publicdata/cms-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cms-gov/security.cms.gov/learn/federal-risk-and-authorization-management-program-fedramp
Scott Williams b906a0e722 Initial commit
2025-02-28 14:41:14 -05:00

1 line
No EOL
418 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" as="image" href="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg" fetchPriority="high"/><link rel="stylesheet" href="/_next/static/css/ef46db3751d8e999.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/0759e90f4fecfde7.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-182b67d00f496f9d.js"/><script src="/_next/static/chunks/fd9d1056-ad09c71b7719f2fb.js" async=""></script><script src="/_next/static/chunks/23-260042deb5df7a88.js" async=""></script><script src="/_next/static/chunks/main-app-6de3c3100b91a0a9.js" async=""></script><script src="/_next/static/chunks/30-49b1c1429d73281d.js" async=""></script><script src="/_next/static/chunks/317-0f87feacc1712b2f.js" async=""></script><script src="/_next/static/chunks/223-bc9ed43510898bbb.js" async=""></script><script src="/_next/static/chunks/app/layout-9fc24027bc047aa2.js" async=""></script><script src="/_next/static/chunks/972-6e520d137ef194fb.js" async=""></script><script src="/_next/static/chunks/app/page-cc829e051925e906.js" async=""></script><script src="/_next/static/chunks/app/template-d264bab5e3061841.js" async=""></script><script src="/_next/static/chunks/e37a0b60-b74be3d42787b18d.js" async=""></script><script src="/_next/static/chunks/904-dbddf7494c3e6975.js" async=""></script><script src="/_next/static/chunks/549-c87c1c3bbacc319f.js" async=""></script><script src="/_next/static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js" async=""></script><link rel="preload" href="/assets/javascript/uswds-init.min.js" as="script"/><link rel="preload" href="/assets/javascript/uswds.min.js" as="script"/><title>Federal Risk and Authorization Management Program (FedRAMP) | CMS Information Security &amp; Privacy Group</title><meta name="description" content="Provides a federally-recognized and standardized security framework for all cloud products and services"/><link rel="canonical" href="https://security.cms.gov/learn/fedramp"/><meta name="google-site-verification" content="GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M"/><meta property="og:title" content="Federal Risk and Authorization Management Program (FedRAMP) | CMS Information Security &amp; Privacy Group"/><meta property="og:description" content="Provides a federally-recognized and standardized security framework for all cloud products and services"/><meta property="og:url" content="https://security.cms.gov/learn/fedramp"/><meta property="og:image:type" content="image/jpeg"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta property="og:image" content="https://security.cms.gov/learn/fedramp/opengraph-image.jpg?d21225707c5ed280"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="Federal Risk and Authorization Management Program (FedRAMP) | CMS Information Security &amp; Privacy Group"/><meta name="twitter:description" content="Provides a federally-recognized and standardized security framework for all cloud products and services"/><meta name="twitter:image:type" content="image/jpeg"/><meta name="twitter:image:width" content="1200"/><meta name="twitter:image:height" content="630"/><meta name="twitter:image" content="https://security.cms.gov/learn/fedramp/opengraph-image.jpg?d21225707c5ed280"/><link rel="icon" href="/favicon.ico" type="image/x-icon" sizes="48x48"/><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds-init.min.js",{}])</script><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body><a class="usa-skipnav" href="#main">Skip to main content</a><section class="usa-banner" aria-label="Official website of the United States government"><div class="usa-accordion"><header class="usa-banner__header"><div class="usa-banner__inner"><div class="grid-col-auto"><img aria-hidden="true" alt="" loading="lazy" width="16" height="11" decoding="async" data-nimg="1" class="usa-banner__header-flag" style="color:transparent" srcSet="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=16&amp;q=75 1x, /_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75 2x" src="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75"/></div><div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"><p class="usa-banner__header-text">An official website of the United States government</p><p class="usa-banner__header-action">Here&#x27;s how you know</p></div><button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default-default"><span class="usa-banner__button-text">Here&#x27;s how you know</span></button></div></header><div class="usa-banner__content usa-accordion__content" id="gov-banner-default-default" hidden=""><div class="grid-row grid-gap-lg"><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-dot-gov.3e9cb1b5.svg"/><div class="usa-media-block__body"><p><strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States.</p></div></div><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-https.e7f1a222.svg"/><div class="usa-media-block__body"><p><strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> (<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"><title id="banner-lock-title-default">Lock</title><desc id="banner-lock-description-default">Locked padlock icon</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"></path></svg></span>) or <strong>https://</strong> means you&#x27;ve safely connected to the .gov website. Share sensitive information only on official, secure websites.</p></div></div></div></div></div></section><div class="usa-overlay"></div><header class="usa-header usa-header--extended"><div class="bg-primary-dark"><div class="usa-navbar"><div class="usa-logo padding-y-4 padding-right-3" id="CyberGeek-logo"><a title="CMS CyberGeek Home" href="/"><img alt="CyberGeek logo" fetchPriority="high" width="298" height="35" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a></div><button aria-label="Open menu" type="button" class="usa-menu-btn" data-cy="menu-button">Menu</button></div></div><nav aria-label="Primary navigation" class="usa-nav padding-0 desktop:width-auto bg-white grid-container float-none"><div class="usa-nav__inner"><button type="button" class="usa-nav__close margin-0"><img alt="Close" loading="lazy" width="24" height="24" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/close.1fafc2aa.svg"/></button><ul class="usa-nav__primary usa-accordion"><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="roles"><span>Roles</span></button><ul id="roles" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Roles</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/information-system-security-officer-isso">Information System Security Officer (ISSO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook"><span>ISSO Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos"><span>Getting started (for new ISSOs)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-mentorship-program"><span>ISSO Mentorship Program</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#training"><span>ISSO Training</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/data-guardian">Data Guardian</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/data-guardian-handbook"><span>Data Guardian Handbook</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cyber-risk-advisor-cra">Cyber Risk Advisor (CRA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters"><span>Risk Management Handbook (RMH)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/business-system-owner">Business / System Owner (BO/SO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity and Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-service"><span>ISSO As A Service</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="compliance-authorization"><span>Compliance &amp; Authorization</span></button><ul id="compliance-authorization" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Compliance &amp; Authorization</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/authorization-operate-ato">Authorization to Operate (ATO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato"><span>About ATO at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#types-of-authorizations"><span>Types of authorizations</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#ato-stakeholders"><span>ATO stakeholders</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#related-documents-and-resources"><span>ATO tools and resources</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-technical-reference-architecture-tra"><span>CMS Technical Reference Architecture (TRA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/ongoing-authorization-oa">Ongoing Authorization (OA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa"><span>About OA at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa"><span>OA eligibility requirements</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Assessments &amp; Audits</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/security-impact-analysis-sia"><span>Security Impact Analysis (SIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-audits"><span>System Audits</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="policy-guidance"><span>Policy &amp; Guidance</span></button><ul id="policy-guidance" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Policy &amp; Guidance</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cms-policies-and-guidance">CMS Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-acceptable-risk-safeguards-ars"><span>CMS Acceptable Risk Safeguards (ARS)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-systems-security-privacy-policy-is2p2"><span>CMS Information Security and Privacy Policy (IS2P2)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-risk-management-framework-rmf"><span>CMS Risk Management Framework (RMF)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/email-encryption-requirements-cms"><span>CMS Email Encryption</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/federal-policies-and-guidance">Federal Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/national-institute-standards-and-technology-nist"><span>National Institute of Standards and Technology (NIST)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/federal-information-security-modernization-act-fisma"><span>Federal Information Security Modernization Act (FISMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/fedramp"><span>Federal Risk and Authorization Management Program (FedRAMP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="system-security"><span>System Security</span></button><ul id="system-security" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">System Security</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/application-security">Application Security</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/software-bill-materials-sbom"><span>Software Bill of Materials (SBOM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/security-operations">Security Operations</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir"><span>Incident Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/risk-management-and-reporting">Risk Management and Reporting</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/plan-action-and-milestones-poam"><span>Plan of Action and Milestones (POA&amp;M)</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="privacy"><span>Privacy</span></button><ul id="privacy" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Privacy</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Agreements</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Activities</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/breach-response"><span>Breach Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-records-notice-sorn"><span>System of Records Notice (SORN)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Resources</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/ispg/privacy"><span>Privacy at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-breach-response-handbook"><span>CMS Breach Response Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/health-insurance-portability-and-accountability-act-1996-hipaa"><span>Health Insurance Portability and Accessibility Act (HIPAA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-privacy-impact-assessment-pia-handbook"><span>CMS Privacy Impact Assessment (PIA) Handbook</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="tools-services"><span>Tools &amp; Services</span></button><ul id="tools-services" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Tools &amp; Services</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Reporting &amp; Compliance</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/isso-service"><span>ISSO As A Service</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-fisma-continuous-tracking-system-cfacts"><span>CFACTS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports and Dashboards</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">System Security</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-security-data-lake-sdl"><span>CMS Security Data Lake (SDL)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Tests &amp; Assessments</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li></ul></section></div></li></ul></li></ul><div class="usa-nav__secondary padding-left-2"><section aria-label="Header search box"><form class="usa-search usa-search--small" role="search" action="/search"><label class="usa-sr-only" for="header-search-box">Search</label><input class="usa-input search__input" id="header-search-box" type="search" name="ispg[query]"/><button aria-label="header search box button" class="usa-button" id="header-search-box-btn" type="submit"><svg aria-describedby="searchIcon" class="usa-icon" aria-hidden="true" focusable="false" role="img"><title id="searchIcon">Search</title><use href="/assets/img/sprite.svg#search"></use></svg></button></form></section></div></div></nav></header><main id="main"><div id="template"><!--$--><!--/$--><section class="hero hero--theme-explainer undefined"><div class="maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7"><div class="tablet:grid-container position-relative "><div class="hero__row grid-row grid-gap"><div class="tablet:grid-col-5 widescreen:position-relative"></div><div class="hero__column tablet:grid-col-7 flow padding-bottom-2"><h1 class="hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2">Federal Risk and Authorization Management Program (FedRAMP)</h1><p class="hero__description">Provides a federally-recognized and standardized security framework for all cloud products and services</p><div class="hero__meta radius-lg padding-x-2 padding-y-1 bg-white font-sans-2xs line-height-sans-5 display-inline-block text-primary-darker">Contact: <span class="text-bold">CMS FedRAMP PMO</span><span class="hidden-mobile"> | </span><span class="break-mobile"><a href="mailto:FedRAMP@cms.hhs.gov">FedRAMP@cms.hhs.gov</a></span></div></div><div class="tablet:position-absolute tablet:top-0"><div class="[ flow ] bg-primary-light radius-lg padding-2 text-base-darkest maxw-mobile"><div class="display-flex flex-align-center font-sans-lg margin-bottom-2 text-italic desktop:text-no-wrap"><img alt="slack logo" loading="lazy" width="21" height="21" decoding="async" data-nimg="1" class="display-inline margin-right-1" style="color:transparent" src="/_next/static/media/slackLogo.f5836093.svg"/>CMS Slack Channel</div><ul class="add-list-reset"><li class="line-height-sans-5 margin-top-0">#fedramp</li></ul></div></div></div></div></div></section><div class="grid-container"><div class="grid-row grid-gap margin-top-5"><div class="tablet:grid-col-4"><nav class="table-of-contents overflow-y-auto overflow-x-hidden position-sticky top-3 padding-1 radius-lg shadow-2 display-none tablet:display-block" aria-label="Table of contents"><div class="text-uppercase text-bold border-bottom border-base-lighter padding-bottom-1">Table of Contents</div><p class="text-italic text-base font-sans-xs">No table of content entries to display.</p></nav></div><div class="tablet:grid-col-8 content"><section><div class="text-block text-block--theme-explainer"><h2>What is FedRAMP?</h2><p>The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative that was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP offers a standardized approach to security assessments, security authorization, and continuous monitoring for cloud products and services. It is designed to:</p><ul><li>Reduce duplicative efforts, inconsistencies, and cost inefficiencies.</li><li>Establish public-private partnerships that promote innovation and security.</li><li>Enable the federal government to accelerate the adoption of cloud computing.</li><li>Create transparent standards and processes for security authorizations.</li><li>Allow agencies to leverage security authorizations on a government-wide scale.</li></ul><h3>Who supports FedRAMP at CMS?</h3><p>The <strong>CMS FedRAMP Program Management Office (PMO)</strong> is made up of members of the Information Security and Privacy Group (ISPG). The team works on the procedures to obtain FedRAMP authorization and perform continuous monitoring for cloud services.</p><h3>FedRAMP versus FISMA</h3><p>There may be some confusion about the difference between the FedRAMP program and the Federal Information Security Modernization Act (FISMA). While these two federal policies have a lot in common, there are important differences that users need to be aware of.</p><p>The Federal Information Security Modernization Act (FISMA) was enacted in 2002 as an effort to modernize all federal government information systems. When thinking about FISMA and FedRAMP, its important to remember that FISMA guidance applies to <strong>all technologies and systems</strong> while FedRAMP deals exclusively with <strong>cloud service offerings</strong>. Other differences include:</p><ul><li>While both FedRAMP and FISMA follow <a href="https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final">NIST security guidance from 800-53</a>, FedRAMP has additional, cloud-specific controls.</li><li>The FISMA boundary encompasses the full system, which can include 1 or more cloud service offerings; the FedRAMP boundary is exclusively for the cloud service offering and may include the full stack (infrastructure, platform and software) or just parts.</li><li>FedRAMP requires a Third Party Assessment Organization (3PAO), certified through GSA FedRAMP Program Management Office (PMO), to provide initial and periodic assessments of cloud systems based on federal security requirements; FISMA does not.</li><li>FedRAMP authorization can be leveraged by multiple agencies, while FISMA authorization is agency specific.</li></ul><h2>How to obtain a FedRAMP Authorization</h2><p>The primary way in which a cloud service can obtain a FedRAMP authorization is through an Agency authorization:</p><h3>Agency ATO</h3><p>Any federal agency can work with a cloud services provider to provide an ATO for the cloud service and submit the package to the FedRAMP Program Management Office (PMO) for authorization. Agency Authorization also provides the additional benefit of collaborative continuous monitoring efforts. To get involved in any of these meetings for systems not sponsored by CMS, the ISSO should email the vendor's compliance team which is available at <a href="https://protect2.fireeye.com/v1/url?k=e6b3442c-b9287cf8-e6b37513-0cc47a6d17cc-9740d5f381df0fc2&amp;q=1&amp;e=1ffe8a40-245c-4062-b770-f0b8bc889bc6&amp;u=http%3A%2F%2Fmarketplace.fedramp.gov%2F">marketplace.fedramp.gov</a> (Click on the vendor. Contact info is to the left).</p><h2>FedRAMP Authorization levels</h2><p>FedRAMP follows the Federal Information Process Stands (FIPS) 199 for the categorization of the baseline requirements as:</p><h3>Low</h3><p>This FedRAMP baseline was developed to authorize low impact industry solutions that do not contain any sensitive personally identifiable information (PII), including Low-Impact Software as a Service (Li-SaaS).</p><h3>Moderate</h3><p>The moderate level is for cloud service offerings where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agencys operations, assets, or individuals. Serious adverse effects at the moderate level could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.</p><h3>High</h3><p>The high level is typically reserved for law enforcement and emergency services systems, financial systems, health systems, and any other system where loss of confidentiality, integrity, or availability could have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. The high level holds the governments most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin.</p></div><div class="text-block text-block--theme-explainer"><h2>Is FedRAMP Authorization required?</h2><p>Yes, according to an <a href="https://www.fedramp.gov/assets/resources/documents/FedRAMP_Policy_Memo.pdf">OMB Memorandum</a>, any cloud service that holds federal data <strong>must</strong> be FedRAMP authorized. Existing FedRAMP authorized cloud services can be viewed in the FedRAMP Marketplace.</p><p><strong>There are exceptions to the authorization requirements above. </strong>If a cloud service offering meets <strong>all</strong> of the following criteria, it can be implemented by CMS without a FedRAMP Authorization:</p><ul><li>The offering has a private cloud deployment model (i.e., the cloud environment is operated solely for the use at CMS).</li><li>The offering is privately implemented within a managed CMS general services system (i.e., within CMS Cloud).</li><li>The offering does not provide cloud services from the cloud-based information system to any external entities (including bureaus, components, or subordinate organizations within their agencies).</li></ul><p>In the event that your chosen cloud service offering does not require a FedRAMP Authorization, you should continue to comply with the current FISMA requirements and the appropriate NIST security standards and guidelines for your private cloud-based information system.</p><h2>FedRAMP Authorization best practices</h2><p>There are some important steps you can take to make sure your FedRAMP Authorization efforts are successful:</p><h3>Reach out to teams who can help</h3><p>Making an effort to reach out to others who can help you determine the appropriate next steps for FedRAMP Authorization will make the process easier and help you avoid delays.</p><ul><li>Contact the <a href="https://cloud.cms.gov/">CMS Cloud</a> team to see if their solution meets your needs.</li><li>Contact the CMS FedRAMP PMO if you're thinking of using a different cloud service.</li><li>Contact the Technical Review Board to discuss the necessary steps to ensure the proper architecture and security to protect government data.