"links\":\"$a0\"}\n98:{\"paragraph_type\":\"$99\",\"field_specialty_item\":\"$9f\"}\n90:{\"type\":\"paragraph--page_section\",\"id\":\"e6f122bb-36d3-41e9-833e-29c6351eb939\",\"links\":\"$91\",\"attributes\":\"$93\",\"relationships\":\"$98\"}\na5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368?resourceVersion=id%3A20121\"}\na4:{\"self\":\"$a5\"}\na7:[]\na6:{\"drupal_internal__id\":3586,\"drupal_internal__revision_id\":20121,\"langcode\":\"en\",\"status\":true,\"created\":\"2025-01-16T20:57:53+00:00\",\"parent_id\":\"1246\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$a7\",\"default_langcode\":true,\"revision_translation_affected\":true}\nab:{\"drupal_internal__target_id\":\"internal_link\"}\naa:{\"type\":\"paragraph"])</script><script>self.__next_f.push([1,"s_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$ab\"}\nad:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368/paragraph_type?resourceVersion=id%3A20121\"}\nae:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368/relationships/paragraph_type?resourceVersion=id%3A20121\"}\nac:{\"related\":\"$ad\",\"self\":\"$ae\"}\na9:{\"data\":\"$aa\",\"links\":\"$ac\"}\nb1:{\"drupal_internal__target_id\":356}\nb0:{\"type\":\"node--explainer\",\"id\":\"85d3c6d9-87da-4285-9571-cfef16aa6d61\",\"meta\":\"$b1\"}\nb3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368/field_link?resourceVersion=id%3A20121\"}\nb4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368/relationships/field_link?resourceVersion=id%3A20121\"}\nb2:{\"related\":\"$b3\",\"self\":\"$b4\"}\naf:{\"data\":\"$b0\",\"links\":\"$b2\"}\na8:{\"paragraph_type\":\"$a9\",\"field_link\":\"$af\"}\na3:{\"type\":\"paragraph--internal_link\",\"id\":\"98b4c323-6323-4eb8-98fd-7f6414cc3368\",\"links\":\"$a4\",\"attributes\":\"$a6\",\"relationships\":\"$a8\"}\nb7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb?resourceVersion=id%3A20126\"}\nb6:{\"self\":\"$b7\"}\nb9:[]\nb8:{\"drupal_internal__id\":3591,\"drupal_internal__revision_id\":20126,\"langcode\":\"en\",\"status\":true,\"created\":\"2025-01-16T20:58:00+00:00\",\"parent_id\":\"1246\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$b9\",\"default_langcode\":true,\"revision_translation_affected\":true}\nbd:{\"drupal_internal__target_id\":\"internal_link\"}\nbc:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$bd\"}\nbf:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb/paragraph_type?resourceVersion=id%3A20126\"}\nc0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb/relationships/pa"])</script><script>self.__next_f.push([1,"ragraph_type?resourceVersion=id%3A20126\"}\nbe:{\"related\":\"$bf\",\"self\":\"$c0\"}\nbb:{\"data\":\"$bc\",\"links\":\"$be\"}\nc3:{\"drupal_internal__target_id\":641}\nc2:{\"type\":\"node--explainer\",\"id\":\"9086328f-ae1d-4345-a435-8300071aae86\",\"meta\":\"$c3\"}\nc5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb/field_link?resourceVersion=id%3A20126\"}\nc6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb/relationships/field_link?resourceVersion=id%3A20126\"}\nc4:{\"related\":\"$c5\",\"self\":\"$c6\"}\nc1:{\"data\":\"$c2\",\"links\":\"$c4\"}\nba:{\"paragraph_type\":\"$bb\",\"field_link\":\"$c1\"}\nb5:{\"type\":\"paragraph--internal_link\",\"id\":\"5d97f40c-547a-439b-a92a-23efe869a4eb\",\"links\":\"$b6\",\"attributes\":\"$b8\",\"relationships\":\"$ba\"}\nc9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61?resourceVersion=id%3A6126\"}\nc8:{\"self\":\"$c9\"}\ncb:{\"alias\":\"/learn/cms-information-exchange-agreement-iea\",\"pid\":346,\"langcode\":\"en\"}\ncc:{\"value\":\"Business Owners and Privacy Advisors working together to determine the terms of sharing PII with other federal or state agencies\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eBusiness Owners and Privacy Advisors working together to determine the terms of sharing PII with other federal or state agencies\u003c/p\u003e\\n\"}\ncd:[\"#ispg-privacy-agreement-consults\"]\nca:{\"drupal_internal__nid\":356,\"drupal_internal__vid\":6126,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-16T20:57:31+00:00\",\"status\":true,\"title\":\"CMS Information Exchange Agreement (IEA)\",\"created\":\"2022-08-29T16:33:09+00:00\",\"changed\":\"2025-01-16T20:57:31+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$cb\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"privacy@cms.hhs.gov\",\"field_contact_name\":\"Privacy Office\",\"field_short_description\":\"$cc\",\"fi"])</script><script>self.