</li></ul><h3>Define the Authorization Boundary</h3><p>Cloud Service Providers (CSPs) must have an authorization boundary diagram that depicts their scope of control over the system components, as well as interconnections to leveraged services external to the boundary. A well-defined boundary allows the stakeholders to understand data flows and how it's protected.</p><h3>Engage the CMS FedRAMP PMO</h3><p>CMS stakeholders and CSPs interested in using a cloud offering or provider that does not have a FedRAMP authorization should engage the CMS FedRAMP PMO early and often. A list of approved cloud service offerings and providers can be found here on this page, or on the <a href="https://marketplace.fedramp.gov/">FedRAMP Marketplace</a>.</p><h3>Provide transparency into security</h3><p>CSPs should clearly communicate how a cloud service impacts federal information and provide CMS stakeholders insight into a systems architecture.</p><h3>Develop mature processes</h3><p>Business Owners and CSPs have a responsibility to perform continuous monitoring and maintain a systems security posture, requiring mature security processes. The CMS FedRAMP PMO can support stakeholders in this process and answer questions.</p><h3>Describe how security requirements are met</h3><p>CSPs should describe how they manage and support security and what protections they have in place to achieve a level of security sufficient for CMS systems. In addition to the FedRAMP baseline, the CSP will also have to meet CMS baseline security requirements to receive an Authority to Operate (ATO).</p></div><div class="text-block text-block--theme-explainer"><h2>Choosing a cloud service provider or offering</h2><p>When selecting a cloud service offering or provider, you can either use a service that has been FedRAMP authorized, or you can choose to sponsor the initial authorization with a CMS Agency Authorization for a cloud service offering.</p><h3>Sponsoring a new cloud service provider or offering</h3><p>Sponsoring a cloud service will require a CMS Authorization to Operate (ATO), which will take time. Additionally, a new cloud service provider will need to navigate through the FedRAMP Authorization process. This will add more time to production and will require monthly continuous monitoring responsibilities.</p><p>There are a number of important requirements you must meet if youre interested in sponsoring a cloud service offering for FedRAMP Authorization at CMS:</p><ul><li>The CSP is <strong>recommended </strong>to use Open Security Controls Assessment Language (<a href="https://www.fedramp.gov/using-the-fedramp-oscal-resources-and-templates/"><strong>OSCAL</strong></a>) for documentation.</li><li>It is <strong>recommended</strong> that the CSP has an independent FedRAMP Readiness Assessment already in place.</li><li>The Business Owner and ISSO must commit to the management of the authorization and continuous monitoring process.</li><li><a href="https://cloud.cms.gov/">CMS Cloud</a> can provide the underlying infrastructure and platform needed to host the application.</li></ul></div><div><ol class="usa-process-list"><li class="usa-process-list__item"><h4 class="usa-process-list__heading">CMS Rapid Cloud Review (RCR)</h4><div class="margin-top-05 usa-process-list__description"><p>CMS has developed a RCR process to provide an initial security review of the cloud service. This is done by the CMS Software as a Service Governance (SaaSG) team. The cloud service should be assessed through the RCR process.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">FedRAMP Readiness Assessment</h4><div class="margin-top-05 usa-process-list__description"><p>We highly recommend a FedRAMP Readiness Assessment from an accredited Third-Party Assessment Organization (3PAO) to evaluate your readiness for FedRAMP.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Fully built environment </h4><div class="margin-top-05 usa-process-list__description"><p>The cloud service environment must be fully built out and ready before the agency will commit to sponsoring the cloud service.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">FedRAMP Security Controls Compliance</h4><div class="margin-top-05 usa-process-list__description"><p>&nbsp;Your cloud services must comply with all security controls as outlined in the FedRAMP Security Assessment Framework (SAF), which includes controls from the National Institute of Standards and Technology (NIST)Special Publication (SP) 800-53 Revision 5.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">CMS Security Controls Compliance</h4><div class="margin-top-05 usa-process-list__description"><p>In addition to FedRAMP security requirements, the cloud service must also meet the requirements of the CMS Acceptable Risks and Safeguards (ARS) implementation of the NIST SP800-53 Rev. 5 controls.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Identify Subject Matter Experts</h4><div class="margin-top-05 usa-process-list__description"><p>Identify subject matter experts on your cloud team that will support the creation of FedRAMP documentation and liaison with the agency through the authorization process.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Documentation</h4><div class="margin-top-05 usa-process-list__description"><p>We would require all documentation necessary to support the security controls, such as a System Security and Privacy Plan (SSPP). Developing the SSPP in the Open Security Controls Assessment Language (OSCAL) is recommended.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Commitment of the CMS Business Owner</h4><div class="margin-top-05 usa-process-list__description"><p>The authorization process takes months to complete, so it is essential that the business owner is committed to using the product for the duration of the FedRAMP authorization process.</p></div></li></ol></div><div class="text-block text-block--theme-explainer"><h3>Choosing an existing FedRAMP provider</h3><p>The <a href="https://marketplace.fedramp.gov/">FedRAMP Marketplace</a> is the repository of cloud service providers (CSPs) and cloud service offerings (CSOs) that are:</p><p><strong>FedRAMP Authorized</strong> - CSO is authorized for FedRAMP</p><p><strong>FedRAMP Ready</strong> - CSP is not yet authorized for FedRAMP, but the CSP have completed their FedRAMP Readiness Assessment Report (RAR) and is ready to partner with an Agency (such as CMS)</p><p><strong>FedRAMP In Process - </strong>CSO is being reviewed for an Authority to Operate (ATO) by an Agency or the FedRAMP Joint Authorization Board (JAB)</p><p>"FedRAMP Ready" status for new CSPs that are not FedRAMP Authorized is highly recommended. This status indicates that a 3PAO has reviewed documentation from the CSP and provided a readiness report. This can be requested for review as part of evaluating the selection of a CSO.</p><h2>FedRAMP Package Request process</h2><p>The FedRAMP Package provides security posture details for a cloud service that has been FedRAMP Authorized. You may want to request a FedRAMP package if you are using, considering, and/or assessing a cloud service offering. Initial access to the package lasts for 60 days. Permanent access can be granted if the agency has an ATO letter on file with the FedRAMP Program Management Office (PMO). According to the FedRAMP Authorization Act, all systems that directly leverage a FedRAMP-authorized cloud service must include this in an ATO and notify the CMS FedRAMP PMO (<a href="mailto:fedramp@cms.hhs.gov">fedramp@cms.hhs.gov</a>) of the authorization and changes to the authorization, including renewals and revokation.</p><p><em>Note: Creating a request for a FedRAMP Package requires a Max.gov account. Follow the steps below:</em></p></div><div><ol class="usa-process-list"><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Start package request form</h4><div class="margin-top-05 usa-process-list__description"><p>Use the <a href="https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf">FedRAMP Package Request Access form</a> on the FedRAMP website. This is a digital form that you can complete and sign from your computer. Start by filling out "User Information" at the top.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Add details about the package</h4><div class="margin-top-05 usa-process-list__description"><p>For filling out the “Requested Package” section, you can find details about the package on the <a href="https://marketplace.fedramp.gov/">FedRAMP Marketplace</a>. This will include:</p><ul><li>Name of Package (Cloud Service Name)</li><li>Package ID (FedRAMP Package ID)</li><li>If requesting permanent access to a package, please include this note following the listing of the FedRAMP Package ID. *Please see requirements for requesting permanent access in the section above.&nbsp;</li><li>If requesting access to multiple packages, you may include all FedRAMP Package ID's on one form.</li></ul></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">SKIP &quot;Access Authorization&quot;</h4><div class="margin-top-05 usa-process-list__description"><p>This part is completed by HHS. Leave it blank and move on to the next section.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Agree and sign</h4><div class="margin-top-05 usa-process-list__description"><p>In the next section - “Agreement for Package Review” - initial every line and then digitally sign the document using your CMS PIV.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">SKIP &quot;Agreement for FedRAMP Approver&quot;</h4><div class="margin-top-05 usa-process-list__description"><p>This part is completed by HHS. Leave it blank and move on to the next section.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Contractors complete Attachment A</h4><div class="margin-top-05 usa-process-list__description"><p>If youre a federal contractor, you must complete “Attachment A: Federal Contractor Non-Disclosure Agreement for FedRAMP”. Fill in your name in the first paragraph, read the agreement carefully, then digitally sign at the bottom using your CMS PIV (and date). If youre not a federal contractor, you can skip this part.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Create Max.gov account</h4><div class="margin-top-05 usa-process-list__description"><p>Youre done with the package request form. Now you must create an account at <a href="https://portal.max.gov/portal/home">Max.gov</a> if you dont already have one this is where the packages are stored. Once you have an account, move on to the last step.</p></div></li><li class="usa-process-list__item"><h4 class="usa-process-list__heading">Submit request via ServiceNow</h4><div class="margin-top-05 usa-process-list__description"><p>Open a CMS ServiceNow request ticket using the <a href="https://cmsitsm.servicenowservices.com/connect?page=cat_item&amp;sys_id=3dff10441b94f8100888ed7bbc4bcb8a&amp;sysparm_category=5d2681841b17e0100888ed7bbc4bcb7f">FedRAMP ServiceNow Request</a>. Add the details of the package you are requesting, and attach the package request form that you filled out and digitally signed.</p></div></li></ol><div class="margin-top-105"><p>Once youve completed the steps above, the package request will be sent through the approval process with the Department and with the FedRAMP PMO. You will receive confirmation once your access is granted. Please allow a couple of weeks for approval time.</p></div></div><div class="text-block text-block--theme-explainer"><h2>Products</h2></div><section class="callout callout--type-explainer [ flow ] font-size-md radius-lg line-height-sans-5"><h1 class="callout__header text-bold font-sans-lg"><svg class="usa-icon" aria-hidden="true" focusable="false" role="img"><use href="/assets/img/sprite.svg#info_outline"></use></svg>See all approved FedRAMP Products</h1><p>The FedRAMP Marketplace provides a searchable and sortable database of Cloud Service Offerings (CSOs) that have achieved a FedRAMP designation, a list of federal agencies using FedRAMP Authorized CSOs, and FedRAMP recognized auditors (3PAOs) that can perform a FedRAMP assessment. </p><p><a href="https://marketplace.fedramp.gov/agencies/22-005-06">Go to the FedRAMP Marketplace</a></p></section><div class="text-block text-block--theme-explainer"><h3>CMS Sponsored Initial Authorization FedRAMP Products</h3><table><tbody><tr><td><strong>Cloud Service Provider</strong></td><td><strong>Cloud Service Offering</strong></td><td><strong>FedRAMP ID</strong></td><td><strong>Type</strong></td><td><strong>Service Model</strong></td></tr><tr><td>Databricks</td><td>Databricks on AWS East/West</td><td><a href="https://marketplace.fedramp.gov/products/FR1834740315">FR1834740315</a></td><td>Agency*</td><td>PaaS, SaaS</td></tr><tr><td>LauchDarkly</td><td>LauchDarkly</td><td><a href="https://marketplace.fedramp.gov/products/FR2120962552">FR2120962552</a></td><td>Agency*</td><td>SaaS</td></tr><tr><td>Nucleus</td><td>Nucleus for Government</td><td><a href="https://marketplace.fedramp.gov/products/FR2134455708">FR2134455708</a></td><td>Agency*</td><td>SaaS</td></tr><tr><td>Saviynt, Inc.</td><td>Enterprise Identity Cloud (EIC)</td><td><a href="https://marketplace.fedramp.gov/products/FR1821062403">FR1821062403</a></td><td>Agency*</td><td>SaaS</td></tr><tr><td>Snowflake Inc.</td><td>The DataCloud on AWS US East/West</td><td><a href="https://marketplace.fedramp.gov/products/FR1809360201">FR1809360201</a></td><td>Agency*</td><td>SaaS</td></tr><tr><td>Snowflake Inc.</td><td>The DataCloud on Azure Government</td><td><a href="https://marketplace.fedramp.gov/products/FR1809360202">FR1809360202</a></td><td>Agency*</td><td>SaaS</td></tr></tbody></table></div><div class="text-block text-block--theme-explainer"><h3>CMS Sponsored Products -- In Process</h3><table><tbody><tr><td><strong>Cloud Service Provider (CSP)</strong></td><td><strong>Cloud Service Offering (CSO)</strong></td><td><strong>FIPS-199 Security Categorization</strong></td><td><strong>Cloud Service Model</strong></td><td><strong>CMS Agency Authorization</strong></td><td><strong>FedRAMP Marketplace Status</strong></td><td><strong>FedRAMP Marketplace ID</strong></td></tr><tr><td>Alation</td><td>Alation Cloud Service</td><td>Moderate</td><td>SaaS</td><td>Agency Review</td><td>"In-Process"</td><td><a href="https://marketplace.fedramp.gov/products/FR2411862686">FR2411862686</a></td></tr><tr><td>AppOmni</td><td>AppOmni SaaS Security for Government</td><td>Moderate</td><td>SaaS</td><td>Agency Review</td><td>"In-Process"</td><td><a href="https://marketplace.fedramp.gov/products/FR2431264500">FR2431264500</a></td></tr><tr><td>Axonius</td><td>Axonius Platform</td><td>Moderate</td><td>SaaS</td><td>Agency Finalization</td><td>"In-Process"</td><td><a href="https://marketplace.fedramp.gov/products/FR2401047002">FR2401047002</a></td></tr><tr><td>Snyk</td><td>Snyk for Government</td><td>Moderate</td><td>SaaS</td><td>Agency Finalization</td><td>"In-Process"</td><td><a href="https://marketplace.fedramp.gov/products/FR2230451369">FR2230451369</a></td></tr><tr><td>Talkdesk</td><td>Talkdesk CX Cloud Government Ed.</td><td>Moderate</td><td>SaaS</td><td>Agency Review</td><td>"In-Process"</td><td><a href="https://marketplace.fedramp.gov/products/FR2213647361">FR2213647361</a></td></tr></tbody></table></div></section></div></div></div><div class="cg-cards grid-container"><h2 class="cg-cards__heading" id="related-documents-and-resources">Related documents and resources</h2><ul aria-label="cards" class="usa-card-group"><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/cms-cloud-services">CMS Cloud Services</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Platform-As-A-Service with tools, security, and support services designed specifically for CMS</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/authorization-operate-ato">Authorization to Operate (ATO)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Testing and documenting system security and compliance to gain approval to operate the system at CMS</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/zero-trust">Zero Trust </a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Security paradigm that requires the continuous verification of system users to promote system security</p></div></div></li><li class="usa-card grid-col-12 tablet:grid-col-4"><div class="usa-card__container "><div class="usa-card__header"><h3 class="margin-top-1 line-height-sans-2 text-bold text-base-darkest"><a class="usa-card__link text-no-underline" href="/learn/saas-governance-saasg">SaaS Governance (SaaSG)</a></h3></div><div class="usa-card__body font-sans-2xs line-height-sans-4 text-base-darkest"><p>Considerations and guidelines for CMS business units wanting to use SaaS applications</p></div></div></li></ul></div></div></main><footer class="usa-footer usa-footer--slim"><div class="grid-container"><div class="grid-row flex-align-end"><div class="grid-col"><div class="usa-footer__return-to-top"><a class="font-sans-xs" href="#">Return to top</a></div></div><div class="grid-col padding-bottom-2 padding-top-4 display-flex flex-justify-end"><a class="usa-button" href="/feedback">Give feedback</a></div></div></div><div class="usa-footer__primary-section"><div class="usa-footer__primary-container grid-row"><div class="tablet:grid-col-3"><a class="usa-footer__primary-link" href="/"><img alt="CyberGeek logo" loading="lazy" width="142" height="26" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a><p class="usa-footer__logo-heading display-none tablet-lg:display-block">The official website of the CMS Information Security and Privacy Group (ISPG)</p></div><div class="tablet:grid-col-12 tablet-lg:grid-col-9"><nav class="usa-footer__nav" aria-label="Footer navigation,"><ul class="grid-row grid-gap"><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="/learn/about-ispg-cybergeek">What is CyberGeek?</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/privacy">Privacy policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/about-cms/information-systems/privacy/vulnerability-disclosure-policy">CMS Vulnerability Disclosure Policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/About-CMS/Agency-Information/Aboutwebsite/Policiesforaccessibility">Accessibility</a></li></ul></nav></div></div></div><div class="usa-footer__secondary-section"><div class="grid-container"><div class="usa-footer__logo grid-row grid-gap-2"><div class="mobile-lg:grid-col-3"><a href="https://www.cms.gov/"><img alt="CMS homepage" loading="lazy" width="124" height="29" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/cmsLogo.10a64ce4.svg"/></a></div><div class="mobile-lg:grid-col-7"><p class="font-sans-3xs line-height-sans-3">A federal government website managed and paid for by the U.S. Centers for Medicare &amp; Medicaid Services.</p><address class="font-sans-3xs line-height-sans-3">7500 Security Boulevard, Baltimore, MD 21244</address></div></div></div></div></footer><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds.min.js",{}])</script><script src="/_next/static/chunks/webpack-182b67d00f496f9d.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/ef46db3751d8e999.css\",\"style\"]\n2:HL[\"/_next/static/css/0759e90f4fecfde7.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"3:I[5751,[],\"\"]\n6:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\nb:I[6130,[],\"\"]\n7:[\"slug\",\"fedramp\",\"d\"]\nc:[]\n0:[\"$\",\"$L3\",null,{\"buildId\":\"m9SaS4P6zugJbBHpXSk5Y\",\"assetPrefix\":\"\",\"urlParts\":[\"\",\"learn\",\"fedramp\"],\"initialTree\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"fedramp\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[\"learn\",{\"children\":[[\"slug\",\"fedramp\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L4\",\"$L5\",null],null],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"learn\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/ef46db3751d8e999.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/0759e90f4fecfde7.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],\"$L9\"],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$La\"],\"globalErrorComponent\":\"$b\",\"missingSlots\":\"$Wc\"}]\n"])</script><script>self.__next_f.push([1,"d:I[4080,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"\"]\ne:I[8173,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"Image\"]\nf:I[7529,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n11:I[231,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"\"]\n12:I[7303,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n13:I[8521,[\"489\",\"static/chunks/app/template-d264bab5e3061841.js\"],\"default\"]\n14:I[5922,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"default\"]\n15:I[7182,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n16:I[4180,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"TealiumTagManager\"]\n10:Tdced,"])</script><script>self.__next_f.push([1,"{\"id\":\"mega-menu\",\"linkset\":{\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87},\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87,\"tree\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]}]}"])</script><script>self.__next_f.push([1,"9:[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[[\"$\",\"head\",null,{\"children\":[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds-init.min.js\",\"strategy\":\"beforeInteractive\"}]}],[\"$\",\"body\",null,{\"children\":[[[\"$\",\"a\",null,{\"className\":\"usa-skipnav\",\"href\":\"#main\",\"children\":\"Skip to main content\"}],[\"$\",\"section\",null,{\"className\":\"usa-banner\",\"aria-label\":\"Official website of the United States government\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-accordion\",\"children\":[[\"$\",\"header\",null,{\"className\":\"usa-banner__header\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-banner__inner\",\"children\":[[\"$\",\"div\",null,{\"className\":\"grid-col-auto\",\"children\":[\"$\",\"$Le\",null,{\"aria-hidden\":\"true\",\"className\":\"usa-banner__header-flag\",\"src\":\"/assets/img/us_flag_small.png\",\"alt\":\"\",\"width\":\"16\",\"height\":\"11\"}]}],[\"$\",\"div\",null,{\"className\":\"grid-col-fill tablet:grid-col-auto\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"p\",null,{\"className\":\"usa-banner__header-text\",\"children\":\"An official website of the United States government\"}],[\"$\",\"p\",null,{\"className\":\"usa-banner__header-action\",\"children\":\"Here's how you know\"}]]}],[\"$\",\"button\",null,{\"type\":\"button\",\"className\":\"usa-accordion__button usa-banner__button\",\"aria-expanded\":\"false\",\"aria-controls\":\"gov-banner-default-default\",\"children\":[\"$\",\"span\",null,{\"className\":\"usa-banner__button-text\",\"children\":\"Here's how you know\"}]}]]}]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__content usa-accordion__content\",\"id\":\"gov-banner-default-default\",\"hidden\":true,\"children\":[\"$\",\"div\",null,{\"className\":\"grid-row grid-gap-lg\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-dot-gov.3e9cb1b5.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Official websites use .gov\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\".gov\"}],\" website belongs to an official government organization in the United States.\"]}]}]]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-https.e7f1a222.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Secure .gov websites use HTTPS\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\"lock\"}],\" (\",[\"$\",\"span\",null,{\"className\":\"icon-lock\",\"children\":[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":\"52\",\"height\":\"64\",\"viewBox\":\"0 0 52 64\",\"className\":\"usa-banner__lock-image\",\"role\":\"img\",\"aria-labelledby\":\"banner-lock-description-default\",\"focusable\":\"false\",\"children\":[[\"$\",\"title\",null,{\"id\":\"banner-lock-title-default\",\"children\":\"Lock\"}],[\"$\",\"desc\",null,{\"id\":\"banner-lock-description-default\",\"children\":\"Locked padlock icon\"}],[\"$\",\"path\",null,{\"fill\":\"#000000\",\"fillRule\":\"evenodd\",\"d\":\"M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z\"}]]}]}],\") or \",[\"$\",\"strong\",null,{\"children\":\"https://\"}],\" means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.\"]}]}]]}]]}]}]]}]}]],[\"$\",\"$Lf\",null,{\"value\":\"$10\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-overlay\"}],[\"$\",\"header\",null,{\"className\":\"usa-header usa-header--extended\",\"children\":[[\"$\",\"div\",null,{\"className\":\"bg-primary-dark\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-navbar\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-logo padding-y-4 padding-right-3\",\"id\":\"CyberGeek-logo\",\"children\":[\"$\",\"$L11\",null,{\"href\":\"/\",\"title\":\"CMS CyberGeek Home\",\"children\":[\"$\",\"$Le\",null,{\"src\":{\"src\":\"/_next/static/media/CyberGeek-logo.8e9bbd2b.svg\",\"height\":50,\"width\":425,\"blurWidth\":0,\"blurHeight\":0},\"alt\":\"CyberGeek logo\",\"width\":\"298\",\"height\":\"35\",\"priority\":true}]}]}],[\"$\",\"button\",null,{\"aria-label\":\"Open menu\",\"type\":\"button\",\"className\":\"usa-menu-btn\",\"data-cy\":\"menu-button\",\"children\":\"Menu\"}]]}]}],[\"$\",\"$L12\",null,{}]]}]]}],[\"$\",\"main\",null,{\"id\":\"main\",\"children\":[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L13\",null,{\"children\":[\"$\",\"$L8\",null,{}]}],\"templateStyles\":[],\"templateScripts\":[],\"notFound\":[\"$\",\"section\",null,{\"className\":\"hero hero--theme-content-not-found undefined\",\"children\":[[\"$\",\"$Le\",null,{\"alt\":\"404 page not found\",\"className\":\"hero__graphic\",\"priority\":true,\"src\":{\"src\":\"/_next/static/media/content-not-found-graphic.8f104f47.svg\",\"height\":551,\"width\":948,\"blurWidth\":0,\"blurHeight\":0}}],[\"$\",\"div\",null,{\"className\":\"maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7\",\"children\":[\"$\",\"div\",null,{\"className\":\"tablet:grid-container position-relative \",\"children\":[\"$\",\"div\",null,{\"className\":\"hero__row grid-row grid-gap\",\"children\":[[\"$\",\"div\",null,{\"className\":\"tablet:grid-col-5 widescreen:position-relative\",\"children\":[false,false]}],[\"$\",\"div\",null,{\"className\":\"hero__column tablet:grid-col-7 flow padding-bottom-2\",\"children\":[\"$undefined\",\"$undefined\",false,[\"$\",\"h1\",null,{\"className\":\"hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2\",\"children\":\"We can't find that page.\"}],\"$undefined\",\"$undefined\",false,[\"$\",\"div\",null,{\"children\":[[\"$\",\"div\",null,{\"className\":\"hero__description\",\"children\":[[\"The page you're looking for may have been moved or retired. You can\",\" \",[\"$\",\"$L11\",null,{\"href\":\"/\",\"children\":\"visit our home page\"}],\" or use the search box to find helpful resources.\"]]}],[\"$\",\"div\",null,{\"className\":\"margin-top-6 search-container\",\"children\":[\"$\",\"$L14\",null,{\"theme\":\"content-not-found\"}]}]]}],false]}],false,false]}]}]}]]}],\"notFoundStyles\":[]}]}],[\"$\",\"$L15\",null,{}],[\"$\",\"$L16\",null,{}],[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds.min.js\",\"strategy\":\"beforeInteractive\"}]]}]]}]\n"])</script><script>self.__next_f.push([1,"17:I[9461,[\"866\",\"static/chunks/e37a0b60-b74be3d42787b18d.js\",\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"904\",\"static/chunks/904-dbddf7494c3e6975.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"549\",\"static/chunks/549-c87c1c3bbacc319f.js\",\"192\",\"static/chunks/app/learn/%5Bslug%5D/page-5b91cdc45a95ebbe.js\"],\"default\"]\n18:T1356,"])</script><script>self.__next_f.push([1,"\u003ch2\u003eWhat is FedRAMP?\u003c/h2\u003e\u003cp\u003eThe Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative that was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP offers a standardized approach to security assessments, security authorization, and continuous monitoring for cloud products and services. It is designed to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eReduce duplicative efforts, inconsistencies, and cost inefficiencies.\u003c/li\u003e\u003cli\u003eEstablish public-private partnerships that promote innovation and security.\u003c/li\u003e\u003cli\u003eEnable the federal government to accelerate the adoption of cloud computing.\u003c/li\u003e\u003cli\u003eCreate transparent standards and processes for security authorizations.\u003c/li\u003e\u003cli\u003eAllow agencies to leverage security authorizations on a government-wide scale.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eWho supports FedRAMP at CMS?\u003c/h3\u003e\u003cp\u003eThe \u003cstrong\u003eCMS FedRAMP Program Management Office (PMO)\u003c/strong\u003e is made up of members of the Information Security and Privacy Group (ISPG). The team works on the procedures to obtain FedRAMP authorization and perform continuous monitoring for cloud services.\u003c/p\u003e\u003ch3\u003eFedRAMP versus FISMA\u003c/h3\u003e\u003cp\u003eThere may be some confusion about the difference between the FedRAMP program and the Federal Information Security Modernization Act (FISMA). While these two federal policies have a lot in common, there are important differences that users need to be aware of.\u003c/p\u003e\u003cp\u003eThe Federal Information Security Modernization Act (FISMA) was enacted in 2002 as an effort to modernize all federal government information systems. When thinking about FISMA and FedRAMP, its important to remember that FISMA guidance applies to \u003cstrong\u003eall technologies and systems\u003c/strong\u003e while FedRAMP deals exclusively with \u003cstrong\u003ecloud service offerings\u003c/strong\u003e. Other differences include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWhile both FedRAMP and FISMA follow \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\"\u003eNIST security guidance from 800-53\u003c/a\u003e, FedRAMP has additional, cloud-specific controls.\u003c/li\u003e\u003cli\u003eThe FISMA boundary encompasses the full system, which can include 1 or more cloud service offerings; the FedRAMP boundary is exclusively for the cloud service offering and may include the full stack (infrastructure, platform and software) or just parts.\u003c/li\u003e\u003cli\u003eFedRAMP requires a Third Party Assessment Organization (3PAO), certified through GSA FedRAMP Program Management Office (PMO), to provide initial and periodic assessments of cloud systems based on federal security requirements; FISMA does not.\u003c/li\u003e\u003cli\u003eFedRAMP authorization can be leveraged by multiple agencies, while FISMA authorization is agency specific.\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eHow to obtain a FedRAMP Authorization\u003c/h2\u003e\u003cp\u003eThe primary way in which a cloud service can obtain a FedRAMP authorization is through an Agency authorization:\u003c/p\u003e\u003ch3\u003eAgency ATO\u003c/h3\u003e\u003cp\u003eAny federal agency can work with a cloud services provider to provide an ATO for the cloud service and submit the package to the FedRAMP Program Management Office (PMO) for authorization. Agency Authorization also provides the additional benefit of collaborative continuous monitoring efforts. To get involved in any of these meetings for systems not sponsored by CMS, the ISSO should email the vendor's compliance team which is available at \u003ca href=\"https://protect2.fireeye.com/v1/url?k=e6b3442c-b9287cf8-e6b37513-0cc47a6d17cc-9740d5f381df0fc2\u0026amp;q=1\u0026amp;e=1ffe8a40-245c-4062-b770-f0b8bc889bc6\u0026amp;u=http%3A%2F%2Fmarketplace.fedramp.gov%2F\"\u003emarketplace.fedramp.gov\u003c/a\u003e (Click on the vendor. Contact info is to the left).\u003c/p\u003e\u003ch2\u003eFedRAMP Authorization levels\u003c/h2\u003e\u003cp\u003eFedRAMP follows the Federal Information Process Stands (FIPS) 199 for the categorization of the baseline requirements as:\u003c/p\u003e\u003ch3\u003eLow\u003c/h3\u003e\u003cp\u003eThis FedRAMP baseline was developed to authorize low impact industry solutions that do not contain any sensitive personally identifiable information (PII), including Low-Impact Software as a Service (Li-SaaS).\u003c/p\u003e\u003ch3\u003eModerate\u003c/h3\u003e\u003cp\u003eThe moderate level is for cloud service offerings where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agencys operations, assets, or individuals. Serious adverse effects at the moderate level could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.\u003c/p\u003e\u003ch3\u003eHigh\u003c/h3\u003e\u003cp\u003eThe high level is typically reserved for law enforcement and emergency services systems, financial systems, health systems, and any other system where loss of confidentiality, integrity, or availability could have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. The high level holds the governments most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin.\u003c/p\u003e"])</script><script>self.__next_f.push([1,"19:T1356,"])</script><script>self.__next_f.push([1,"\u003ch2\u003eWhat is FedRAMP?\u003c/h2\u003e\u003cp\u003eThe Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative that was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP offers a standardized approach to security assessments, security authorization, and continuous monitoring for cloud products and services. It is designed to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eReduce duplicative efforts, inconsistencies, and cost inefficiencies.\u003c/li\u003e\u003cli\u003eEstablish public-private partnerships that promote innovation and security.\u003c/li\u003e\u003cli\u003eEnable the federal government to accelerate the adoption of cloud computing.\u003c/li\u003e\u003cli\u003eCreate transparent standards and processes for security authorizations.\u003c/li\u003e\u003cli\u003eAllow agencies to leverage security authorizations on a government-wide scale.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eWho supports FedRAMP at CMS?\u003c/h3\u003e\u003cp\u003eThe \u003cstrong\u003eCMS FedRAMP Program Management Office (PMO)\u003c/strong\u003e is made up of members of the Information Security and Privacy Group (ISPG). The team works on the procedures to obtain FedRAMP authorization and perform continuous monitoring for cloud services.\u003c/p\u003e\u003ch3\u003eFedRAMP versus FISMA\u003c/h3\u003e\u003cp\u003eThere may be some confusion about the difference between the FedRAMP program and the Federal Information Security Modernization Act (FISMA). While these two federal policies have a lot in common, there are important differences that users need to be aware of.\u003c/p\u003e\u003cp\u003eThe Federal Information Security Modernization Act (FISMA) was enacted in 2002 as an effort to modernize all federal government information systems. When thinking about FISMA and FedRAMP, its important to remember that FISMA guidance applies to \u003cstrong\u003eall technologies and systems\u003c/strong\u003e while FedRAMP deals exclusively with \u003cstrong\u003ecloud service offerings\u003c/strong\u003e. Other differences include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWhile both FedRAMP and FISMA follow \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\"\u003eNIST security guidance from 800-53\u003c/a\u003e, FedRAMP has additional, cloud-specific controls.\u003c/li\u003e\u003cli\u003eThe FISMA boundary encompasses the full system, which can include 1 or more cloud service offerings; the FedRAMP boundary is exclusively for the cloud service offering and may include the full stack (infrastructure, platform and software) or just parts.\u003c/li\u003e\u003cli\u003eFedRAMP requires a Third Party Assessment Organization (3PAO), certified through GSA FedRAMP Program Management Office (PMO), to provide initial and periodic assessments of cloud systems based on federal security requirements; FISMA does not.\u003c/li\u003e\u003cli\u003eFedRAMP authorization can be leveraged by multiple agencies, while FISMA authorization is agency specific.\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eHow to obtain a FedRAMP Authorization\u003c/h2\u003e\u003cp\u003eThe primary way in which a cloud service can obtain a FedRAMP authorization is through an Agency authorization:\u003c/p\u003e\u003ch3\u003eAgency ATO\u003c/h3\u003e\u003cp\u003eAny federal agency can work with a cloud services provider to provide an ATO for the cloud service and submit the package to the FedRAMP Program Management Office (PMO) for authorization. Agency Authorization also provides the additional benefit of collaborative continuous monitoring efforts. To get involved in any of these meetings for systems not sponsored by CMS, the ISSO should email the vendor's compliance team which is available at \u003ca href=\"https://protect2.fireeye.com/v1/url?k=e6b3442c-b9287cf8-e6b37513-0cc47a6d17cc-9740d5f381df0fc2\u0026amp;q=1\u0026amp;e=1ffe8a40-245c-4062-b770-f0b8bc889bc6\u0026amp;u=http%3A%2F%2Fmarketplace.fedramp.gov%2F\"\u003emarketplace.fedramp.gov\u003c/a\u003e (Click on the vendor. Contact info is to the left).\u003c/p\u003e\u003ch2\u003eFedRAMP Authorization levels\u003c/h2\u003e\u003cp\u003eFedRAMP follows the Federal Information Process Stands (FIPS) 199 for the categorization of the baseline requirements as:\u003c/p\u003e\u003ch3\u003eLow\u003c/h3\u003e\u003cp\u003eThis FedRAMP baseline was developed to authorize low impact industry solutions that do not contain any sensitive personally identifiable information (PII), including Low-Impact Software as a Service (Li-SaaS).\u003c/p\u003e\u003ch3\u003eModerate\u003c/h3\u003e\u003cp\u003eThe moderate level is for cloud service offerings where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agencys operations, assets, or individuals. Serious adverse effects at the moderate level could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.\u003c/p\u003e\u003ch3\u003eHigh\u003c/h3\u003e\u003cp\u003eThe high level is typically reserved for law enforcement and emergency services systems, financial systems, health systems, and any other system where loss of confidentiality, integrity, or availability could have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. The high level holds the governments most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin.\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1a:Te2d,"])</script><script>self.__next_f.push([1,"\u003ch2\u003eIs FedRAMP Authorization required?\u003c/h2\u003e\u003cp\u003eYes, according to an \u003ca href=\"https://www.fedramp.gov/assets/resources/documents/FedRAMP_Policy_Memo.pdf\"\u003eOMB Memorandum\u003c/a\u003e, any cloud service that holds federal data \u003cstrong\u003emust\u003c/strong\u003e be FedRAMP authorized. Existing FedRAMP authorized cloud services can be viewed in the FedRAMP Marketplace.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eThere are exceptions to the authorization requirements above. \u003c/strong\u003eIf a cloud service offering meets \u003cstrong\u003eall\u003c/strong\u003e of the following criteria, it can be implemented by CMS without a FedRAMP Authorization:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe offering has a private cloud deployment model (i.e., the cloud environment is operated solely for the use at CMS).\u003c/li\u003e\u003cli\u003eThe offering is privately implemented within a managed CMS general services system (i.e., within CMS Cloud).\u003c/li\u003e\u003cli\u003eThe offering does not provide cloud services from the cloud-based information system to any external entities (including bureaus, components, or subordinate organizations within their agencies).\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIn the event that your chosen cloud service offering does not require a FedRAMP Authorization, you should continue to comply with the current FISMA requirements and the appropriate NIST security standards and guidelines for your private cloud-based information system.\u003c/p\u003e\u003ch2\u003eFedRAMP Authorization best practices\u003c/h2\u003e\u003cp\u003eThere are some important steps you can take to make sure your FedRAMP Authorization efforts are successful:\u003c/p\u003e\u003ch3\u003eReach out to teams who can help\u003c/h3\u003e\u003cp\u003eMaking an effort to reach out to others who can help you determine the appropriate next steps for FedRAMP Authorization will make the process easier and help you avoid delays.\u003c/p\u003e\u003cul\u003e\u003cli\u003eContact the \u003ca href=\"https://cloud.cms.gov/\"\u003eCMS Cloud\u003c/a\u003e team to see if their solution meets your needs.\u003c/li\u003e\u003cli\u003eContact the CMS FedRAMP PMO if you're thinking of using a different cloud service.\u003c/li\u003e\u003cli\u003eContact the Technical Review Board to discuss the necessary steps to ensure the proper architecture and security to protect government data.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eDefine the Authorization Boundary\u003c/h3\u003e\u003cp\u003eCloud Service Providers (CSPs) must have an authorization boundary diagram that depicts their scope of control over the system components, as well as interconnections to leveraged services external to the boundary. A well-defined boundary allows the stakeholders to understand data flows and how it's protected.\u003c/p\u003e\u003ch3\u003eEngage the CMS FedRAMP PMO\u003c/h3\u003e\u003cp\u003eCMS stakeholders and CSPs interested in using a cloud offering or provider that does not have a FedRAMP authorization should engage the CMS FedRAMP PMO early and often. A list of approved cloud service offerings and providers can be found here on this page, or on the \u003ca href=\"https://marketplace.fedramp.gov/\"\u003eFedRAMP Marketplace\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eProvide transparency into security\u003c/h3\u003e\u003cp\u003eCSPs should clearly communicate how a cloud service impacts federal information and provide CMS stakeholders insight into a systems architecture.\u003c/p\u003e\u003ch3\u003eDevelop mature processes\u003c/h3\u003e\u003cp\u003eBusiness Owners and CSPs have a responsibility to perform continuous monitoring and maintain a systems security posture, requiring mature security processes. The CMS FedRAMP PMO can support stakeholders in this process and answer questions.\u003c/p\u003e\u003ch3\u003eDescribe how security requirements are met\u003c/h3\u003e\u003cp\u003eCSPs should describe how they manage and support security and what protections they have in place to achieve a level of security sufficient for CMS systems. In addition to the FedRAMP baseline, the CSP will also have to meet CMS baseline security requirements to receive an Authority to Operate (ATO).\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1b:Te2d,"])</script><script>self.__next_f.push([1,"\u003ch2\u003eIs FedRAMP Authorization required?\u003c/h2\u003e\u003cp\u003eYes, according to an \u003ca href=\"https://www.fedramp.gov/assets/resources/documents/FedRAMP_Policy_Memo.pdf\"\u003eOMB Memorandum\u003c/a\u003e, any cloud service that holds federal data \u003cstrong\u003emust\u003c/strong\u003e be FedRAMP authorized. Existing FedRAMP authorized cloud services can be viewed in the FedRAMP Marketplace.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eThere are exceptions to the authorization requirements above. \u003c/strong\u003eIf a cloud service offering meets \u003cstrong\u003eall\u003c/strong\u003e of the following criteria, it can be implemented by CMS without a FedRAMP Authorization:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe offering has a private cloud deployment model (i.e., the cloud environment is operated solely for the use at CMS).\u003c/li\u003e\u003cli\u003eThe offering is privately implemented within a managed CMS general services system (i.e., within CMS Cloud).\u003c/li\u003e\u003cli\u003eThe offering does not provide cloud services from the cloud-based information system to any external entities (including bureaus, components, or subordinate organizations within their agencies).\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIn the event that your chosen cloud service offering does not require a FedRAMP Authorization, you should continue to comply with the current FISMA requirements and the appropriate NIST security standards and guidelines for your private cloud-based information system.\u003c/p\u003e\u003ch2\u003eFedRAMP Authorization best practices\u003c/h2\u003e\u003cp\u003eThere are some important steps you can take to make sure your FedRAMP Authorization efforts are successful:\u003c/p\u003e\u003ch3\u003eReach out to teams who can help\u003c/h3\u003e\u003cp\u003eMaking an effort to reach out to others who can help you determine the appropriate next steps for FedRAMP Authorization will make the process easier and help you avoid delays.\u003c/p\u003e\u003cul\u003e\u003cli\u003eContact the \u003ca href=\"https://cloud.cms.gov/\"\u003eCMS Cloud\u003c/a\u003e team to see if their solution meets your needs.\u003c/li\u003e\u003cli\u003eContact the CMS FedRAMP PMO if you're thinking of using a different cloud service.\u003c/li\u003e\u003cli\u003eContact the Technical Review Board to discuss the necessary steps to ensure the proper architecture and security to protect government data.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eDefine the Authorization Boundary\u003c/h3\u003e\u003cp\u003eCloud Service Providers (CSPs) must have an authorization boundary diagram that depicts their scope of control over the system components, as well as interconnections to leveraged services external to the boundary. A well-defined boundary allows the stakeholders to understand data flows and how it's protected.\u003c/p\u003e\u003ch3\u003eEngage the CMS FedRAMP PMO\u003c/h3\u003e\u003cp\u003eCMS stakeholders and CSPs interested in using a cloud offering or provider that does not have a FedRAMP authorization should engage the CMS FedRAMP PMO early and often. A list of approved cloud service offerings and providers can be found here on this page, or on the \u003ca href=\"https://marketplace.fedramp.gov/\"\u003eFedRAMP Marketplace\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eProvide transparency into security\u003c/h3\u003e\u003cp\u003eCSPs should clearly communicate how a cloud service impacts federal information and provide CMS stakeholders insight into a systems architecture.