__next_f.push([1,"eld_slack_channel\":\"$cd\"}\nd1:{\"drupal_internal__target_id\":\"explainer\"}\nd0:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$d1\"}\nd3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/node_type?resourceVersion=id%3A6126\"}\nd4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/node_type?resourceVersion=id%3A6126\"}\nd2:{\"related\":\"$d3\",\"self\":\"$d4\"}\ncf:{\"data\":\"$d0\",\"links\":\"$d2\"}\nd7:{\"drupal_internal__target_id\":6}\nd6:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$d7\"}\nd9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/revision_uid?resourceVersion=id%3A6126\"}\nda:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/revision_uid?resourceVersion=id%3A6126\"}\nd8:{\"related\":\"$d9\",\"self\":\"$da\"}\nd5:{\"data\":\"$d6\",\"links\":\"$d8\"}\ndd:{\"drupal_internal__target_id\":26}\ndc:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$dd\"}\ndf:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/uid?resourceVersion=id%3A6126\"}\ne0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/uid?resourceVersion=id%3A6126\"}\nde:{\"related\":\"$df\",\"self\":\"$e0\"}\ndb:{\"data\":\"$dc\",\"links\":\"$de\"}\ne4:{\"target_revision_id\":20101,\"drupal_internal__target_id\":466}\ne3:{\"type\":\"paragraph--page_section\",\"id\":\"24c64778-0ed9-4ae9-b9dc-dfc10681357c\",\"meta\":\"$e4\"}\ne2:[\"$e3\"]\ne6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_page_section?resourceVersion=id%3A6126\"}\ne7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_page_section?resourceVersion=id%3A6126\"}\ne5:{\"related\":\"$e6\",\"self\":\"$e7\"}\ne1:{\"data\":\"$e2\",\"links\":\"$e5\"}\neb:{\"target_revision_id\":20106,\"drupal_internal__target_"])</script><script>self.__next_f.push([1,"id\":1841}\nea:{\"type\":\"paragraph--internal_link\",\"id\":\"4cef73c0-51d2-4d1a-8273-05c4fcd038bf\",\"meta\":\"$eb\"}\ned:{\"target_revision_id\":20111,\"drupal_internal__target_id\":1846}\nec:{\"type\":\"paragraph--internal_link\",\"id\":\"7eda830e-a420-46c6-b3a6-3a7c9dd09d0d\",\"meta\":\"$ed\"}\ne9:[\"$ea\",\"$ec\"]\nef:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_related_collection?resourceVersion=id%3A6126\"}\nf0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_related_collection?resourceVersion=id%3A6126\"}\nee:{\"related\":\"$ef\",\"self\":\"$f0\"}\ne8:{\"data\":\"$e9\",\"links\":\"$ee\"}\nf3:{\"drupal_internal__target_id\":131}\nf2:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$f3\"}\nf5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_resource_type?resourceVersion=id%3A6126\"}\nf6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_resource_type?resourceVersion=id%3A6126\"}\nf4:{\"related\":\"$f5\",\"self\":\"$f6\"}\nf1:{\"data\":\"$f2\",\"links\":\"$f4\"}\nfa:{\"drupal_internal__target_id\":66}\nf9:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$fa\"}\nfc:{\"drupal_internal__target_id\":61}\nfb:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$fc\"}\nfe:{\"drupal_internal__target_id\":76}\nfd:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$fe\"}\nf8:[\"$f9\",\"$fb\",\"$fd\"]\n100:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_roles?resourceVersion=id%3A6126\"}\n101:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_roles?resourceVersion=id%3A6126\"}\nff:{\"related\":\"$100\",\"self\":\"$101\"}\nf7:{\"data\":\"$f8\",\"links\":\"$ff\"}\n105:{\"drupal_internal__target_id\":16}\n104:{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-90"])</script><script>self.__next_f.push([1,"3f-0470aad63bf0\",\"meta\":\"$105\"}\n107:{\"drupal_internal__target_id\":31}\n106:{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":\"$107\"}\n103:[\"$104\",\"$106\"]\n109:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_topics?resourceVersion=id%3A6126\"}\n10a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_topics?resourceVersion=id%3A6126\"}\n108:{\"related\":\"$109\",\"self\":\"$10a\"}\n102:{\"data\":\"$103\",\"links\":\"$108\"}\nce:{\"node_type\":\"$cf\",\"revision_uid\":\"$d5\",\"uid\":\"$db\",\"field_page_section\":\"$e1\",\"field_related_collection\":\"$e8\",\"field_resource_type\":\"$f1\",\"field_roles\":\"$f7\",\"field_topics\":\"$102\"}\nc7:{\"type\":\"node--explainer\",\"id\":\"85d3c6d9-87da-4285-9571-cfef16aa6d61\",\"links\":\"$c8\",\"attributes\":\"$ca\",\"relationships\":\"$ce\"}\n10d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86?resourceVersion=id%3A6121\"}\n10c:{\"self\":\"$10d\"}\n10f:{\"alias\":\"/learn/cms-computer-matching-agreement-cma\",\"pid\":631,\"langcode\":\"en\"}\n110:{\"value\":\"Written agreement used in the comparison of automated systems of record between federal or state agencies\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eWritten agreement used in the comparison of automated systems of record between federal or state agencies\u003c/p\u003e\\n\"}\n111:[\"#ispg-privacy-agreement-consults\"]\n10e:{\"drupal_internal__nid\":641,\"drupal_internal__vid\":6121,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-16T20:56:12+00:00\",\"status\":true,\"title\":\"CMS Computer Matching Agreement (CMA)\",\"created\":\"2023-02-02T14:59:22+00:00\",\"changed\":\"2025-01-16T20:56:12+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$10f\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"privacy@cms.hhs.gov\",\"field_contact_name\":\"Privacy Office\",\"fiel"])</script><script>self.