\u003c/p\u003e\u003ch3\u003eDevelop mature processes\u003c/h3\u003e\u003cp\u003eBusiness Owners and CSPs have a responsibility to perform continuous monitoring and maintain a systems security posture, requiring mature security processes. The CMS FedRAMP PMO can support stakeholders in this process and answer questions.\u003c/p\u003e\u003ch3\u003eDescribe how security requirements are met\u003c/h3\u003e\u003cp\u003eCSPs should describe how they manage and support security and what protections they have in place to achieve a level of security sufficient for CMS systems. In addition to the FedRAMP baseline, the CSP will also have to meet CMS baseline security requirements to receive an Authority to Operate (ATO).\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1c:T5af,\u003ch2\u003eChoosing a cloud service provider or offering\u003c/h2\u003e\u003cp\u003eWhen selecting a cloud service offering or provider, you can either use a service that has been FedRAMP authorized, or you can choose to sponsor the initial authorization with a CMS Agency Authorization for a cloud service offering.\u003c/p\u003e\u003ch3\u003eSponsoring a new cloud service provider or offering\u003c/h3\u003e\u003cp\u003eSponsoring a cloud service will require a CMS Authorization to Operate (ATO), which will take time. Additionally, a new cloud service provider will need to navigate through the FedRAMP Authorization process. This will add more time to production and will require monthly continuous monitoring responsibilities.\u003c/p\u003e\u003cp\u003eThere are a number of important requirements you must meet if youre interested in sponsoring a cloud service offering for FedRAMP Authorization at CMS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe CSP is \u003cstrong\u003erecommended \u003c/strong\u003eto use Open Security Controls Assessment Language (\u003ca href=\"https://www.fedramp.gov/using-the-fedramp-oscal-resources-and-templates/\"\u003e\u003cstrong\u003eOSCAL\u003c/strong\u003e\u003c/a\u003e) for documentation.\u003c/li\u003e\u003cli\u003eIt is \u003cstrong\u003erecommended\u003c/strong\u003e that the CSP has an independent FedRAMP Readiness Assessment already in place.\u003c/li\u003e\u003cli\u003eThe Business Owner and ISSO must commit to the management of the authorization and continuous monitoring process.\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://cloud.cms.gov/\"\u003eCMS Cloud\u003c/a\u003e can provide the underlying infrastructure and platform needed to host the application.\u003c/li\u003e\u003c/ul\u003e1d:T5af,\u003ch2\u003eChoosing a cloud service provider or offering\u003c/h2\u003e\u003cp\u003eWhen selecting a cloud service offering or provider, you can either use a service that has been FedRAMP authorized, or you can choose to sponsor the initial authorization with a CMS Agency Authorization for a cloud service offering.\u003c/p\u003e\u003ch3\u003eSponsoring a new cloud service provider or offering\u003c/h3\u003e\u003cp\u003eSponsoring a cloud service will require a CMS Authorization to Operate (ATO), which will take time. Additionally, a new cloud service provider will need to navigate through the FedRAMP Authorization process. This will add"])</script><script>self.__next_f.push([1," more time to production and will require monthly continuous monitoring responsibilities.\u003c/p\u003e\u003cp\u003eThere are a number of important requirements you must meet if youre interested in sponsoring a cloud service offering for FedRAMP Authorization at CMS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe CSP is \u003cstrong\u003erecommended \u003c/strong\u003eto use Open Security Controls Assessment Language (\u003ca href=\"https://www.fedramp.gov/using-the-fedramp-oscal-resources-and-templates/\"\u003e\u003cstrong\u003eOSCAL\u003c/strong\u003e\u003c/a\u003e) for documentation.\u003c/li\u003e\u003cli\u003eIt is \u003cstrong\u003erecommended\u003c/strong\u003e that the CSP has an independent FedRAMP Readiness Assessment already in place.\u003c/li\u003e\u003cli\u003eThe Business Owner and ISSO must commit to the management of the authorization and continuous monitoring process.\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://cloud.cms.gov/\"\u003eCMS Cloud\u003c/a\u003e can provide the underlying infrastructure and platform needed to host the application.\u003c/li\u003e\u003c/ul\u003e1e:T730,\u003ch3\u003eChoosing an existing FedRAMP provider\u003c/h3\u003e\u003cp\u003eThe \u003ca href=\"https://marketplace.fedramp.gov/\"\u003eFedRAMP Marketplace\u003c/a\u003e is the repository of cloud service providers (CSPs) and cloud service offerings (CSOs) that are:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP Authorized\u003c/strong\u003e - CSO is authorized for FedRAMP\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP Ready\u003c/strong\u003e - CSP is not yet authorized for FedRAMP, but the CSP have completed their FedRAMP Readiness Assessment Report (RAR) and is ready to partner with an Agency (such as CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP In Process - \u003c/strong\u003eCSO is being reviewed for an Authority to Operate (ATO) by an Agency or the FedRAMP Joint Authorization Board (JAB)\u003c/p\u003e\u003cp\u003e\"FedRAMP Ready\" status for new CSPs that are not FedRAMP Authorized is highly recommended. This status indicates that a 3PAO has reviewed documentation from the CSP and provided a readiness report. This can be requested for review as part of evaluating the selection of a CSO.\u003c/p\u003e\u003ch2\u003eFedRAMP Package Request process\u003c/h2\u003e\u003cp\u003eThe FedRAMP Package provides security posture details for a cloud service that has been FedRAMP Authorized. You may want to request a FedRAMP package if you are using, consider"])</script><script>self.__next_f.push([1,"ing, and/or assessing a cloud service offering. Initial access to the package lasts for 60 days. Permanent access can be granted if the agency has an ATO letter on file with the FedRAMP Program Management Office (PMO). According to the FedRAMP Authorization Act, all systems that directly leverage a FedRAMP-authorized cloud service must include this in an ATO and notify the CMS FedRAMP PMO (\u003ca href=\"mailto:fedramp@cms.hhs.gov\" target=\"_blank\"\u003efedramp@cms.hhs.gov\u003c/a\u003e) of the authorization and changes to the authorization, including renewals and revokation.\u003c/p\u003e\u003cp\u003e\u003cem\u003eNote: Creating a request for a FedRAMP Package requires a Max.gov account. Follow the steps below:\u003c/em\u003e\u003c/p\u003e1f:T730,\u003ch3\u003eChoosing an existing FedRAMP provider\u003c/h3\u003e\u003cp\u003eThe \u003ca href=\"https://marketplace.fedramp.gov/\"\u003eFedRAMP Marketplace\u003c/a\u003e is the repository of cloud service providers (CSPs) and cloud service offerings (CSOs) that are:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP Authorized\u003c/strong\u003e - CSO is authorized for FedRAMP\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP Ready\u003c/strong\u003e - CSP is not yet authorized for FedRAMP, but the CSP have completed their FedRAMP Readiness Assessment Report (RAR) and is ready to partner with an Agency (such as CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP In Process - \u003c/strong\u003eCSO is being reviewed for an Authority to Operate (ATO) by an Agency or the FedRAMP Joint Authorization Board (JAB)\u003c/p\u003e\u003cp\u003e\"FedRAMP Ready\" status for new CSPs that are not FedRAMP Authorized is highly recommended. This status indicates that a 3PAO has reviewed documentation from the CSP and provided a readiness report. This can be requested for review as part of evaluating the selection of a CSO.\u003c/p\u003e\u003ch2\u003eFedRAMP Package Request process\u003c/h2\u003e\u003cp\u003eThe FedRAMP Package provides security posture details for a cloud service that has been FedRAMP Authorized. You may want to request a FedRAMP package if you are using, considering, and/or assessing a cloud service offering. Initial access to the package lasts for 60 days. Permanent access can be granted if the agency has an ATO letter on file with the FedRAMP Program Manage"])</script><script>self.__next_f.push([1,"ment Office (PMO). According to the FedRAMP Authorization Act, all systems that directly leverage a FedRAMP-authorized cloud service must include this in an ATO and notify the CMS FedRAMP PMO (\u003ca href=\"mailto:fedramp@cms.hhs.gov\" target=\"_blank\"\u003efedramp@cms.hhs.gov\u003c/a\u003e) of the authorization and changes to the authorization, including renewals and revokation.\u003c/p\u003e\u003cp\u003e\u003cem\u003eNote: Creating a request for a FedRAMP Package requires a Max.gov account. Follow the steps below:\u003c/em\u003e\u003c/p\u003e20:T57b,\u003ch3\u003eCMS Sponsored Initial Authorization FedRAMP Products\u003c/h3\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Provider\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Offering\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP ID\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eType\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eService Model\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eDatabricks\u003c/td\u003e\u003ctd\u003eDatabricks on AWS East/West\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1834740315\"\u003eFR1834740315\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003ePaaS, SaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eLauchDarkly\u003c/td\u003e\u003ctd\u003eLauchDarkly\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2120962552\"\u003eFR2120962552\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eNucleus\u003c/td\u003e\u003ctd\u003eNucleus for Government\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2134455708\"\u003eFR2134455708\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSaviynt, Inc.\u003c/td\u003e\u003ctd\u003eEnterprise Identity Cloud (EIC)\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1821062403\"\u003eFR1821062403\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnowflake Inc.\u003c/td\u003e\u003ctd\u003eThe DataCloud on AWS US East/West\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1809360201\"\u003eFR1809360201\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnowflake Inc.\u003c/td\u003e\u003ctd\u003eThe DataCloud on Azure Government\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1809360202\"\u003eFR1809360202\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e21:T57b,\u003ch3\u003eCMS Sponsored Initial Authorization FedRAMP Products\u003c/h3\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Provider\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Servic"])</script><script>self.__next_f.push([1,"e Offering\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP ID\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eType\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eService Model\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eDatabricks\u003c/td\u003e\u003ctd\u003eDatabricks on AWS East/West\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1834740315\"\u003eFR1834740315\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003ePaaS, SaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eLauchDarkly\u003c/td\u003e\u003ctd\u003eLauchDarkly\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2120962552\"\u003eFR2120962552\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eNucleus\u003c/td\u003e\u003ctd\u003eNucleus for Government\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2134455708\"\u003eFR2134455708\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSaviynt, Inc.\u003c/td\u003e\u003ctd\u003eEnterprise Identity Cloud (EIC)\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1821062403\"\u003eFR1821062403\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnowflake Inc.\u003c/td\u003e\u003ctd\u003eThe DataCloud on AWS US East/West\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1809360201\"\u003eFR1809360201\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnowflake Inc.\u003c/td\u003e\u003ctd\u003eThe DataCloud on Azure Government\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1809360202\"\u003eFR1809360202\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e22:T617,\u003ch3\u003eCMS Sponsored Products -- In Process\u003c/h3\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Provider (CSP)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Offering (CSO)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFIPS-199 Security Categorization\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Model\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCMS Agency Authorization\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP Marketplace Status\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP Marketplace ID\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAlation\u003c/td\u003e\u003ctd\u003eAlation Cloud Service\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2411862686\"\u003eFR2411862686\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAppOmni\u003c/td\u003e\u003ctd\u003eAppOmni SaaS Security for Government\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e"])</script><script>self.__next_f.push([1,"\u003ca href=\"https://marketplace.fedramp.gov/products/FR2431264500\"\u003eFR2431264500\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAxonius\u003c/td\u003e\u003ctd\u003eAxonius Platform\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Finalization\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2401047002\"\u003eFR2401047002\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnyk\u003c/td\u003e\u003ctd\u003eSnyk for Government\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Finalization\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2230451369\"\u003eFR2230451369\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTalkdesk\u003c/td\u003e\u003ctd\u003eTalkdesk CX Cloud Government Ed.\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2213647361\"\u003eFR2213647361\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e23:T617,\u003ch3\u003eCMS Sponsored Products -- In Process\u003c/h3\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Provider (CSP)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Offering (CSO)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFIPS-199 Security Categorization\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Model\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCMS Agency Authorization\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP Marketplace Status\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP Marketplace ID\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAlation\u003c/td\u003e\u003ctd\u003eAlation Cloud Service\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2411862686\"\u003eFR2411862686\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAppOmni\u003c/td\u003e\u003ctd\u003eAppOmni SaaS Security for Government\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2431264500\"\u003eFR2431264500\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAxonius\u003c/td\u003e\u003ctd\u003eAxonius Platform\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Finalization\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2401047002\"\u003eFR2401047002\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnyk\u003c/td\u003e\u003ctd\u003eSnyk for Government\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Finalization\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/prod"])</script><script>self.__next_f.push([1,"ucts/FR2230451369\"\u003eFR2230451369\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTalkdesk\u003c/td\u003e\u003ctd\u003eTalkdesk CX Cloud Government Ed.\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2213647361\"\u003eFR2213647361\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e26:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}\n25:{\"self\":\"$26\"}\n29:[\"menu_ui\",\"scheduler\"]\n28:{\"module\":\"$29\"}\n2c:[]\n2b:{\"available_menus\":\"$2c\",\"parent\":\"\"}\n2d:{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}\n2a:{\"menu_ui\":\"$2b\",\"scheduler\":\"$2d\"}\n27:{\"langcode\":\"en\",\"status\":true,\"dependencies\":\"$28\",\"third_party_settings\":\"$2a\",\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}\n24:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":\"$25\",\"attributes\":\"$27\"}\n30:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/d3421e1d-1fda-4bd0-83ab-e404455b0e66\"}\n2f:{\"self\":\"$30\"}\n31:{\"display_name\":\"mrobinson\"}\n2e:{\"type\":\"user--user\",\"id\":\"d3421e1d-1fda-4bd0-83ab-e404455b0e66\",\"links\":\"$2f\",\"attributes\":\"$31\"}\n34:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/dca2c49b-4a12-4d5f-859d-a759444160a4\"}\n33:{\"self\":\"$34\"}\n35:{\"display_name\":\"meg - retired\"}\n32:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"links\":\"$33\",\"attributes\":\"$35\"}\n38:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22?resourceVersion=id%3A131\"}\n37:{\"self\""])</script><script>self.__next_f.push([1,":\"$38\"}\n3a:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n39:{\"drupal_internal__tid\":131,\"drupal_internal__revision_id\":131,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:33+00:00\",\"status\":true,\"name\":\"General Information\",\"description\":null,\"weight\":2,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$3a\"}\n3e:{\"drupal_internal__target_id\":\"resource_type\"}\n3d:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":\"$3e\"}\n40:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/vid?resourceVersion=id%3A131\"}\n41:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/vid?resourceVersion=id%3A131\"}\n3f:{\"related\":\"$40\",\"self\":\"$41\"}\n3c:{\"data\":\"$3d\",\"links\":\"$3f\"}\n44:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/revision_user?resourceVersion=id%3A131\"}\n45:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/revision_user?resourceVersion=id%3A131\"}\n43:{\"related\":\"$44\",\"self\":\"$45\"}\n42:{\"data\":null,\"links\":\"$43\"}\n4c:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n4b:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$4c\"}\n4a:{\"help\":\"$4b\"}\n49:{\"links\":\"$4a\"}\n48:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":\"$49\"}\n47:[\"$48\"]\n4e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/parent?resourceVersion=id%3A131\"}\n4f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/parent?resourceVersion=id%3A131\"}\n4d:{\"related\":\"$4e\",\"self\":\"$4f\"}\n46:{\"data\":\"$47\",\"links\":\"$4d\"}\n3b:{\"vid\":\"$3c\",\"revision_user\":\"$42\",\"parent\":\"$46\"}\n36:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141"])</script><script>self.__next_f.push([1,"-4b1e-82aa-e6bfe0f91a22\",\"links\":\"$37\",\"attributes\":\"$39\",\"relationships\":\"$3b\"}\n52:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}\n51:{\"self\":\"$52\"}\n54:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n53:{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$54\"}\n58:{\"drupal_internal__target_id\":\"roles\"}\n57:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$58\"}\n5a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"}\n5b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}\n59:{\"related\":\"$5a\",\"self\":\"$5b\"}\n56:{\"data\":\"$57\",\"links\":\"$59\"}\n5e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"}\n5f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}\n5d:{\"related\":\"$5e\",\"self\":\"$5f\"}\n5c:{\"data\":null,\"links\":\"$5d\"}\n66:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n65:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$66\"}\n64:{\"help\":\"$65\"}\n63:{\"links\":\"$64\"}\n62:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$63\"}\n61:[\"$62\"]\n68:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"}\n69:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}\n67:{\"related\":\"$68\",\"self\":\""])</script><script>self.__next_f.push([1,"$69\"}\n60:{\"data\":\"$61\",\"links\":\"$67\"}\n55:{\"vid\":\"$56\",\"revision_user\":\"$5c\",\"parent\":\"$60\"}\n50:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":\"$51\",\"attributes\":\"$53\",\"relationships\":\"$55\"}\n6c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}\n6b:{\"self\":\"$6c\"}\n6e:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n6d:{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$6e\"}\n72:{\"drupal_internal__target_id\":\"roles\"}\n71:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$72\"}\n74:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"}\n75:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}\n73:{\"related\":\"$74\",\"self\":\"$75\"}\n70:{\"data\":\"$71\",\"links\":\"$73\"}\n78:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"}\n79:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}\n77:{\"related\":\"$78\",\"self\":\"$79\"}\n76:{\"data\":null,\"links\":\"$77\"}\n80:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n7f:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$80\"}\n7e:{\"help\":\"$7f\"}\n7d:{\"links\":\"$7e\"}\n7c:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$7d\"}\n7b:[\"$7c\"]\n82:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"}\n83:{\"href\":\"htt"])</script><script>self.__next_f.push([1,"ps://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}\n81:{\"related\":\"$82\",\"self\":\"$83\"}\n7a:{\"data\":\"$7b\",\"links\":\"$81\"}\n6f:{\"vid\":\"$70\",\"revision_user\":\"$76\",\"parent\":\"$7a\"}\n6a:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":\"$6b\",\"attributes\":\"$6d\",\"relationships\":\"$6f\"}\n86:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}\n85:{\"self\":\"$86\"}\n88:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n87:{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$88\"}\n8c:{\"drupal_internal__target_id\":\"roles\"}\n8b:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$8c\"}\n8e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"}\n8f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}\n8d:{\"related\":\"$8e\",\"self\":\"$8f\"}\n8a:{\"data\":\"$8b\",\"links\":\"$8d\"}\n92:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"}\n93:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}\n91:{\"related\":\"$92\",\"self\":\"$93\"}\n90:{\"data\":null,\"links\":\"$91\"}\n9a:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n99:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$9a\"}\n98:{\"help\":\"$99\"}\n97:{\"links\":\"$98\"}\n96:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$97\"}\n95:[\"$96\"]\n9c:{\"hr"])</script><script>self.__next_f.push([1,"ef\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"}\n9d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}\n9b:{\"related\":\"$9c\",\"self\":\"$9d\"}\n94:{\"data\":\"$95\",\"links\":\"$9b\"}\n89:{\"vid\":\"$8a\",\"revision_user\":\"$90\",\"parent\":\"$94\"}\n84:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":\"$85\",\"attributes\":\"$87\",\"relationships\":\"$89\"}\na0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38?resourceVersion=id%3A21\"}\n9f:{\"self\":\"$a0\"}\na2:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\na1:{\"drupal_internal__tid\":21,\"drupal_internal__revision_id\":21,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:35+00:00\",\"status\":true,\"name\":\"Federal Policy \u0026 Guidance\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$a2\"}\na6:{\"drupal_internal__target_id\":\"topics\"}\na5:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$a6\"}\na8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/vid?resourceVersion=id%3A21\"}\na9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/vid?resourceVersion=id%3A21\"}\na7:{\"related\":\"$a8\",\"self\":\"$a9\"}\na4:{\"data\":\"$a5\",\"links\":\"$a7\"}\nac:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/revision_user?resourceVersion=id%3A21\"}\nad:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/revision_user?resourceVersion=id%3A21\"}\nab:{\"related\":\"$ac\",\"self\":\"$ad\"}\naa:{\"data\":null,\"links\":\"$ab\"}\nb4:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\nb3:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/cor"])</script><script>self.__next_f.push([1,"e-concepts#virtual\",\"meta\":\"$b4\"}\nb2:{\"help\":\"$b3\"}\nb1:{\"links\":\"$b2\"}\nb0:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$b1\"}\naf:[\"$b0\"]\nb6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/parent?resourceVersion=id%3A21\"}\nb7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/parent?resourceVersion=id%3A21\"}\nb5:{\"related\":\"$b6\",\"self\":\"$b7\"}\nae:{\"data\":\"$af\",\"links\":\"$b5\"}\na3:{\"vid\":\"$a4\",\"revision_user\":\"$aa\",\"parent\":\"$ae\"}\n9e:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"links\":\"$9f\",\"attributes\":\"$a1\",\"relationships\":\"$a3\"}\nba:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041?resourceVersion=id%3A19451\"}\nb9:{\"self\":\"$ba\"}\nbc:[]\nbe:T1356,"])</script><script>self.__next_f.push([1,"\u003ch2\u003eWhat is FedRAMP?\u003c/h2\u003e\u003cp\u003eThe Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative that was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP offers a standardized approach to security assessments, security authorization, and continuous monitoring for cloud products and services. It is designed to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eReduce duplicative efforts, inconsistencies, and cost inefficiencies.\u003c/li\u003e\u003cli\u003eEstablish public-private partnerships that promote innovation and security.\u003c/li\u003e\u003cli\u003eEnable the federal government to accelerate the adoption of cloud computing.\u003c/li\u003e\u003cli\u003eCreate transparent standards and processes for security authorizations.\u003c/li\u003e\u003cli\u003eAllow agencies to leverage security authorizations on a government-wide scale.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eWho supports FedRAMP at CMS?\u003c/h3\u003e\u003cp\u003eThe \u003cstrong\u003eCMS FedRAMP Program Management Office (PMO)\u003c/strong\u003e is made up of members of the Information Security and Privacy Group (ISPG). The team works on the procedures to obtain FedRAMP authorization and perform continuous monitoring for cloud services.\u003c/p\u003e\u003ch3\u003eFedRAMP versus FISMA\u003c/h3\u003e\u003cp\u003eThere may be some confusion about the difference between the FedRAMP program and the Federal Information Security Modernization Act (FISMA). While these two federal policies have a lot in common, there are important differences that users need to be aware of.\u003c/p\u003e\u003cp\u003eThe Federal Information Security Modernization Act (FISMA) was enacted in 2002 as an effort to modernize all federal government information systems. When thinking about FISMA and FedRAMP, its important to remember that FISMA guidance applies to \u003cstrong\u003eall technologies and systems\u003c/strong\u003e while FedRAMP deals exclusively with \u003cstrong\u003ecloud service offerings\u003c/strong\u003e. Other differences include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWhile both FedRAMP and FISMA follow \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\"\u003eNIST security guidance from 800-53\u003c/a\u003e, FedRAMP has additional, cloud-specific controls.\u003c/li\u003e\u003cli\u003eThe FISMA boundary encompasses the full system, which can include 1 or more cloud service offerings; the FedRAMP boundary is exclusively for the cloud service offering and may include the full stack (infrastructure, platform and software) or just parts.\u003c/li\u003e\u003cli\u003eFedRAMP requires a Third Party Assessment Organization (3PAO), certified through GSA FedRAMP Program Management Office (PMO), to provide initial and periodic assessments of cloud systems based on federal security requirements; FISMA does not.\u003c/li\u003e\u003cli\u003eFedRAMP authorization can be leveraged by multiple agencies, while FISMA authorization is agency specific.\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eHow to obtain a FedRAMP Authorization\u003c/h2\u003e\u003cp\u003eThe primary way in which a cloud service can obtain a FedRAMP authorization is through an Agency authorization:\u003c/p\u003e\u003ch3\u003eAgency ATO\u003c/h3\u003e\u003cp\u003eAny federal agency can work with a cloud services provider to provide an ATO for the cloud service and submit the package to the FedRAMP Program Management Office (PMO) for authorization. Agency Authorization also provides the additional benefit of collaborative continuous monitoring efforts. To get involved in any of these meetings for systems not sponsored by CMS, the ISSO should email the vendor's compliance team which is available at \u003ca href=\"https://protect2.fireeye.com/v1/url?k=e6b3442c-b9287cf8-e6b37513-0cc47a6d17cc-9740d5f381df0fc2\u0026amp;q=1\u0026amp;e=1ffe8a40-245c-4062-b770-f0b8bc889bc6\u0026amp;u=http%3A%2F%2Fmarketplace.fedramp.gov%2F\"\u003emarketplace.fedramp.gov\u003c/a\u003e (Click on the vendor. Contact info is to the left).\u003c/p\u003e\u003ch2\u003eFedRAMP Authorization levels\u003c/h2\u003e\u003cp\u003eFedRAMP follows the Federal Information Process Stands (FIPS) 199 for the categorization of the baseline requirements as:\u003c/p\u003e\u003ch3\u003eLow\u003c/h3\u003e\u003cp\u003eThis FedRAMP baseline was developed to authorize low impact industry solutions that do not contain any sensitive personally identifiable information (PII), including Low-Impact Software as a Service (Li-SaaS).\u003c/p\u003e\u003ch3\u003eModerate\u003c/h3\u003e\u003cp\u003eThe moderate level is for cloud service offerings where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agencys operations, assets, or individuals. Serious adverse effects at the moderate level could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.\u003c/p\u003e\u003ch3\u003eHigh\u003c/h3\u003e\u003cp\u003eThe high level is typically reserved for law enforcement and emergency services systems, financial systems, health systems, and any other system where loss of confidentiality, integrity, or availability could have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. The high level holds the governments most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin.\u003c/p\u003e"])</script><script>self.__next_f.push([1,"bf:T1356,"])</script><script>self.__next_f.push([1,"\u003ch2\u003eWhat is FedRAMP?\u003c/h2\u003e\u003cp\u003eThe Federal Risk and Authorization Management Program (FedRAMP) is a government-wide initiative that was established in 2011 to provide a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP offers a standardized approach to security assessments, security authorization, and continuous monitoring for cloud products and services. It is designed to:\u003c/p\u003e\u003cul\u003e\u003cli\u003eReduce duplicative efforts, inconsistencies, and cost inefficiencies.\u003c/li\u003e\u003cli\u003eEstablish public-private partnerships that promote innovation and security.\u003c/li\u003e\u003cli\u003eEnable the federal government to accelerate the adoption of cloud computing.\u003c/li\u003e\u003cli\u003eCreate transparent standards and processes for security authorizations.\u003c/li\u003e\u003cli\u003eAllow agencies to leverage security authorizations on a government-wide scale.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eWho supports FedRAMP at CMS?\u003c/h3\u003e\u003cp\u003eThe \u003cstrong\u003eCMS FedRAMP Program Management Office (PMO)\u003c/strong\u003e is made up of members of the Information Security and Privacy Group (ISPG). The team works on the procedures to obtain FedRAMP authorization and perform continuous monitoring for cloud services.\u003c/p\u003e\u003ch3\u003eFedRAMP versus FISMA\u003c/h3\u003e\u003cp\u003eThere may be some confusion about the difference between the FedRAMP program and the Federal Information Security Modernization Act (FISMA). While these two federal policies have a lot in common, there are important differences that users need to be aware of.\u003c/p\u003e\u003cp\u003eThe Federal Information Security Modernization Act (FISMA) was enacted in 2002 as an effort to modernize all federal government information systems. When thinking about FISMA and FedRAMP, its important to remember that FISMA guidance applies to \u003cstrong\u003eall technologies and systems\u003c/strong\u003e while FedRAMP deals exclusively with \u003cstrong\u003ecloud service offerings\u003c/strong\u003e. Other differences include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eWhile both FedRAMP and FISMA follow \u003ca href=\"https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final\"\u003eNIST security guidance from 800-53\u003c/a\u003e, FedRAMP has additional, cloud-specific controls.\u003c/li\u003e\u003cli\u003eThe FISMA boundary encompasses the full system, which can include 1 or more cloud service offerings; the FedRAMP boundary is exclusively for the cloud service offering and may include the full stack (infrastructure, platform and software) or just parts.\u003c/li\u003e\u003cli\u003eFedRAMP requires a Third Party Assessment Organization (3PAO), certified through GSA FedRAMP Program Management Office (PMO), to provide initial and periodic assessments of cloud systems based on federal security requirements; FISMA does not.\u003c/li\u003e\u003cli\u003eFedRAMP authorization can be leveraged by multiple agencies, while FISMA authorization is agency specific.\u003c/li\u003e\u003c/ul\u003e\u003ch2\u003eHow to obtain a FedRAMP Authorization\u003c/h2\u003e\u003cp\u003eThe primary way in which a cloud service can obtain a FedRAMP authorization is through an Agency authorization:\u003c/p\u003e\u003ch3\u003eAgency ATO\u003c/h3\u003e\u003cp\u003eAny federal agency can work with a cloud services provider to provide an ATO for the cloud service and submit the package to the FedRAMP Program Management Office (PMO) for authorization. Agency Authorization also provides the additional benefit of collaborative continuous monitoring efforts. To get involved in any of these meetings for systems not sponsored by CMS, the ISSO should email the vendor's compliance team which is available at \u003ca href=\"https://protect2.fireeye.com/v1/url?k=e6b3442c-b9287cf8-e6b37513-0cc47a6d17cc-9740d5f381df0fc2\u0026amp;q=1\u0026amp;e=1ffe8a40-245c-4062-b770-f0b8bc889bc6\u0026amp;u=http%3A%2F%2Fmarketplace.fedramp.gov%2F\"\u003emarketplace.fedramp.gov\u003c/a\u003e (Click on the vendor. Contact info is to the left).\u003c/p\u003e\u003ch2\u003eFedRAMP Authorization levels\u003c/h2\u003e\u003cp\u003eFedRAMP follows the Federal Information Process Stands (FIPS) 199 for the categorization of the baseline requirements as:\u003c/p\u003e\u003ch3\u003eLow\u003c/h3\u003e\u003cp\u003eThis FedRAMP baseline was developed to authorize low impact industry solutions that do not contain any sensitive personally identifiable information (PII), including Low-Impact Software as a Service (Li-SaaS).\u003c/p\u003e\u003ch3\u003eModerate\u003c/h3\u003e\u003cp\u003eThe moderate level is for cloud service offerings where the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agencys operations, assets, or individuals. Serious adverse effects at the moderate level could include significant operational damage to agency assets, financial loss, or individual harm that is not loss of life or physical.\u003c/p\u003e\u003ch3\u003eHigh\u003c/h3\u003e\u003cp\u003eThe high level is typically reserved for law enforcement and emergency services systems, financial systems, health systems, and any other system where loss of confidentiality, integrity, or availability could have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. The high level holds the governments most sensitive, unclassified data in cloud computing environments, including data that involves the protection of life and financial ruin.\u003c/p\u003e"])</script><script>self.__next_f.push([1,"bd:{\"value\":\"$be\",\"format\":\"body_text\",\"processed\":\"$bf\"}\nbb:{\"drupal_internal__id\":1171,\"drupal_internal__revision_id\":19451,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T17:29:03+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$bc\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$bd\"}\nc3:{\"drupal_internal__target_id\":\"page_section\"}\nc2:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$c3\"}\nc5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041/paragraph_type?resourceVersion=id%3A19451\"}\nc6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041/relationships/paragraph_type?resourceVersion=id%3A19451\"}\nc4:{\"related\":\"$c5\",\"self\":\"$c6\"}\nc1:{\"data\":\"$c2\",\"links\":\"$c4\"}\nc9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041/field_specialty_item?resourceVersion=id%3A19451\"}\nca:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041/relationships/field_specialty_item?resourceVersion=id%3A19451\"}\nc8:{\"related\":\"$c9\",\"self\":\"$ca\"}\nc7:{\"data\":null,\"links\":\"$c8\"}\nc0:{\"paragraph_type\":\"$c1\",\"field_specialty_item\":\"$c7\"}\nb8:{\"type\":\"paragraph--page_section\",\"id\":\"2ce39e48-81e4-4bea-a0ff-04f25ddd0041\",\"links\":\"$b9\",\"attributes\":\"$bb\",\"relationships\":\"$c0\"}\ncd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e?resourceVersion=id%3A19452\"}\ncc:{\"self\":\"$cd\"}\ncf:[]\nd1:Te2d,"])</script><script>self.__next_f.push([1,"\u003ch2\u003eIs FedRAMP Authorization required?\u003c/h2\u003e\u003cp\u003eYes, according to an \u003ca href=\"https://www.fedramp.gov/assets/resources/documents/FedRAMP_Policy_Memo.pdf\"\u003eOMB Memorandum\u003c/a\u003e, any cloud service that holds federal data \u003cstrong\u003emust\u003c/strong\u003e be FedRAMP authorized. Existing FedRAMP authorized cloud services can be viewed in the FedRAMP Marketplace.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eThere are exceptions to the authorization requirements above. \u003c/strong\u003eIf a cloud service offering meets \u003cstrong\u003eall\u003c/strong\u003e of the following criteria, it can be implemented by CMS without a FedRAMP Authorization:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe offering has a private cloud deployment model (i.e., the cloud environment is operated solely for the use at CMS).\u003c/li\u003e\u003cli\u003eThe offering is privately implemented within a managed CMS general services system (i.e., within CMS Cloud).\u003c/li\u003e\u003cli\u003eThe offering does not provide cloud services from the cloud-based information system to any external entities (including bureaus, components, or subordinate organizations within their agencies).\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIn the event that your chosen cloud service offering does not require a FedRAMP Authorization, you should continue to comply with the current FISMA requirements and the appropriate NIST security standards and guidelines for your private cloud-based information system.\u003c/p\u003e\u003ch2\u003eFedRAMP Authorization best practices\u003c/h2\u003e\u003cp\u003eThere are some important steps you can take to make sure your FedRAMP Authorization efforts are successful:\u003c/p\u003e\u003ch3\u003eReach out to teams who can help\u003c/h3\u003e\u003cp\u003eMaking an effort to reach out to others who can help you determine the appropriate next steps for FedRAMP Authorization will make the process easier and help you avoid delays.\u003c/p\u003e\u003cul\u003e\u003cli\u003eContact the \u003ca href=\"https://cloud.cms.gov/\"\u003eCMS Cloud\u003c/a\u003e team to see if their solution meets your needs.\u003c/li\u003e\u003cli\u003eContact the CMS FedRAMP PMO if you're thinking of using a different cloud service.\u003c/li\u003e\u003cli\u003eContact the Technical Review Board to discuss the necessary steps to ensure the proper architecture and security to protect government data.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eDefine the Authorization Boundary\u003c/h3\u003e\u003cp\u003eCloud Service Providers (CSPs) must have an authorization boundary diagram that depicts their scope of control over the system components, as well as interconnections to leveraged services external to the boundary. A well-defined boundary allows the stakeholders to understand data flows and how it's protected.\u003c/p\u003e\u003ch3\u003eEngage the CMS FedRAMP PMO\u003c/h3\u003e\u003cp\u003eCMS stakeholders and CSPs interested in using a cloud offering or provider that does not have a FedRAMP authorization should engage the CMS FedRAMP PMO early and often. A list of approved cloud service offerings and providers can be found here on this page, or on the \u003ca href=\"https://marketplace.fedramp.gov/\"\u003eFedRAMP Marketplace\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eProvide transparency into security\u003c/h3\u003e\u003cp\u003eCSPs should clearly communicate how a cloud service impacts federal information and provide CMS stakeholders insight into a systems architecture.\u003c/p\u003e\u003ch3\u003eDevelop mature processes\u003c/h3\u003e\u003cp\u003eBusiness Owners and CSPs have a responsibility to perform continuous monitoring and maintain a systems security posture, requiring mature security processes. The CMS FedRAMP PMO can support stakeholders in this process and answer questions.\u003c/p\u003e\u003ch3\u003eDescribe how security requirements are met\u003c/h3\u003e\u003cp\u003eCSPs should describe how they manage and support security and what protections they have in place to achieve a level of security sufficient for CMS systems. In addition to the FedRAMP baseline, the CSP will also have to meet CMS baseline security requirements to receive an Authority to Operate (ATO).\u003c/p\u003e"])</script><script>self.__next_f.push([1,"d2:Te2d,"])</script><script>self.__next_f.push([1,"\u003ch2\u003eIs FedRAMP Authorization required?\u003c/h2\u003e\u003cp\u003eYes, according to an \u003ca href=\"https://www.fedramp.gov/assets/resources/documents/FedRAMP_Policy_Memo.pdf\"\u003eOMB Memorandum\u003c/a\u003e, any cloud service that holds federal data \u003cstrong\u003emust\u003c/strong\u003e be FedRAMP authorized. Existing FedRAMP authorized cloud services can be viewed in the FedRAMP Marketplace.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eThere are exceptions to the authorization requirements above. \u003c/strong\u003eIf a cloud service offering meets \u003cstrong\u003eall\u003c/strong\u003e of the following criteria, it can be implemented by CMS without a FedRAMP Authorization:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe offering has a private cloud deployment model (i.e., the cloud environment is operated solely for the use at CMS).\u003c/li\u003e\u003cli\u003eThe offering is privately implemented within a managed CMS general services system (i.e., within CMS Cloud).\u003c/li\u003e\u003cli\u003eThe offering does not provide cloud services from the cloud-based information system to any external entities (including bureaus, components, or subordinate organizations within their agencies).\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIn the event that your chosen cloud service offering does not require a FedRAMP Authorization, you should continue to comply with the current FISMA requirements and the appropriate NIST security standards and guidelines for your private cloud-based information system.\u003c/p\u003e\u003ch2\u003eFedRAMP Authorization best practices\u003c/h2\u003e\u003cp\u003eThere are some important steps you can take to make sure your FedRAMP Authorization efforts are successful:\u003c/p\u003e\u003ch3\u003eReach out to teams who can help\u003c/h3\u003e\u003cp\u003eMaking an effort to reach out to others who can help you determine the appropriate next steps for FedRAMP Authorization will make the process easier and help you avoid delays.\u003c/p\u003e\u003cul\u003e\u003cli\u003eContact the \u003ca href=\"https://cloud.cms.gov/\"\u003eCMS Cloud\u003c/a\u003e team to see if their solution meets your needs.\u003c/li\u003e\u003cli\u003eContact the CMS FedRAMP PMO if you're thinking of using a different cloud service.\u003c/li\u003e\u003cli\u003eContact the Technical Review Board to discuss the necessary steps to ensure the proper architecture and security to protect government data.\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003eDefine the Authorization Boundary\u003c/h3\u003e\u003cp\u003eCloud Service Providers (CSPs) must have an authorization boundary diagram that depicts their scope of control over the system components, as well as interconnections to leveraged services external to the boundary. A well-defined boundary allows the stakeholders to understand data flows and how it's protected.\u003c/p\u003e\u003ch3\u003eEngage the CMS FedRAMP PMO\u003c/h3\u003e\u003cp\u003eCMS stakeholders and CSPs interested in using a cloud offering or provider that does not have a FedRAMP authorization should engage the CMS FedRAMP PMO early and often. A list of approved cloud service offerings and providers can be found here on this page, or on the \u003ca href=\"https://marketplace.fedramp.gov/\"\u003eFedRAMP Marketplace\u003c/a\u003e.\u003c/p\u003e\u003ch3\u003eProvide transparency into security\u003c/h3\u003e\u003cp\u003eCSPs should clearly communicate how a cloud service impacts federal information and provide CMS stakeholders insight into a systems architecture.\u003c/p\u003e\u003ch3\u003eDevelop mature processes\u003c/h3\u003e\u003cp\u003eBusiness Owners and CSPs have a responsibility to perform continuous monitoring and maintain a systems security posture, requiring mature security processes. The CMS FedRAMP PMO can support stakeholders in this process and answer questions.