__next_f.push([1,"d_short_description\":\"$110\",\"field_slack_channel\":\"$111\"}\n115:{\"drupal_internal__target_id\":\"explainer\"}\n114:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$115\"}\n117:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/node_type?resourceVersion=id%3A6121\"}\n118:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/node_type?resourceVersion=id%3A6121\"}\n116:{\"related\":\"$117\",\"self\":\"$118\"}\n113:{\"data\":\"$114\",\"links\":\"$116\"}\n11b:{\"drupal_internal__target_id\":6}\n11a:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$11b\"}\n11d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/revision_uid?resourceVersion=id%3A6121\"}\n11e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/revision_uid?resourceVersion=id%3A6121\"}\n11c:{\"related\":\"$11d\",\"self\":\"$11e\"}\n119:{\"data\":\"$11a\",\"links\":\"$11c\"}\n121:{\"drupal_internal__target_id\":26}\n120:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$121\"}\n123:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/uid?resourceVersion=id%3A6121\"}\n124:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/uid?resourceVersion=id%3A6121\"}\n122:{\"related\":\"$123\",\"self\":\"$124\"}\n11f:{\"data\":\"$120\",\"links\":\"$122\"}\n128:{\"target_revision_id\":20081,\"drupal_internal__target_id\":451}\n127:{\"type\":\"paragraph--page_section\",\"id\":\"ebf079d8-dd73-43d4-b270-1dffecde688b\",\"meta\":\"$128\"}\n126:[\"$127\"]\n12a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_page_section?resourceVersion=id%3A6121\"}\n12b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_page_section?resourceVersion=id%3A6121\"}\n129:{\"related\":\"$12a\",\"self\":\"$12b\"}\n125:{\"data\":\""])</script><script>self.__next_f.push([1,"$126\",\"links\":\"$129\"}\n12f:{\"target_revision_id\":20086,\"drupal_internal__target_id\":1876}\n12e:{\"type\":\"paragraph--internal_link\",\"id\":\"5fc47ff1-39bd-4c95-b001-ad89e85cd007\",\"meta\":\"$12f\"}\n131:{\"target_revision_id\":20091,\"drupal_internal__target_id\":3576}\n130:{\"type\":\"paragraph--internal_link\",\"id\":\"7f569b2e-5e41-45c0-954e-df9128d24e6e\",\"meta\":\"$131\"}\n133:{\"target_revision_id\":20096,\"drupal_internal__target_id\":3581}\n132:{\"type\":\"paragraph--internal_link\",\"id\":\"8dde78c3-a853-4117-b100-c1c97b47829c\",\"meta\":\"$133\"}\n12d:[\"$12e\",\"$130\",\"$132\"]\n135:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_related_collection?resourceVersion=id%3A6121\"}\n136:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_related_collection?resourceVersion=id%3A6121\"}\n134:{\"related\":\"$135\",\"self\":\"$136\"}\n12c:{\"data\":\"$12d\",\"links\":\"$134\"}\n139:{\"drupal_internal__target_id\":131}\n138:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$139\"}\n13b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_resource_type?resourceVersion=id%3A6121\"}\n13c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_resource_type?resourceVersion=id%3A6121\"}\n13a:{\"related\":\"$13b\",\"self\":\"$13c\"}\n137:{\"data\":\"$138\",\"links\":\"$13a\"}\n140:{\"drupal_internal__target_id\":61}\n13f:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$140\"}\n142:{\"drupal_internal__target_id\":76}\n141:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$142\"}\n13e:[\"$13f\",\"$141\"]\n144:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_roles?resourceVersion=id%3A6121\"}\n145:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_roles?resourceVersion=id%3A6121\"}\n143:{\"related\":\"$"])</script><script>self.__next_f.push([1,"144\",\"self\":\"$145\"}\n13d:{\"data\":\"$13e\",\"links\":\"$143\"}\n149:{\"drupal_internal__target_id\":31}\n148:{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":\"$149\"}\n147:[\"$148\"]\n14b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_topics?resourceVersion=id%3A6121\"}\n14c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_topics?resourceVersion=id%3A6121\"}\n14a:{\"related\":\"$14b\",\"self\":\"$14c\"}\n146:{\"data\":\"$147\",\"links\":\"$14a\"}\n112:{\"node_type\":\"$113\",\"revision_uid\":\"$119\",\"uid\":\"$11f\",\"field_page_section\":\"$125\",\"field_related_collection\":\"$12c\",\"field_resource_type\":\"$137\",\"field_roles\":\"$13d\",\"field_topics\":\"$146\"}\n10b:{\"type\":\"node--explainer\",\"id\":\"9086328f-ae1d-4345-a435-8300071aae86\",\"links\":\"$10c\",\"attributes\":\"$10e\",\"relationships\":\"$112\"}\n"])</script><script>self.