\u003c/p\u003e\u003ch3\u003eDescribe how security requirements are met\u003c/h3\u003e\u003cp\u003eCSPs should describe how they manage and support security and what protections they have in place to achieve a level of security sufficient for CMS systems. In addition to the FedRAMP baseline, the CSP will also have to meet CMS baseline security requirements to receive an Authority to Operate (ATO).\u003c/p\u003e"])</script><script>self.__next_f.push([1,"d0:{\"value\":\"$d1\",\"format\":\"body_text\",\"processed\":\"$d2\"}\nce:{\"drupal_internal__id\":1211,\"drupal_internal__revision_id\":19452,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T20:25:42+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$cf\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$d0\"}\nd6:{\"drupal_internal__target_id\":\"page_section\"}\nd5:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$d6\"}\nd8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e/paragraph_type?resourceVersion=id%3A19452\"}\nd9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e/relationships/paragraph_type?resourceVersion=id%3A19452\"}\nd7:{\"related\":\"$d8\",\"self\":\"$d9\"}\nd4:{\"data\":\"$d5\",\"links\":\"$d7\"}\ndc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e/field_specialty_item?resourceVersion=id%3A19452\"}\ndd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e/relationships/field_specialty_item?resourceVersion=id%3A19452\"}\ndb:{\"related\":\"$dc\",\"self\":\"$dd\"}\nda:{\"data\":null,\"links\":\"$db\"}\nd3:{\"paragraph_type\":\"$d4\",\"field_specialty_item\":\"$da\"}\ncb:{\"type\":\"paragraph--page_section\",\"id\":\"77ea2e89-2433-4815-b869-52b2d900029e\",\"links\":\"$cc\",\"attributes\":\"$ce\",\"relationships\":\"$d3\"}\ne0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24?resourceVersion=id%3A19462\"}\ndf:{\"self\":\"$e0\"}\ne2:[]\ne4:T5af,\u003ch2\u003eChoosing a cloud service provider or offering\u003c/h2\u003e\u003cp\u003eWhen selecting a cloud service offering or provider, you can either use a service that has been FedRAMP authorized, or you can choose to sponsor the initial authorization with a CMS Agency Authorization for a cloud service offering.\u003c/p\u003e\u003ch3\u003eSponsoring a new cloud service provider or offering\u003c/h3\u003e\u003cp\u003eSponsoring a cloud s"])</script><script>self.__next_f.push([1,"ervice will require a CMS Authorization to Operate (ATO), which will take time. Additionally, a new cloud service provider will need to navigate through the FedRAMP Authorization process. This will add more time to production and will require monthly continuous monitoring responsibilities.\u003c/p\u003e\u003cp\u003eThere are a number of important requirements you must meet if youre interested in sponsoring a cloud service offering for FedRAMP Authorization at CMS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe CSP is \u003cstrong\u003erecommended \u003c/strong\u003eto use Open Security Controls Assessment Language (\u003ca href=\"https://www.fedramp.gov/using-the-fedramp-oscal-resources-and-templates/\"\u003e\u003cstrong\u003eOSCAL\u003c/strong\u003e\u003c/a\u003e) for documentation.\u003c/li\u003e\u003cli\u003eIt is \u003cstrong\u003erecommended\u003c/strong\u003e that the CSP has an independent FedRAMP Readiness Assessment already in place.\u003c/li\u003e\u003cli\u003eThe Business Owner and ISSO must commit to the management of the authorization and continuous monitoring process.\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://cloud.cms.gov/\"\u003eCMS Cloud\u003c/a\u003e can provide the underlying infrastructure and platform needed to host the application.\u003c/li\u003e\u003c/ul\u003ee5:T5af,\u003ch2\u003eChoosing a cloud service provider or offering\u003c/h2\u003e\u003cp\u003eWhen selecting a cloud service offering or provider, you can either use a service that has been FedRAMP authorized, or you can choose to sponsor the initial authorization with a CMS Agency Authorization for a cloud service offering.\u003c/p\u003e\u003ch3\u003eSponsoring a new cloud service provider or offering\u003c/h3\u003e\u003cp\u003eSponsoring a cloud service will require a CMS Authorization to Operate (ATO), which will take time. Additionally, a new cloud service provider will need to navigate through the FedRAMP Authorization process. This will add more time to production and will require monthly continuous monitoring responsibilities.\u003c/p\u003e\u003cp\u003eThere are a number of important requirements you must meet if youre interested in sponsoring a cloud service offering for FedRAMP Authorization at CMS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe CSP is \u003cstrong\u003erecommended \u003c/strong\u003eto use Open Security Controls Assessment Language (\u003ca href=\"https://www.fedramp.go"])</script><script>self.__next_f.push([1,"v/using-the-fedramp-oscal-resources-and-templates/\"\u003e\u003cstrong\u003eOSCAL\u003c/strong\u003e\u003c/a\u003e) for documentation.\u003c/li\u003e\u003cli\u003eIt is \u003cstrong\u003erecommended\u003c/strong\u003e that the CSP has an independent FedRAMP Readiness Assessment already in place.\u003c/li\u003e\u003cli\u003eThe Business Owner and ISSO must commit to the management of the authorization and continuous monitoring process.\u003c/li\u003e\u003cli\u003e\u003ca href=\"https://cloud.cms.gov/\"\u003eCMS Cloud\u003c/a\u003e can provide the underlying infrastructure and platform needed to host the application.\u003c/li\u003e\u003c/ul\u003ee3:{\"value\":\"$e4\",\"format\":\"body_text\",\"processed\":\"$e5\"}\ne1:{\"drupal_internal__id\":3431,\"drupal_internal__revision_id\":19462,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:02:05+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$e2\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$e3\"}\ne9:{\"drupal_internal__target_id\":\"page_section\"}\ne8:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$e9\"}\neb:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24/paragraph_type?resourceVersion=id%3A19462\"}\nec:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24/relationships/paragraph_type?resourceVersion=id%3A19462\"}\nea:{\"related\":\"$eb\",\"self\":\"$ec\"}\ne7:{\"data\":\"$e8\",\"links\":\"$ea\"}\nef:{\"target_revision_id\":19461,\"drupal_internal__target_id\":3430}\nee:{\"type\":\"paragraph--process_list\",\"id\":\"5ad34745-bdd0-4431-9dd5-eca900bdcadf\",\"meta\":\"$ef\"}\nf1:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24/field_specialty_item?resourceVersion=id%3A19462\"}\nf2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24/relationships/field_specialty_item?resourceVersion=id%3A19462\"}\nf0:{\"related\":\"$f1\",\"self\":\"$f2\"}\ned:{\"data\":\"$ee\",\"links\":\"$f0\"}\ne6:{\"paragraph_type\":\"$e7\",\"field_specialty_item\":\"$ed\"}\nde:{\"type\":\"paragraph--p"])</script><script>self.__next_f.push([1,"age_section\",\"id\":\"deedf0fe-44e9-4015-90a1-f86ce6cbaf24\",\"links\":\"$df\",\"attributes\":\"$e1\",\"relationships\":\"$e6\"}\nf5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a?resourceVersion=id%3A19472\"}\nf4:{\"self\":\"$f5\"}\nf7:[]\nf9:T730,\u003ch3\u003eChoosing an existing FedRAMP provider\u003c/h3\u003e\u003cp\u003eThe \u003ca href=\"https://marketplace.fedramp.gov/\"\u003eFedRAMP Marketplace\u003c/a\u003e is the repository of cloud service providers (CSPs) and cloud service offerings (CSOs) that are:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP Authorized\u003c/strong\u003e - CSO is authorized for FedRAMP\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP Ready\u003c/strong\u003e - CSP is not yet authorized for FedRAMP, but the CSP have completed their FedRAMP Readiness Assessment Report (RAR) and is ready to partner with an Agency (such as CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP In Process - \u003c/strong\u003eCSO is being reviewed for an Authority to Operate (ATO) by an Agency or the FedRAMP Joint Authorization Board (JAB)\u003c/p\u003e\u003cp\u003e\"FedRAMP Ready\" status for new CSPs that are not FedRAMP Authorized is highly recommended. This status indicates that a 3PAO has reviewed documentation from the CSP and provided a readiness report. This can be requested for review as part of evaluating the selection of a CSO.\u003c/p\u003e\u003ch2\u003eFedRAMP Package Request process\u003c/h2\u003e\u003cp\u003eThe FedRAMP Package provides security posture details for a cloud service that has been FedRAMP Authorized. You may want to request a FedRAMP package if you are using, considering, and/or assessing a cloud service offering. Initial access to the package lasts for 60 days. Permanent access can be granted if the agency has an ATO letter on file with the FedRAMP Program Management Office (PMO). According to the FedRAMP Authorization Act, all systems that directly leverage a FedRAMP-authorized cloud service must include this in an ATO and notify the CMS FedRAMP PMO (\u003ca href=\"mailto:fedramp@cms.hhs.gov\" target=\"_blank\"\u003efedramp@cms.hhs.gov\u003c/a\u003e) of the authorization and changes to the authorization, including renewals and revokation.\u003c/p\u003e\u003cp\u003e\u003cem\u003eNote: Creating a request for a FedR"])</script><script>self.__next_f.push([1,"AMP Package requires a Max.gov account. Follow the steps below:\u003c/em\u003e\u003c/p\u003efa:T730,\u003ch3\u003eChoosing an existing FedRAMP provider\u003c/h3\u003e\u003cp\u003eThe \u003ca href=\"https://marketplace.fedramp.gov/\"\u003eFedRAMP Marketplace\u003c/a\u003e is the repository of cloud service providers (CSPs) and cloud service offerings (CSOs) that are:\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP Authorized\u003c/strong\u003e - CSO is authorized for FedRAMP\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP Ready\u003c/strong\u003e - CSP is not yet authorized for FedRAMP, but the CSP have completed their FedRAMP Readiness Assessment Report (RAR) and is ready to partner with an Agency (such as CMS)\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eFedRAMP In Process - \u003c/strong\u003eCSO is being reviewed for an Authority to Operate (ATO) by an Agency or the FedRAMP Joint Authorization Board (JAB)\u003c/p\u003e\u003cp\u003e\"FedRAMP Ready\" status for new CSPs that are not FedRAMP Authorized is highly recommended. This status indicates that a 3PAO has reviewed documentation from the CSP and provided a readiness report. This can be requested for review as part of evaluating the selection of a CSO.\u003c/p\u003e\u003ch2\u003eFedRAMP Package Request process\u003c/h2\u003e\u003cp\u003eThe FedRAMP Package provides security posture details for a cloud service that has been FedRAMP Authorized. You may want to request a FedRAMP package if you are using, considering, and/or assessing a cloud service offering. Initial access to the package lasts for 60 days. Permanent access can be granted if the agency has an ATO letter on file with the FedRAMP Program Management Office (PMO). According to the FedRAMP Authorization Act, all systems that directly leverage a FedRAMP-authorized cloud service must include this in an ATO and notify the CMS FedRAMP PMO (\u003ca href=\"mailto:fedramp@cms.hhs.gov\" target=\"_blank\"\u003efedramp@cms.hhs.gov\u003c/a\u003e) of the authorization and changes to the authorization, including renewals and revokation.\u003c/p\u003e\u003cp\u003e\u003cem\u003eNote: Creating a request for a FedRAMP Package requires a Max.gov account. Follow the steps below:\u003c/em\u003e\u003c/p\u003ef8:{\"value\":\"$f9\",\"format\":\"body_text\",\"processed\":\"$fa\"}\nf6:{\"drupal_internal__id\":1261,\"drupal_internal__revision_id\":19472,\"l"])</script><script>self.__next_f.push([1,"angcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T20:30:59+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$f7\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$f8\"}\nfe:{\"drupal_internal__target_id\":\"page_section\"}\nfd:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$fe\"}\n100:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a/paragraph_type?resourceVersion=id%3A19472\"}\n101:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a/relationships/paragraph_type?resourceVersion=id%3A19472\"}\nff:{\"related\":\"$100\",\"self\":\"$101\"}\nfc:{\"data\":\"$fd\",\"links\":\"$ff\"}\n104:{\"target_revision_id\":19471,\"drupal_internal__target_id\":1256}\n103:{\"type\":\"paragraph--process_list\",\"id\":\"13045e8b-0f56-41bd-bfb7-a7462625f7df\",\"meta\":\"$104\"}\n106:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a/field_specialty_item?resourceVersion=id%3A19472\"}\n107:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a/relationships/field_specialty_item?resourceVersion=id%3A19472\"}\n105:{\"related\":\"$106\",\"self\":\"$107\"}\n102:{\"data\":\"$103\",\"links\":\"$105\"}\nfb:{\"paragraph_type\":\"$fc\",\"field_specialty_item\":\"$102\"}\nf3:{\"type\":\"paragraph--page_section\",\"id\":\"2b2216d8-24c3-4940-930f-6e79f68a279a\",\"links\":\"$f4\",\"attributes\":\"$f6\",\"relationships\":\"$fb\"}\n10a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e?resourceVersion=id%3A19474\"}\n109:{\"self\":\"$10a\"}\n10c:[]\n10d:{\"value\":\"\u003ch2\u003eProducts\u003c/h2\u003e\",\"format\":\"body_text\",\"processed\":\"\u003ch2\u003eProducts\u003c/h2\u003e\"}\n10b:{\"drupal_internal__id\":1266,\"drupal_internal__revision_id\":19474,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:26:34+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$10c\""])</script><script>self.__next_f.push([1,",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$10d\"}\n111:{\"drupal_internal__target_id\":\"page_section\"}\n110:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$111\"}\n113:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e/paragraph_type?resourceVersion=id%3A19474\"}\n114:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e/relationships/paragraph_type?resourceVersion=id%3A19474\"}\n112:{\"related\":\"$113\",\"self\":\"$114\"}\n10f:{\"data\":\"$110\",\"links\":\"$112\"}\n117:{\"target_revision_id\":19473,\"drupal_internal__target_id\":3432}\n116:{\"type\":\"paragraph--call_out_box\",\"id\":\"09410fda-e6cd-4131-ad62-ae6fcbafad49\",\"meta\":\"$117\"}\n119:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e/field_specialty_item?resourceVersion=id%3A19474\"}\n11a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e/relationships/field_specialty_item?resourceVersion=id%3A19474\"}\n118:{\"related\":\"$119\",\"self\":\"$11a\"}\n115:{\"data\":\"$116\",\"links\":\"$118\"}\n10e:{\"paragraph_type\":\"$10f\",\"field_specialty_item\":\"$115\"}\n108:{\"type\":\"paragraph--page_section\",\"id\":\"cbda5c42-489d-4480-85f5-db10db44de3e\",\"links\":\"$109\",\"attributes\":\"$10b\",\"relationships\":\"$10e\"}\n11d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2?resourceVersion=id%3A19475\"}\n11c:{\"self\":\"$11d\"}\n11f:[]\n121:T57b,\u003ch3\u003eCMS Sponsored Initial Authorization FedRAMP Products\u003c/h3\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Provider\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Offering\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP ID\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eType\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eService Model\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eDatabricks\u003c/td\u003e\u003ctd\u003eDatabricks on AWS East/West\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1834740315\"\u003eFR1834740315\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003ePaaS, SaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003c"])</script><script>self.__next_f.push([1,"td\u003eLauchDarkly\u003c/td\u003e\u003ctd\u003eLauchDarkly\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2120962552\"\u003eFR2120962552\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eNucleus\u003c/td\u003e\u003ctd\u003eNucleus for Government\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2134455708\"\u003eFR2134455708\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSaviynt, Inc.\u003c/td\u003e\u003ctd\u003eEnterprise Identity Cloud (EIC)\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1821062403\"\u003eFR1821062403\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnowflake Inc.\u003c/td\u003e\u003ctd\u003eThe DataCloud on AWS US East/West\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1809360201\"\u003eFR1809360201\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnowflake Inc.\u003c/td\u003e\u003ctd\u003eThe DataCloud on Azure Government\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1809360202\"\u003eFR1809360202\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e122:T57b,\u003ch3\u003eCMS Sponsored Initial Authorization FedRAMP Products\u003c/h3\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Provider\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Offering\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP ID\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eType\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eService Model\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eDatabricks\u003c/td\u003e\u003ctd\u003eDatabricks on AWS East/West\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1834740315\"\u003eFR1834740315\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003ePaaS, SaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eLauchDarkly\u003c/td\u003e\u003ctd\u003eLauchDarkly\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2120962552\"\u003eFR2120962552\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eNucleus\u003c/td\u003e\u003ctd\u003eNucleus for Government\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2134455708\"\u003eFR2134455708\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSaviynt, Inc.\u003c/td\u003e\u003ctd\u003eEnterprise Identity Cloud (EIC)\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1821062403\"\u003eFR1821062403\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnowflake Inc.\u003c/td\u003e\u003ctd\u003eThe DataCloud on AWS US East/West\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.g"])</script><script>self.__next_f.push([1,"ov/products/FR1809360201\"\u003eFR1809360201\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnowflake Inc.\u003c/td\u003e\u003ctd\u003eThe DataCloud on Azure Government\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR1809360202\"\u003eFR1809360202\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eAgency*\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e120:{\"value\":\"$121\",\"format\":\"body_text\",\"processed\":\"$122\"}\n11e:{\"drupal_internal__id\":3433,\"drupal_internal__revision_id\":19475,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:26:10+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$11f\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$120\"}\n126:{\"drupal_internal__target_id\":\"page_section\"}\n125:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$126\"}\n128:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2/paragraph_type?resourceVersion=id%3A19475\"}\n129:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2/relationships/paragraph_type?resourceVersion=id%3A19475\"}\n127:{\"related\":\"$128\",\"self\":\"$129\"}\n124:{\"data\":\"$125\",\"links\":\"$127\"}\n12c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2/field_specialty_item?resourceVersion=id%3A19475\"}\n12d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2/relationships/field_specialty_item?resourceVersion=id%3A19475\"}\n12b:{\"related\":\"$12c\",\"self\":\"$12d\"}\n12a:{\"data\":null,\"links\":\"$12b\"}\n123:{\"paragraph_type\":\"$124\",\"field_specialty_item\":\"$12a\"}\n11b:{\"type\":\"paragraph--page_section\",\"id\":\"37970dd4-a515-4370-a09f-f5177c2f98c2\",\"links\":\"$11c\",\"attributes\":\"$11e\",\"relationships\":\"$123\"}\n130:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a?resourceVersion=id%3A19476\"}\n12f:{\"self\":\"$130\"}\n132:[]\n134:T617,\u003ch3\u003eCMS Sponsored Products -- In Process\u003c/h3\u003e\u003ctable"])</script><script>self.__next_f.push([1,"\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Provider (CSP)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Offering (CSO)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFIPS-199 Security Categorization\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Model\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCMS Agency Authorization\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP Marketplace Status\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP Marketplace ID\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAlation\u003c/td\u003e\u003ctd\u003eAlation Cloud Service\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2411862686\"\u003eFR2411862686\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAppOmni\u003c/td\u003e\u003ctd\u003eAppOmni SaaS Security for Government\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2431264500\"\u003eFR2431264500\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAxonius\u003c/td\u003e\u003ctd\u003eAxonius Platform\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Finalization\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2401047002\"\u003eFR2401047002\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnyk\u003c/td\u003e\u003ctd\u003eSnyk for Government\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Finalization\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2230451369\"\u003eFR2230451369\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTalkdesk\u003c/td\u003e\u003ctd\u003eTalkdesk CX Cloud Government Ed.\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2213647361\"\u003eFR2213647361\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e135:T617,\u003ch3\u003eCMS Sponsored Products -- In Process\u003c/h3\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Provider (CSP)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Offering (CSO)\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFIPS-199 Security Categorization\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCloud Service Model\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCMS Agency Authorization\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP Marketplace Status\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFedRAMP Marketplace ID\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAlation\u003c/td\u003e\u003ctd\u003eAlation Cloud Service\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e"])</script><script>self.__next_f.push([1,"\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2411862686\"\u003eFR2411862686\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAppOmni\u003c/td\u003e\u003ctd\u003eAppOmni SaaS Security for Government\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2431264500\"\u003eFR2431264500\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAxonius\u003c/td\u003e\u003ctd\u003eAxonius Platform\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Finalization\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2401047002\"\u003eFR2401047002\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eSnyk\u003c/td\u003e\u003ctd\u003eSnyk for Government\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Finalization\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2230451369\"\u003eFR2230451369\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eTalkdesk\u003c/td\u003e\u003ctd\u003eTalkdesk CX Cloud Government Ed.\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003eSaaS\u003c/td\u003e\u003ctd\u003eAgency Review\u003c/td\u003e\u003ctd\u003e\"In-Process\"\u003c/td\u003e\u003ctd\u003e\u003ca href=\"https://marketplace.fedramp.gov/products/FR2213647361\"\u003eFR2213647361\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e133:{\"value\":\"$134\",\"format\":\"body_text\",\"processed\":\"$135\"}\n131:{\"drupal_internal__id\":3434,\"drupal_internal__revision_id\":19476,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:28:07+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":\"$132\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":\"$133\"}\n139:{\"drupal_internal__target_id\":\"page_section\"}\n138:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":\"$139\"}\n13b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a/paragraph_type?resourceVersion=id%3A19476\"}\n13c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a/relationships/paragraph_type?resourceVersion=id%3A19476\"}\n13a:{\"related\":\"$13b\",\"self\":\"$13c\"}\n137:{\"data\":\"$138\",\"links\":\"$13a\"}\n13f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8"])</script><script>self.__next_f.push([1,"-43fa-9b9e-253ce35fa55a/field_specialty_item?resourceVersion=id%3A19476\"}\n140:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a/relationships/field_specialty_item?resourceVersion=id%3A19476\"}\n13e:{\"related\":\"$13f\",\"self\":\"$140\"}\n13d:{\"data\":null,\"links\":\"$13e\"}\n136:{\"paragraph_type\":\"$137\",\"field_specialty_item\":\"$13d\"}\n12e:{\"type\":\"paragraph--page_section\",\"id\":\"434b1960-73e8-43fa-9b9e-253ce35fa55a\",\"links\":\"$12f\",\"attributes\":\"$131\",\"relationships\":\"$136\"}\n143:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf?resourceVersion=id%3A19461\"}\n142:{\"self\":\"$143\"}\n145:[]\n144:{\"drupal_internal__id\":3430,\"drupal_internal__revision_id\":19461,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:03:44+00:00\",\"parent_id\":\"3431\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":\"$145\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_process_list_conclusion\":null}\n149:{\"drupal_internal__target_id\":\"process_list\"}\n148:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"8a1fa202-0dc7-4f58-9b3d-7f9c44c9a9c8\",\"meta\":\"$149\"}\n14b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf/paragraph_type?resourceVersion=id%3A19461\"}\n14c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf/relationships/paragraph_type?resourceVersion=id%3A19461\"}\n14a:{\"related\":\"$14b\",\"self\":\"$14c\"}\n147:{\"data\":\"$148\",\"links\":\"$14a\"}\n150:{\"target_revision_id\":19453,\"drupal_internal__target_id\":3422}\n14f:{\"type\":\"paragraph--process_list_item\",\"id\":\"623c9f93-08b9-4568-b852-feb753cafb4d\",\"meta\":\"$150\"}\n152:{\"target_revision_id\":19454,\"drupal_internal__target_id\":3423}\n151:{\"type\":\"paragraph--process_list_item\",\"id\":\"d7ec40c2-ed5a-4f39-b624-94807cfa40a1\",\"meta\":\"$152\"}\n154:{\"target_revision_id\":19455,\"drupal_internal__target_id\":3424}\n153:{\"type\":\"paragraph--process_list_item\",\"id\":\"2453e205-2551-4d10-8"])</script><script>self.__next_f.push([1,"048-0f38e1f48aa0\",\"meta\":\"$154\"}\n156:{\"target_revision_id\":19456,\"drupal_internal__target_id\":3425}\n155:{\"type\":\"paragraph--process_list_item\",\"id\":\"d3430be6-95c0-4375-8aac-4dc868f871d8\",\"meta\":\"$156\"}\n158:{\"target_revision_id\":19457,\"drupal_internal__target_id\":3426}\n157:{\"type\":\"paragraph--process_list_item\",\"id\":\"5a513f69-74ee-42c8-aaff-0ef930932a08\",\"meta\":\"$158\"}\n15a:{\"target_revision_id\":19458,\"drupal_internal__target_id\":3427}\n159:{\"type\":\"paragraph--process_list_item\",\"id\":\"e0063305-ce7d-45f2-afef-b8d9f4ecc0bf\",\"meta\":\"$15a\"}\n15c:{\"target_revision_id\":19459,\"drupal_internal__target_id\":3428}\n15b:{\"type\":\"paragraph--process_list_item\",\"id\":\"f48e593e-b69d-4609-ab3c-d25d243fd7d0\",\"meta\":\"$15c\"}\n15e:{\"target_revision_id\":19460,\"drupal_internal__target_id\":3429}\n15d:{\"type\":\"paragraph--process_list_item\",\"id\":\"6f356d04-306e-478f-8569-579d303b4de0\",\"meta\":\"$15e\"}\n14e:[\"$14f\",\"$151\",\"$153\",\"$155\",\"$157\",\"$159\",\"$15b\",\"$15d\"]\n160:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf/field_process_list_item?resourceVersion=id%3A19461\"}\n161:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf/relationships/field_process_list_item?resourceVersion=id%3A19461\"}\n15f:{\"related\":\"$160\",\"self\":\"$161\"}\n14d:{\"data\":\"$14e\",\"links\":\"$15f\"}\n146:{\"paragraph_type\":\"$147\",\"field_process_list_item\":\"$14d\"}\n141:{\"type\":\"paragraph--process_list\",\"id\":\"5ad34745-bdd0-4431-9dd5-eca900bdcadf\",\"links\":\"$142\",\"attributes\":\"$144\",\"relationships\":\"$146\"}\n164:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df?resourceVersion=id%3A19471\"}\n163:{\"self\":\"$164\"}\n166:[]\n167:{\"value\":\"\u003cp\u003eOnce youve completed the steps above, the package request will be sent through the approval process with the Department and with the FedRAMP PMO. You will receive confirmation once your access is granted. Please allow a couple of weeks for approval time.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eOnce youv"])</script><script>self.__next_f.push([1,"e completed the steps above, the package request will be sent through the approval process with the Department and with the FedRAMP PMO. You will receive confirmation once your access is granted. Please allow a couple of weeks for approval time.\u003c/p\u003e\"}\n165:{\"drupal_internal__id\":1256,\"drupal_internal__revision_id\":19471,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T20:37:07+00:00\",\"parent_id\":\"1261\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":\"$166\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_process_list_conclusion\":\"$167\"}\n16b:{\"drupal_internal__target_id\":\"process_list\"}\n16a:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"8a1fa202-0dc7-4f58-9b3d-7f9c44c9a9c8\",\"meta\":\"$16b\"}\n16d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df/paragraph_type?resourceVersion=id%3A19471\"}\n16e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df/relationships/paragraph_type?resourceVersion=id%3A19471\"}\n16c:{\"related\":\"$16d\",\"self\":\"$16e\"}\n169:{\"data\":\"$16a\",\"links\":\"$16c\"}\n172:{\"target_revision_id\":19463,\"drupal_internal__target_id\":1216}\n171:{\"type\":\"paragraph--process_list_item\",\"id\":\"cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8\",\"meta\":\"$172\"}\n174:{\"target_revision_id\":19464,\"drupal_internal__target_id\":1221}\n173:{\"type\":\"paragraph--process_list_item\",\"id\":\"088baed3-27e7-4e01-9d07-9598442a1291\",\"meta\":\"$174\"}\n176:{\"target_revision_id\":19465,\"drupal_internal__target_id\":1226}\n175:{\"type\":\"paragraph--process_list_item\",\"id\":\"62c260e3-b8dc-470e-a07a-462dd5affec9\",\"meta\":\"$176\"}\n178:{\"target_revision_id\":19466,\"drupal_internal__target_id\":1231}\n177:{\"type\":\"paragraph--process_list_item\",\"id\":\"c287ddbf-f689-469f-8e81-5db4b8899c1e\",\"meta\":\"$178\"}\n17a:{\"target_revision_id\":19467,\"drupal_internal__target_id\":1236}\n179:{\"type\":\"paragraph--process_list_item\",\"id\":\"296b3cad-e467-409c-897d-110458ca9456\",\"meta\":\"$17a\"}\n17c:{\"target_revision_id\":19468,\"drupal_internal__targ"])</script><script>self.__next_f.push([1,"et_id\":1241}\n17b:{\"type\":\"paragraph--process_list_item\",\"id\":\"cf223be7-513a-452e-bf60-c4223d70b826\",\"meta\":\"$17c\"}\n17e:{\"target_revision_id\":19469,\"drupal_internal__target_id\":1246}\n17d:{\"type\":\"paragraph--process_list_item\",\"id\":\"1791dd29-fe3d-4938-8ab2-92755a6ae409\",\"meta\":\"$17e\"}\n180:{\"target_revision_id\":19470,\"drupal_internal__target_id\":1251}\n17f:{\"type\":\"paragraph--process_list_item\",\"id\":\"46b4e165-819a-4ba4-ba6e-eddefd744bc5\",\"meta\":\"$180\"}\n170:[\"$171\",\"$173\",\"$175\",\"$177\",\"$179\",\"$17b\",\"$17d\",\"$17f\"]\n182:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df/field_process_list_item?resourceVersion=id%3A19471\"}\n183:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df/relationships/field_process_list_item?resourceVersion=id%3A19471\"}\n181:{\"related\":\"$182\",\"self\":\"$183\"}\n16f:{\"data\":\"$170\",\"links\":\"$181\"}\n168:{\"paragraph_type\":\"$169\",\"field_process_list_item\":\"$16f\"}\n162:{\"type\":\"paragraph--process_list\",\"id\":\"13045e8b-0f56-41bd-bfb7-a7462625f7df\",\"links\":\"$163\",\"attributes\":\"$165\",\"relationships\":\"$168\"}\n186:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/09410fda-e6cd-4131-ad62-ae6fcbafad49?resourceVersion=id%3A19473\"}\n185:{\"self\":\"$186\"}\n188:[]\n18a:[]\n189:{\"uri\":\"https://marketplace.fedramp.gov/agencies/22-005-06\",\"title\":\"\",\"options\":\"$18a\",\"url\":\"https://marketplace.fedramp.gov/agencies/22-005-06\"}\n18b:{\"value\":\"The FedRAMP Marketplace provides a searchable and sortable database of Cloud Service Offerings (CSOs) that have achieved a FedRAMP designation, a list of federal agencies using FedRAMP Authorized CSOs, and FedRAMP recognized auditors (3PAOs) that can perform a FedRAMP assessment. \",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eThe FedRAMP Marketplace provides a searchable and sortable database of Cloud Service Offerings (CSOs) that have achieved a FedRAMP designation, a list of federal agencies using FedRAMP Authorized CSOs, and FedRAMP recognized auditors (3PAOs) that can perform a FedRA"])</script><script>self.__next_f.push([1,"MP assessment.\u003c/p\u003e\\n\"}\n187:{\"drupal_internal__id\":3432,\"drupal_internal__revision_id\":19473,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:33:55+00:00\",\"parent_id\":\"1266\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":\"$188\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_call_out_link\":\"$189\",\"field_call_out_link_text\":\"Go to the FedRAMP Marketplace\",\"field_call_out_text\":\"$18b\",\"field_header\":\"See all approved FedRAMP Products\"}\n18f:{\"drupal_internal__target_id\":\"call_out_box\"}\n18e:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"a1d0a205-c6c9-4816-b701-4763d05de8e8\",\"meta\":\"$18f\"}\n191:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/09410fda-e6cd-4131-ad62-ae6fcbafad49/paragraph_type?resourceVersion=id%3A19473\"}\n192:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/09410fda-e6cd-4131-ad62-ae6fcbafad49/relationships/paragraph_type?resourceVersion=id%3A19473\"}\n190:{\"related\":\"$191\",\"self\":\"$192\"}\n18d:{\"data\":\"$18e\",\"links\":\"$190\"}\n18c:{\"paragraph_type\":\"$18d\"}\n184:{\"type\":\"paragraph--call_out_box\",\"id\":\"09410fda-e6cd-4131-ad62-ae6fcbafad49\",\"links\":\"$185\",\"attributes\":\"$187\",\"relationships\":\"$18c\"}\n195:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/623c9f93-08b9-4568-b852-feb753cafb4d?resourceVersion=id%3A19453\"}\n194:{\"self\":\"$195\"}\n197:[]\n198:{\"value\":\"\u003cp\u003eCMS has developed a RCR process to provide an initial security review of the cloud service. This is done by the CMS Software as a Service Governance (SaaSG) team. The cloud service should be assessed through the RCR process.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eCMS has developed a RCR process to provide an initial security review of the cloud service. This is done by the CMS Software as a Service Governance (SaaSG) team. The cloud service should be assessed through the RCR process.\u003c/p\u003e\"}\n196:{\"drupal_internal__id\":3422,\"drupal_internal__revision_id\":19453,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:03:44+00:00\",\"p"])</script><script>self.__next_f.push([1,"arent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$197\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$198\",\"field_list_item_title\":\"CMS Rapid Cloud Review (RCR)\"}\n19c:{\"drupal_internal__target_id\":\"process_list_item\"}\n19b:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$19c\"}\n19e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/623c9f93-08b9-4568-b852-feb753cafb4d/paragraph_type?resourceVersion=id%3A19453\"}\n19f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/623c9f93-08b9-4568-b852-feb753cafb4d/relationships/paragraph_type?resourceVersion=id%3A19453\"}\n19d:{\"related\":\"$19e\",\"self\":\"$19f\"}\n19a:{\"data\":\"$19b\",\"links\":\"$19d\"}\n199:{\"paragraph_type\":\"$19a\"}\n193:{\"type\":\"paragraph--process_list_item\",\"id\":\"623c9f93-08b9-4568-b852-feb753cafb4d\",\"links\":\"$194\",\"attributes\":\"$196\",\"relationships\":\"$199\"}\n1a2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d7ec40c2-ed5a-4f39-b624-94807cfa40a1?resourceVersion=id%3A19454\"}\n1a1:{\"self\":\"$1a2\"}\n1a4:[]\n1a5:{\"value\":\"\u003cp\u003eWe highly recommend a FedRAMP Readiness Assessment from an accredited Third-Party Assessment Organization (3PAO) to evaluate your readiness for FedRAMP.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eWe highly recommend a FedRAMP Readiness Assessment from an accredited Third-Party Assessment Organization (3PAO) to evaluate your readiness for FedRAMP.\u003c/p\u003e\"}\n1a3:{\"drupal_internal__id\":3423,\"drupal_internal__revision_id\":19454,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:04:23+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1a4\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1a5\",\"field_list_item_title\":\"FedRAMP Readiness Assessment\"}\n1a9:{\"drupal_internal__target_id\":\"process_list_item\"}\n1a8:{\"type\":\"paragraphs_type--para"])</script><script>self.__next_f.push([1,"graphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1a9\"}\n1ab:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d7ec40c2-ed5a-4f39-b624-94807cfa40a1/paragraph_type?resourceVersion=id%3A19454\"}\n1ac:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d7ec40c2-ed5a-4f39-b624-94807cfa40a1/relationships/paragraph_type?resourceVersion=id%3A19454\"}\n1aa:{\"related\":\"$1ab\",\"self\":\"$1ac\"}\n1a7:{\"data\":\"$1a8\",\"links\":\"$1aa\"}\n1a6:{\"paragraph_type\":\"$1a7\"}\n1a0:{\"type\":\"paragraph--process_list_item\",\"id\":\"d7ec40c2-ed5a-4f39-b624-94807cfa40a1\",\"links\":\"$1a1\",\"attributes\":\"$1a3\",\"relationships\":\"$1a6\"}\n1af:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/2453e205-2551-4d10-8048-0f38e1f48aa0?resourceVersion=id%3A19455\"}\n1ae:{\"self\":\"$1af\"}\n1b1:[]\n1b2:{\"value\":\"\u003cp\u003eThe cloud service environment must be fully built out and ready before the agency will commit to sponsoring the cloud service.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eThe cloud service environment must be fully built out and ready before the agency will commit to sponsoring the cloud service.\u003c/p\u003e\"}\n1b0:{\"drupal_internal__id\":3424,\"drupal_internal__revision_id\":19455,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:04:49+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1b1\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1b2\",\"field_list_item_title\":\"Fully built environment \"}\n1b6:{\"drupal_internal__target_id\":\"process_list_item\"}\n1b5:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1b6\"}\n1b8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/2453e205-2551-4d10-8048-0f38e1f48aa0/paragraph_type?resourceVersion=id%3A19455\"}\n1b9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/2453e205-2551-4d10-8048-0f38e1f48aa0/relationships/paragraph_type?resourceVersion=id%3A19455\"}\n1b7:{\"related\":\"$"])</script><script>self.__next_f.push([1,"1b8\",\"self\":\"$1b9\"}\n1b4:{\"data\":\"$1b5\",\"links\":\"$1b7\"}\n1b3:{\"paragraph_type\":\"$1b4\"}\n1ad:{\"type\":\"paragraph--process_list_item\",\"id\":\"2453e205-2551-4d10-8048-0f38e1f48aa0\",\"links\":\"$1ae\",\"attributes\":\"$1b0\",\"relationships\":\"$1b3\"}\n1bc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d3430be6-95c0-4375-8aac-4dc868f871d8?resourceVersion=id%3A19456\"}\n1bb:{\"self\":\"$1bc\"}\n1be:[]\n1bf:{\"value\":\"\u003cp\u003e\u0026nbsp;Your cloud services must comply with all security controls as outlined in the FedRAMP Security Assessment Framework (SAF), which includes controls from the National Institute of Standards and Technology (NIST)Special Publication (SP) 800-53 Revision 5.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003e\u0026nbsp;Your cloud services must comply with all security controls as outlined in the FedRAMP Security Assessment Framework (SAF), which includes controls from the National Institute of Standards and Technology (NIST)Special Publication (SP) 800-53 Revision 5.\u003c/p\u003e\"}\n1bd:{\"drupal_internal__id\":3425,\"drupal_internal__revision_id\":19456,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:05:12+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1be\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1bf\",\"field_list_item_title\":\"FedRAMP Security Controls Compliance\"}\n1c3:{\"drupal_internal__target_id\":\"process_list_item\"}\n1c2:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1c3\"}\n1c5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d3430be6-95c0-4375-8aac-4dc868f871d8/paragraph_type?resourceVersion=id%3A19456\"}\n1c6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d3430be6-95c0-4375-8aac-4dc868f871d8/relationships/paragraph_type?resourceVersion=id%3A19456\"}\n1c4:{\"related\":\"$1c5\",\"self\":\"$1c6\"}\n1c1:{\"data\":\"$1c2\",\"links\":\"$1c4\"}\n1c0:{\"paragraph_type\":\"$1c1\"}\n1ba:{\"type\":\"paragraph--process_list_item\",\"id\":\"d3430"])</script><script>self.__next_f.push([1,"be6-95c0-4375-8aac-4dc868f871d8\",\"links\":\"$1bb\",\"attributes\":\"$1bd\",\"relationships\":\"$1c0\"}\n1c9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/5a513f69-74ee-42c8-aaff-0ef930932a08?resourceVersion=id%3A19457\"}\n1c8:{\"self\":\"$1c9\"}\n1cb:[]\n1cc:{\"value\":\"\u003cp\u003eIn addition to FedRAMP security requirements, the cloud service must also meet the requirements of the CMS Acceptable Risks and Safeguards (ARS) implementation of the NIST SP800-53 Rev. 5 controls.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eIn addition to FedRAMP security requirements, the cloud service must also meet the requirements of the CMS Acceptable Risks and Safeguards (ARS) implementation of the NIST SP800-53 Rev. 5 controls.\u003c/p\u003e\"}\n1ca:{\"drupal_internal__id\":3426,\"drupal_internal__revision_id\":19457,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:06:15+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1cb\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1cc\",\"field_list_item_title\":\"CMS Security Controls Compliance\"}\n1d0:{\"drupal_internal__target_id\":\"process_list_item\"}\n1cf:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1d0\"}\n1d2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/5a513f69-74ee-42c8-aaff-0ef930932a08/paragraph_type?resourceVersion=id%3A19457\"}\n1d3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/5a513f69-74ee-42c8-aaff-0ef930932a08/relationships/paragraph_type?resourceVersion=id%3A19457\"}\n1d1:{\"related\":\"$1d2\",\"self\":\"$1d3\"}\n1ce:{\"data\":\"$1cf\",\"links\":\"$1d1\"}\n1cd:{\"paragraph_type\":\"$1ce\"}\n1c7:{\"type\":\"paragraph--process_list_item\",\"id\":\"5a513f69-74ee-42c8-aaff-0ef930932a08\",\"links\":\"$1c8\",\"attributes\":\"$1ca\",\"relationships\":\"$1cd\"}\n1d6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e0063305-ce7d-45f2-afef-b8d9f4ecc0bf?resourceVersion=id%3A19458\"}\n1d5:{\"self\":\"$1d6\"}\n1d8:[]\n1d9:{"])</script><script>self.__next_f.push([1,"\"value\":\"\u003cp\u003eIdentify subject matter experts on your cloud team that will support the creation of FedRAMP documentation and liaison with the agency through the authorization process.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eIdentify subject matter experts on your cloud team that will support the creation of FedRAMP documentation and liaison with the agency through the authorization process.\u003c/p\u003e\"}\n1d7:{\"drupal_internal__id\":3427,\"drupal_internal__revision_id\":19458,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:06:53+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1d8\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1d9\",\"field_list_item_title\":\"Identify Subject Matter Experts\"}\n1dd:{\"drupal_internal__target_id\":\"process_list_item\"}\n1dc:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1dd\"}\n1df:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e0063305-ce7d-45f2-afef-b8d9f4ecc0bf/paragraph_type?resourceVersion=id%3A19458\"}\n1e0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e0063305-ce7d-45f2-afef-b8d9f4ecc0bf/relationships/paragraph_type?resourceVersion=id%3A19458\"}\n1de:{\"related\":\"$1df\",\"self\":\"$1e0\"}\n1db:{\"data\":\"$1dc\",\"links\":\"$1de\"}\n1da:{\"paragraph_type\":\"$1db\"}\n1d4:{\"type\":\"paragraph--process_list_item\",\"id\":\"e0063305-ce7d-45f2-afef-b8d9f4ecc0bf\",\"links\":\"$1d5\",\"attributes\":\"$1d7\",\"relationships\":\"$1da\"}\n1e3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f48e593e-b69d-4609-ab3c-d25d243fd7d0?resourceVersion=id%3A19459\"}\n1e2:{\"self\":\"$1e3\"}\n1e5:[]\n1e6:{\"value\":\"\u003cp\u003eWe would require all documentation necessary to support the security controls, such as a System Security and Privacy Plan (SSPP). Developing the SSPP in the Open Security Controls Assessment Language (OSCAL) is recommended.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eWe would require all documentation nec"])</script><script>self.__next_f.push([1,"essary to support the security controls, such as a System Security and Privacy Plan (SSPP). Developing the SSPP in the Open Security Controls Assessment Language (OSCAL) is recommended.