__next_f.push([1,"5:[\"$\",\"$L17\",null,{\"content\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"c1152e47-1dfe-4010-b73e-3c2661ff646f\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f?resourceVersion=id%3A6131\"}},\"attributes\":{\"drupal_internal__nid\":1246,\"drupal_internal__vid\":6131,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-16T20:58:18+00:00\",\"status\":true,\"title\":\"Data Sharing Agreements\",\"created\":\"2025-01-16T20:26:35+00:00\",\"changed\":\"2025-01-16T20:58:18+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/data-sharing-agreements\",\"pid\":1366,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"privacy@cms.hhs.gov\",\"field_contact_name\":\"Privacy Office\",\"field_short_description\":{\"value\":\"Agreements that establish how data will be managed and protected when shared between CMS and another agency\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eAgreements that establish how data will be managed and protected when shared between CMS and another agency\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#ispg-privacy-agreement-consults\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/node_type?resourceVersion=id%3A6131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/relationships/node_type?resourceVersion=id%3A6131\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/revision_uid?resourceVersion=id%3A6131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/relationships/revision_uid?resourceVersion=id%3A6131\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/uid?resourceVersion=id%3A6131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/relationships/uid?resourceVersion=id%3A6131\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"e6f122bb-36d3-41e9-833e-29c6351eb939\",\"meta\":{\"target_revision_id\":20116,\"drupal_internal__target_id\":3571}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/field_page_section?resourceVersion=id%3A6131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/relationships/field_page_section?resourceVersion=id%3A6131\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"98b4c323-6323-4eb8-98fd-7f6414cc3368\",\"meta\":{\"target_revision_id\":20121,\"drupal_internal__target_id\":3586}},{\"type\":\"paragraph--internal_link\",\"id\":\"5d97f40c-547a-439b-a92a-23efe869a4eb\",\"meta\":{\"target_revision_id\":20126,\"drupal_internal__target_id\":3591}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/field_related_collection?resourceVersion=id%3A6131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/relationships/field_related_collection?resourceVersion=id%3A6131\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/field_resource_type?resourceVersion=id%3A6131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/relationships/field_resource_type?resourceVersion=id%3A6131\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/field_roles?resourceVersion=id%3A6131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/relationships/field_roles?resourceVersion=id%3A6131\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":{\"drupal_internal__target_id\":31}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/field_topics?resourceVersion=id%3A6131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/c1152e47-1dfe-4010-b73e-3c2661ff646f/relationships/field_topics?resourceVersion=id%3A6131\"}}}}},\"included\":[{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}},\"attributes\":{\"langcode\":\"en\",\"status\":true,\"dependencies\":{\"module\":[\"menu_ui\",\"scheduler\"]},\"third_party_settings\":{\"menu_ui\":{\"available_menus\":[],\"parent\":\"\"},\"scheduler\":{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}},\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}},{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/e352e203-fe9c-47ba-af75-2c7f8302fca8\"}},\"attributes\":{\"display_name\":\"mburgess\"}},{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22?resourceVersion=id%3A131\"}},\"attributes\":{\"drupal_internal__tid\":131,\"drupal_internal__revision_id\":131,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:33+00:00\",\"status\":true,\"name\":\"General Information\",\"description\":null,\"weight\":2,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":{\"drupal_internal__target_id\":\"resource_type\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/vid?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/vid?resourceVersion=id%3A131\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/revision_user?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/revision_user?resourceVersion=id%3A131\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/parent?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/parent?resourceVersion=id%3A131\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}},\"attributes\":{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}},\"attributes\":{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf?resourceVersion=id%3A31\"}},\"attributes\":{\"drupal_internal__tid\":31,\"drupal_internal__revision_id\":31,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:48+00:00\",\"status\":true,\"name\":\"Privacy\",\"description\":null,\"weight\":4,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/vid?resourceVersion=id%3A31\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/relationships/vid?resourceVersion=id%3A31\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/revision_user?resourceVersion=id%3A31\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/relationships/revision_user?resourceVersion=id%3A31\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/parent?resourceVersion=id%3A31\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/d5e2c0ee-04cb-493b-9338-c97adf0e8adf/relationships/parent?resourceVersion=id%3A31\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"e6f122bb-36d3-41e9-833e-29c6351eb939\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939?resourceVersion=id%3A20116\"}},\"attributes\":{\"drupal_internal__id\":3571,\"drupal_internal__revision_id\":20116,\"langcode\":\"en\",\"status\":true,\"created\":\"2025-01-16T20:28:57+00:00\",\"parent_id\":\"1246\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$18\",\"format\":\"body_text\",\"processed\":\"$19\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939/paragraph_type?resourceVersion=id%3A20116\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939/relationships/paragraph_type?resourceVersion=id%3A20116\"}}},\"field_specialty_item\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939/field_specialty_item?resourceVersion=id%3A20116\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/e6f122bb-36d3-41e9-833e-29c6351eb939/relationships/field_specialty_item?resourceVersion=id%3A20116\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"98b4c323-6323-4eb8-98fd-7f6414cc3368\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368?resourceVersion=id%3A20121\"}},\"attributes\":{\"drupal_internal__id\":3586,\"drupal_internal__revision_id\":20121,\"langcode\":\"en\",\"status\":true,\"created\":\"2025-01-16T20:57:53+00:00\",\"parent_id\":\"1246\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368/paragraph_type?resourceVersion=id%3A20121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368/relationships/paragraph_type?resourceVersion=id%3A20121\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"85d3c6d9-87da-4285-9571-cfef16aa6d61\",\"meta\":{\"drupal_internal__target_id\":356}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368/field_link?resourceVersion=id%3A20121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/98b4c323-6323-4eb8-98fd-7f6414cc3368/relationships/field_link?resourceVersion=id%3A20121\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"5d97f40c-547a-439b-a92a-23efe869a4eb\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb?resourceVersion=id%3A20126\"}},\"attributes\":{\"drupal_internal__id\":3591,\"drupal_internal__revision_id\":20126,\"langcode\":\"en\",\"status\":true,\"created\":\"2025-01-16T20:58:00+00:00\",\"parent_id\":\"1246\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb/paragraph_type?resourceVersion=id%3A20126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb/relationships/paragraph_type?resourceVersion=id%3A20126\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"9086328f-ae1d-4345-a435-8300071aae86\",\"meta\":{\"drupal_internal__target_id\":641}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb/field_link?resourceVersion=id%3A20126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/5d97f40c-547a-439b-a92a-23efe869a4eb/relationships/field_link?resourceVersion=id%3A20126\"}}}}},{\"type\":\"node--explainer\",\"id\":\"85d3c6d9-87da-4285-9571-cfef16aa6d61\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61?resourceVersion=id%3A6126\"}},\"attributes\":{\"drupal_internal__nid\":356,\"drupal_internal__vid\":6126,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-16T20:57:31+00:00\",\"status\":true,\"title\":\"CMS Information Exchange Agreement (IEA)\",\"created\":\"2022-08-29T16:33:09+00:00\",\"changed\":\"2025-01-16T20:57:31+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/cms-information-exchange-agreement-iea\",\"pid\":346,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"privacy@cms.hhs.gov\",\"field_contact_name\":\"Privacy Office\",\"field_short_description\":{\"value\":\"Business Owners and Privacy Advisors working together to determine the terms of sharing PII with other federal or state agencies\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eBusiness Owners and Privacy Advisors working together to determine the terms of sharing PII with other federal or state agencies\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#ispg-privacy-agreement-consults\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/node_type?resourceVersion=id%3A6126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/node_type?resourceVersion=id%3A6126\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/revision_uid?resourceVersion=id%3A6126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/revision_uid?resourceVersion=id%3A6126\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/uid?resourceVersion=id%3A6126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/uid?resourceVersion=id%3A6126\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"24c64778-0ed9-4ae9-b9dc-dfc10681357c\",\"meta\":{\"target_revision_id\":20101,\"drupal_internal__target_id\":466}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_page_section?resourceVersion=id%3A6126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_page_section?resourceVersion=id%3A6126\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"4cef73c0-51d2-4d1a-8273-05c4fcd038bf\",\"meta\":{\"target_revision_id\":20106,\"drupal_internal__target_id\":1841}},{\"type\":\"paragraph--internal_link\",\"id\":\"7eda830e-a420-46c6-b3a6-3a7c9dd09d0d\",\"meta\":{\"target_revision_id\":20111,\"drupal_internal__target_id\":1846}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_related_collection?resourceVersion=id%3A6126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_related_collection?resourceVersion=id%3A6126\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_resource_type?resourceVersion=id%3A6126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_resource_type?resourceVersion=id%3A6126\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_roles?resourceVersion=id%3A6126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_roles?resourceVersion=id%3A6126\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"meta\":{\"drupal_internal__target_id\":16}},{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":{\"drupal_internal__target_id\":31}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/field_topics?resourceVersion=id%3A6126\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/85d3c6d9-87da-4285-9571-cfef16aa6d61/relationships/field_topics?resourceVersion=id%3A6126\"}}}}},{\"type\":\"node--explainer\",\"id\":\"9086328f-ae1d-4345-a435-8300071aae86\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86?resourceVersion=id%3A6121\"}},\"attributes\":{\"drupal_internal__nid\":641,\"drupal_internal__vid\":6121,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-16T20:56:12+00:00\",\"status\":true,\"title\":\"CMS Computer Matching Agreement (CMA)\",\"created\":\"2023-02-02T14:59:22+00:00\",\"changed\":\"2025-01-16T20:56:12+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/cms-computer-matching-agreement-cma\",\"pid\":631,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"privacy@cms.hhs.gov\",\"field_contact_name\":\"Privacy Office\",\"field_short_description\":{\"value\":\"Written agreement used in the comparison of automated systems of record between federal or state agencies\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eWritten agreement used in the comparison of automated systems of record between federal or state agencies\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#ispg-privacy-agreement-consults\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/node_type?resourceVersion=id%3A6121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/node_type?resourceVersion=id%3A6121\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/revision_uid?resourceVersion=id%3A6121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/revision_uid?resourceVersion=id%3A6121\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/uid?resourceVersion=id%3A6121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/uid?resourceVersion=id%3A6121\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"ebf079d8-dd73-43d4-b270-1dffecde688b\",\"meta\":{\"target_revision_id\":20081,\"drupal_internal__target_id\":451}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_page_section?resourceVersion=id%3A6121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_page_section?resourceVersion=id%3A6121\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"5fc47ff1-39bd-4c95-b001-ad89e85cd007\",\"meta\":{\"target_revision_id\":20086,\"drupal_internal__target_id\":1876}},{\"type\":\"paragraph--internal_link\",\"id\":\"7f569b2e-5e41-45c0-954e-df9128d24e6e\",\"meta\":{\"target_revision_id\":20091,\"drupal_internal__target_id\":3576}},{\"type\":\"paragraph--internal_link\",\"id\":\"8dde78c3-a853-4117-b100-c1c97b47829c\",\"meta\":{\"target_revision_id\":20096,\"drupal_internal__target_id\":3581}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_related_collection?resourceVersion=id%3A6121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_related_collection?resourceVersion=id%3A6121\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_resource_type?resourceVersion=id%3A6121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_resource_type?resourceVersion=id%3A6121\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_roles?resourceVersion=id%3A6121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_roles?resourceVersion=id%3A6121\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\",\"meta\":{\"drupal_internal__target_id\":31}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/field_topics?resourceVersion=id%3A6121\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/9086328f-ae1d-4345-a435-8300071aae86/relationships/field_topics?resourceVersion=id%3A6121\"}}}}}],\"includedMap\":{\"d185e460-4998-4d2b-85cb-b04f304dfb1b\":\"$1a\",\"e352e203-fe9c-47ba-af75-2c7f8302fca8\":\"$24\",\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\":\"$28\",\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\":\"$42\",\"f591f442-c0b0-4b8e-af66-7998a3329f34\":\"$5c\",\"d5e2c0ee-04cb-493b-9338-c97adf0e8adf\":\"$76\",\"e6f122bb-36d3-41e9-833e-29c6351eb939\":\"$90\",\"98b4c323-6323-4eb8-98fd-7f6414cc3368\":\"$a3\",\"5d97f40c-547a-439b-a92a-23efe869a4eb\":\"$b5\",\"85d3c6d9-87da-4285-9571-cfef16aa6d61\":\"$c7\",\"9086328f-ae1d-4345-a435-8300071aae86\":\"$10b\"}}}]\n"])</script><script>self.__next_f.push([1,"a:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"Data Sharing Agreements | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"Agreements that establish how data will be managed and protected when shared between CMS and another agency\"}],[\"$\",\"link\",\"4\",{\"rel\":\"canonical\",\"href\":\"https://security.cms.gov/learn/data-sharing-agreements\"}],[\"$\",\"meta\",\"5\",{\"name\":\"google-site-verification\",\"content\":\"GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"Data Sharing Agreements | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"Agreements that establish how data will be managed and protected when shared between CMS and another agency\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://security.cms.gov/learn/data-sharing-agreements\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"10\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"11\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"12\",{\"property\":\"og:image\",\"content\":\"https://security.cms.gov/learn/data-sharing-agreements/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"meta\",\"13\",{\"property\":\"og:type\",\"content\":\"website\"}],[\"$\",\"meta\",\"14\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"15\",{\"name\":\"twitter:title\",\"content\":\"Data Sharing Agreements | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"16\",{\"name\":\"twitter:description\",\"content\":\"Agreements that establish how data will be managed and protected when shared between CMS and another agency\"}],[\"$\",\"meta\",\"17\",{\"name\":\"twitter:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"18\",{\"name\":\"twitter:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"19\",{\"name\":\"twitter:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"20\",{\"name\":\"twitter:image\",\"content\":\"https://security.cms.gov/learn/data-sharing-agreements/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"link\",\"21\",{\"rel\":\"icon\",\"href\":\"/favicon.ico\",\"type\":\"image/x-icon\",\"sizes\":\"48x48\"}]]\n"])</script><script>self.__next_f.push([1,"4:null\n"])</script></body></html> |