\u003c/p\u003e\"}\n1e4:{\"drupal_internal__id\":3428,\"drupal_internal__revision_id\":19459,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:07:29+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1e5\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1e6\",\"field_list_item_title\":\"Documentation\"}\n1ea:{\"drupal_internal__target_id\":\"process_list_item\"}\n1e9:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1ea\"}\n1ec:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f48e593e-b69d-4609-ab3c-d25d243fd7d0/paragraph_type?resourceVersion=id%3A19459\"}\n1ed:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f48e593e-b69d-4609-ab3c-d25d243fd7d0/relationships/paragraph_type?resourceVersion=id%3A19459\"}\n1eb:{\"related\":\"$1ec\",\"self\":\"$1ed\"}\n1e8:{\"data\":\"$1e9\",\"links\":\"$1eb\"}\n1e7:{\"paragraph_type\":\"$1e8\"}\n1e1:{\"type\":\"paragraph--process_list_item\",\"id\":\"f48e593e-b69d-4609-ab3c-d25d243fd7d0\",\"links\":\"$1e2\",\"attributes\":\"$1e4\",\"relationships\":\"$1e7\"}\n1f0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/6f356d04-306e-478f-8569-579d303b4de0?resourceVersion=id%3A19460\"}\n1ef:{\"self\":\"$1f0\"}\n1f2:[]\n1f3:{\"value\":\"\u003cp\u003eThe authorization process takes months to complete, so it is essential that the business owner is committed to using the product for the duration of the FedRAMP authorization process.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eThe authorization process takes months to complete, so it is essential that the business owner is committed to using the product for the duration of the FedRAMP authorization process.\u003c/p\u003e\"}\n1f1:{\"drupal_internal__id\":3429,\"drupal_internal__revision_id\":19460,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18"])</script><script>self.__next_f.push([1,"T16:08:26+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1f2\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$1f3\",\"field_list_item_title\":\"Commitment of the CMS Business Owner\"}\n1f7:{\"drupal_internal__target_id\":\"process_list_item\"}\n1f6:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$1f7\"}\n1f9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/6f356d04-306e-478f-8569-579d303b4de0/paragraph_type?resourceVersion=id%3A19460\"}\n1fa:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/6f356d04-306e-478f-8569-579d303b4de0/relationships/paragraph_type?resourceVersion=id%3A19460\"}\n1f8:{\"related\":\"$1f9\",\"self\":\"$1fa\"}\n1f5:{\"data\":\"$1f6\",\"links\":\"$1f8\"}\n1f4:{\"paragraph_type\":\"$1f5\"}\n1ee:{\"type\":\"paragraph--process_list_item\",\"id\":\"6f356d04-306e-478f-8569-579d303b4de0\",\"links\":\"$1ef\",\"attributes\":\"$1f1\",\"relationships\":\"$1f4\"}\n1fd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8?resourceVersion=id%3A19463\"}\n1fc:{\"self\":\"$1fd\"}\n1ff:[]\n200:{\"value\":\"\u003cp\u003eUse the \u003ca href=\\\"https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf\\\"\u003eFedRAMP Package Request Access form\u003c/a\u003e on the FedRAMP website. This is a digital form that you can complete and sign from your computer. Start by filling out \\\"User Information\\\" at the top.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eUse the \u003ca href=\\\"https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf\\\"\u003eFedRAMP Package Request Access form\u003c/a\u003e on the FedRAMP website. This is a digital form that you can complete and sign from your computer. Start by filling out \\\"User Information\\\" at the top.\u003c/p\u003e\"}\n1fe:{\"drupal_internal__id\":1216,\"drupal_internal__revision_id\":19463,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T20:37:07+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\""])</script><script>self.__next_f.push([1,"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$1ff\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$200\",\"field_list_item_title\":\"Start package request form\"}\n204:{\"drupal_internal__target_id\":\"process_list_item\"}\n203:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$204\"}\n206:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8/paragraph_type?resourceVersion=id%3A19463\"}\n207:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8/relationships/paragraph_type?resourceVersion=id%3A19463\"}\n205:{\"related\":\"$206\",\"self\":\"$207\"}\n202:{\"data\":\"$203\",\"links\":\"$205\"}\n201:{\"paragraph_type\":\"$202\"}\n1fb:{\"type\":\"paragraph--process_list_item\",\"id\":\"cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8\",\"links\":\"$1fc\",\"attributes\":\"$1fe\",\"relationships\":\"$201\"}\n20a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/088baed3-27e7-4e01-9d07-9598442a1291?resourceVersion=id%3A19464\"}\n209:{\"self\":\"$20a\"}\n20c:[]\n20d:{\"value\":\"\u003cp\u003eFor filling out the “Requested Package” section, you can find details about the package on the \u003ca href=\\\"https://marketplace.fedramp.gov/\\\"\u003eFedRAMP Marketplace\u003c/a\u003e. This will include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eName of Package (Cloud Service Name)\u003c/li\u003e\u003cli\u003ePackage ID (FedRAMP Package ID)\u003c/li\u003e\u003cli\u003eIf requesting permanent access to a package, please include this note following the listing of the FedRAMP Package ID. *Please see requirements for requesting permanent access in the section above.\u0026nbsp;\u003c/li\u003e\u003cli\u003eIf requesting access to multiple packages, you may include all FedRAMP Package ID's on one form.\u003c/li\u003e\u003c/ul\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eFor filling out the “Requested Package” section, you can find details about the package on the \u003ca href=\\\"https://marketplace.fedramp.gov/\\\"\u003eFedRAMP Marketplace\u003c/a\u003e. This will include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eName of Package (Cloud Service Name)\u003c/li\u003e\u003cli\u003ePackage ID (F"])</script><script>self.__next_f.push([1,"edRAMP Package ID)\u003c/li\u003e\u003cli\u003eIf requesting permanent access to a package, please include this note following the listing of the FedRAMP Package ID. *Please see requirements for requesting permanent access in the section above.\u0026nbsp;\u003c/li\u003e\u003cli\u003eIf requesting access to multiple packages, you may include all FedRAMP Package ID's on one form.\u003c/li\u003e\u003c/ul\u003e\"}\n20b:{\"drupal_internal__id\":1221,\"drupal_internal__revision_id\":19464,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:19:52+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$20c\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$20d\",\"field_list_item_title\":\"Add details about the package\"}\n211:{\"drupal_internal__target_id\":\"process_list_item\"}\n210:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$211\"}\n213:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/088baed3-27e7-4e01-9d07-9598442a1291/paragraph_type?resourceVersion=id%3A19464\"}\n214:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/088baed3-27e7-4e01-9d07-9598442a1291/relationships/paragraph_type?resourceVersion=id%3A19464\"}\n212:{\"related\":\"$213\",\"self\":\"$214\"}\n20f:{\"data\":\"$210\",\"links\":\"$212\"}\n20e:{\"paragraph_type\":\"$20f\"}\n208:{\"type\":\"paragraph--process_list_item\",\"id\":\"088baed3-27e7-4e01-9d07-9598442a1291\",\"links\":\"$209\",\"attributes\":\"$20b\",\"relationships\":\"$20e\"}\n217:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/62c260e3-b8dc-470e-a07a-462dd5affec9?resourceVersion=id%3A19465\"}\n216:{\"self\":\"$217\"}\n219:[]\n21a:{\"value\":\"\u003cp\u003eThis part is completed by HHS. Leave it blank and move on to the next section.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eThis part is completed by HHS. Leave it blank and move on to the next section.\u003c/p\u003e\"}\n218:{\"drupal_internal__id\":1226,\"drupal_internal__revision_id\":19465,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:20:42+00:00\",\"parent_id\":\"1256"])</script><script>self.__next_f.push([1,"\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$219\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$21a\",\"field_list_item_title\":\"SKIP \\\"Access Authorization\\\"\"}\n21e:{\"drupal_internal__target_id\":\"process_list_item\"}\n21d:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$21e\"}\n220:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/62c260e3-b8dc-470e-a07a-462dd5affec9/paragraph_type?resourceVersion=id%3A19465\"}\n221:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/62c260e3-b8dc-470e-a07a-462dd5affec9/relationships/paragraph_type?resourceVersion=id%3A19465\"}\n21f:{\"related\":\"$220\",\"self\":\"$221\"}\n21c:{\"data\":\"$21d\",\"links\":\"$21f\"}\n21b:{\"paragraph_type\":\"$21c\"}\n215:{\"type\":\"paragraph--process_list_item\",\"id\":\"62c260e3-b8dc-470e-a07a-462dd5affec9\",\"links\":\"$216\",\"attributes\":\"$218\",\"relationships\":\"$21b\"}\n224:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/c287ddbf-f689-469f-8e81-5db4b8899c1e?resourceVersion=id%3A19466\"}\n223:{\"self\":\"$224\"}\n226:[]\n227:{\"value\":\"\u003cp\u003eIn the next section - “Agreement for Package Review” - initial every line and then digitally sign the document using your CMS PIV.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eIn the next section - “Agreement for Package Review” - initial every line and then digitally sign the document using your CMS PIV.\u003c/p\u003e\"}\n225:{\"drupal_internal__id\":1231,\"drupal_internal__revision_id\":19466,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:21:21+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$226\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$227\",\"field_list_item_title\":\"Agree and sign\"}\n22b:{\"drupal_internal__target_id\":\"process_list_item\"}\n22a:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"me"])</script><script>self.__next_f.push([1,"ta\":\"$22b\"}\n22d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/c287ddbf-f689-469f-8e81-5db4b8899c1e/paragraph_type?resourceVersion=id%3A19466\"}\n22e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/c287ddbf-f689-469f-8e81-5db4b8899c1e/relationships/paragraph_type?resourceVersion=id%3A19466\"}\n22c:{\"related\":\"$22d\",\"self\":\"$22e\"}\n229:{\"data\":\"$22a\",\"links\":\"$22c\"}\n228:{\"paragraph_type\":\"$229\"}\n222:{\"type\":\"paragraph--process_list_item\",\"id\":\"c287ddbf-f689-469f-8e81-5db4b8899c1e\",\"links\":\"$223\",\"attributes\":\"$225\",\"relationships\":\"$228\"}\n231:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/296b3cad-e467-409c-897d-110458ca9456?resourceVersion=id%3A19467\"}\n230:{\"self\":\"$231\"}\n233:[]\n234:{\"value\":\"\u003cp\u003eThis part is completed by HHS. Leave it blank and move on to the next section.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eThis part is completed by HHS. Leave it blank and move on to the next section.\u003c/p\u003e\"}\n232:{\"drupal_internal__id\":1236,\"drupal_internal__revision_id\":19467,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:22:08+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$233\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$234\",\"field_list_item_title\":\"SKIP \\\"Agreement for FedRAMP Approver\\\"\"}\n238:{\"drupal_internal__target_id\":\"process_list_item\"}\n237:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$238\"}\n23a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/296b3cad-e467-409c-897d-110458ca9456/paragraph_type?resourceVersion=id%3A19467\"}\n23b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/296b3cad-e467-409c-897d-110458ca9456/relationships/paragraph_type?resourceVersion=id%3A19467\"}\n239:{\"related\":\"$23a\",\"self\":\"$23b\"}\n236:{\"data\":\"$237\",\"links\":\"$239\"}\n235:{\"paragraph_type\":\"$236\"}\n22f:{\"type\":\"paragraph--process_list_item\",\"id\":\"296"])</script><script>self.__next_f.push([1,"b3cad-e467-409c-897d-110458ca9456\",\"links\":\"$230\",\"attributes\":\"$232\",\"relationships\":\"$235\"}\n23e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cf223be7-513a-452e-bf60-c4223d70b826?resourceVersion=id%3A19468\"}\n23d:{\"self\":\"$23e\"}\n240:[]\n241:{\"value\":\"\u003cp\u003eIf youre a federal contractor, you must complete “Attachment A: Federal Contractor Non-Disclosure Agreement for FedRAMP”. Fill in your name in the first paragraph, read the agreement carefully, then digitally sign at the bottom using your CMS PIV (and date). If youre not a federal contractor, you can skip this part.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eIf youre a federal contractor, you must complete “Attachment A: Federal Contractor Non-Disclosure Agreement for FedRAMP”. Fill in your name in the first paragraph, read the agreement carefully, then digitally sign at the bottom using your CMS PIV (and date). If youre not a federal contractor, you can skip this part.\u003c/p\u003e\"}\n23f:{\"drupal_internal__id\":1241,\"drupal_internal__revision_id\":19468,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:23:35+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$240\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$241\",\"field_list_item_title\":\"Contractors complete Attachment A\"}\n245:{\"drupal_internal__target_id\":\"process_list_item\"}\n244:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$245\"}\n247:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cf223be7-513a-452e-bf60-c4223d70b826/paragraph_type?resourceVersion=id%3A19468\"}\n248:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cf223be7-513a-452e-bf60-c4223d70b826/relationships/paragraph_type?resourceVersion=id%3A19468\"}\n246:{\"related\":\"$247\",\"self\":\"$248\"}\n243:{\"data\":\"$244\",\"links\":\"$246\"}\n242:{\"paragraph_type\":\"$243\"}\n23c:{\"type\":\"paragraph--process_list_item\",\"id\":\"cf2"])</script><script>self.__next_f.push([1,"23be7-513a-452e-bf60-c4223d70b826\",\"links\":\"$23d\",\"attributes\":\"$23f\",\"relationships\":\"$242\"}\n24b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/1791dd29-fe3d-4938-8ab2-92755a6ae409?resourceVersion=id%3A19469\"}\n24a:{\"self\":\"$24b\"}\n24d:[]\n24e:{\"value\":\"\u003cp\u003eYoure done with the package request form. Now you must create an account at \u003ca href=\\\"https://portal.max.gov/portal/home\\\"\u003eMax.gov\u003c/a\u003e if you dont already have one this is where the packages are stored. Once you have an account, move on to the last step.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eYoure done with the package request form. Now you must create an account at \u003ca href=\\\"https://portal.max.gov/portal/home\\\"\u003eMax.gov\u003c/a\u003e if you dont already have one this is where the packages are stored. Once you have an account, move on to the last step.\u003c/p\u003e\"}\n24c:{\"drupal_internal__id\":1246,\"drupal_internal__revision_id\":19469,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:25:23+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$24d\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$24e\",\"field_list_item_title\":\"Create Max.gov account\"}\n252:{\"drupal_internal__target_id\":\"process_list_item\"}\n251:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$252\"}\n254:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/1791dd29-fe3d-4938-8ab2-92755a6ae409/paragraph_type?resourceVersion=id%3A19469\"}\n255:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/1791dd29-fe3d-4938-8ab2-92755a6ae409/relationships/paragraph_type?resourceVersion=id%3A19469\"}\n253:{\"related\":\"$254\",\"self\":\"$255\"}\n250:{\"data\":\"$251\",\"links\":\"$253\"}\n24f:{\"paragraph_type\":\"$250\"}\n249:{\"type\":\"paragraph--process_list_item\",\"id\":\"1791dd29-fe3d-4938-8ab2-92755a6ae409\",\"links\":\"$24a\",\"attributes\":\"$24c\",\"relationships\":\"$24f\"}\n258:{\"href\":\"https://cybergeek.cms.gov/json"])</script><script>self.__next_f.push([1,"api/paragraph/process_list_item/46b4e165-819a-4ba4-ba6e-eddefd744bc5?resourceVersion=id%3A19470\"}\n257:{\"self\":\"$258\"}\n25a:[]\n25b:{\"value\":\"\u003cp\u003eOpen a CMS ServiceNow request ticket using the \u003ca href=\\\"https://cmsitsm.servicenowservices.com/connect?page=cat_item\u0026amp;sys_id=3dff10441b94f8100888ed7bbc4bcb8a\u0026amp;sysparm_category=5d2681841b17e0100888ed7bbc4bcb7f\\\"\u003eFedRAMP ServiceNow Request\u003c/a\u003e. Add the details of the package you are requesting, and attach the package request form that you filled out and digitally signed.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eOpen a CMS ServiceNow request ticket using the \u003ca href=\\\"https://cmsitsm.servicenowservices.com/connect?page=cat_item\u0026amp;sys_id=3dff10441b94f8100888ed7bbc4bcb8a\u0026amp;sysparm_category=5d2681841b17e0100888ed7bbc4bcb7f\\\"\u003eFedRAMP ServiceNow Request\u003c/a\u003e. Add the details of the package you are requesting, and attach the package request form that you filled out and digitally signed.\u003c/p\u003e\"}\n259:{\"drupal_internal__id\":1251,\"drupal_internal__revision_id\":19470,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:25:46+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":\"$25a\",\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":\"$25b\",\"field_list_item_title\":\"Submit request via ServiceNow\"}\n25f:{\"drupal_internal__target_id\":\"process_list_item\"}\n25e:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":\"$25f\"}\n261:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/46b4e165-819a-4ba4-ba6e-eddefd744bc5/paragraph_type?resourceVersion=id%3A19470\"}\n262:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/46b4e165-819a-4ba4-ba6e-eddefd744bc5/relationships/paragraph_type?resourceVersion=id%3A19470\"}\n260:{\"related\":\"$261\",\"self\":\"$262\"}\n25d:{\"data\":\"$25e\",\"links\":\"$260\"}\n25c:{\"paragraph_type\":\"$25d\"}\n256:{\"type\":\"paragraph--process_list_item\",\"id\":\"46b4e165-819a-4ba4-ba6e-eddefd744bc5\",\"lin"])</script><script>self.__next_f.push([1,"ks\":\"$257\",\"attributes\":\"$259\",\"relationships\":\"$25c\"}\n265:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125?resourceVersion=id%3A19477\"}\n264:{\"self\":\"$265\"}\n267:[]\n266:{\"drupal_internal__id\":1956,\"drupal_internal__revision_id\":19477,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:59:29+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$267\",\"default_langcode\":true,\"revision_translation_affected\":true}\n26b:{\"drupal_internal__target_id\":\"internal_link\"}\n26a:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$26b\"}\n26d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125/paragraph_type?resourceVersion=id%3A19477\"}\n26e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125/relationships/paragraph_type?resourceVersion=id%3A19477\"}\n26c:{\"related\":\"$26d\",\"self\":\"$26e\"}\n269:{\"data\":\"$26a\",\"links\":\"$26c\"}\n271:{\"drupal_internal__target_id\":246}\n270:{\"type\":\"node--explainer\",\"id\":\"42018625-2456-415e-bd2c-f1c061290d58\",\"meta\":\"$271\"}\n273:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125/field_link?resourceVersion=id%3A19477\"}\n274:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125/relationships/field_link?resourceVersion=id%3A19477\"}\n272:{\"related\":\"$273\",\"self\":\"$274\"}\n26f:{\"data\":\"$270\",\"links\":\"$272\"}\n268:{\"paragraph_type\":\"$269\",\"field_link\":\"$26f\"}\n263:{\"type\":\"paragraph--internal_link\",\"id\":\"7a5f06f0-e0ba-4ed2-aade-79b2233ec125\",\"links\":\"$264\",\"attributes\":\"$266\",\"relationships\":\"$268\"}\n277:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727?resourceVersion=id%3A19478\"}\n276:{\"self\":\"$277\"}\n279:[]\n278:{\"drupal_internal__id\":1961,\"drupal_internal__revision_id\":19478,\"langcode\":\"en\",\"status\":true,\"crea"])</script><script>self.__next_f.push([1,"ted\":\"2023-02-15T20:59:38+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$279\",\"default_langcode\":true,\"revision_translation_affected\":true}\n27d:{\"drupal_internal__target_id\":\"internal_link\"}\n27c:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$27d\"}\n27f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727/paragraph_type?resourceVersion=id%3A19478\"}\n280:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727/relationships/paragraph_type?resourceVersion=id%3A19478\"}\n27e:{\"related\":\"$27f\",\"self\":\"$280\"}\n27b:{\"data\":\"$27c\",\"links\":\"$27e\"}\n283:{\"drupal_internal__target_id\":206}\n282:{\"type\":\"node--explainer\",\"id\":\"defa7277-790b-4bbd-b6ee-cc539e121df2\",\"meta\":\"$283\"}\n285:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727/field_link?resourceVersion=id%3A19478\"}\n286:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727/relationships/field_link?resourceVersion=id%3A19478\"}\n284:{\"related\":\"$285\",\"self\":\"$286\"}\n281:{\"data\":\"$282\",\"links\":\"$284\"}\n27a:{\"paragraph_type\":\"$27b\",\"field_link\":\"$281\"}\n275:{\"type\":\"paragraph--internal_link\",\"id\":\"61509c21-9c9e-48d0-8110-b98574cee727\",\"links\":\"$276\",\"attributes\":\"$278\",\"relationships\":\"$27a\"}\n289:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b?resourceVersion=id%3A19479\"}\n288:{\"self\":\"$289\"}\n28b:[]\n28a:{\"drupal_internal__id\":1966,\"drupal_internal__revision_id\":19479,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T21:00:10+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$28b\",\"default_langcode\":true,\"revision_translation_affected\":true}\n28f:{\"drupal_internal__target_id\":\"internal_link\"}\n28e:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-80"])</script><script>self.__next_f.push([1,"7c-40e2-8ffa-700ec8c17167\",\"meta\":\"$28f\"}\n291:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b/paragraph_type?resourceVersion=id%3A19479\"}\n292:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b/relationships/paragraph_type?resourceVersion=id%3A19479\"}\n290:{\"related\":\"$291\",\"self\":\"$292\"}\n28d:{\"data\":\"$28e\",\"links\":\"$290\"}\n295:{\"drupal_internal__target_id\":671}\n294:{\"type\":\"node--explainer\",\"id\":\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\",\"meta\":\"$295\"}\n297:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b/field_link?resourceVersion=id%3A19479\"}\n298:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b/relationships/field_link?resourceVersion=id%3A19479\"}\n296:{\"related\":\"$297\",\"self\":\"$298\"}\n293:{\"data\":\"$294\",\"links\":\"$296\"}\n28c:{\"paragraph_type\":\"$28d\",\"field_link\":\"$293\"}\n287:{\"type\":\"paragraph--internal_link\",\"id\":\"c2480fc7-b7c3-49d4-8643-cd42bcd3b56b\",\"links\":\"$288\",\"attributes\":\"$28a\",\"relationships\":\"$28c\"}\n29b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa?resourceVersion=id%3A19480\"}\n29a:{\"self\":\"$29b\"}\n29d:[]\n29c:{\"drupal_internal__id\":3435,\"drupal_internal__revision_id\":19480,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:36:49+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":\"$29d\",\"default_langcode\":true,\"revision_translation_affected\":true}\n2a1:{\"drupal_internal__target_id\":\"internal_link\"}\n2a0:{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":\"$2a1\"}\n2a3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa/paragraph_type?resourceVersion=id%3A19480\"}\n2a4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa/relationships/paragra"])</script><script>self.__next_f.push([1,"ph_type?resourceVersion=id%3A19480\"}\n2a2:{\"related\":\"$2a3\",\"self\":\"$2a4\"}\n29f:{\"data\":\"$2a0\",\"links\":\"$2a2\"}\n2a7:{\"drupal_internal__target_id\":736}\n2a6:{\"type\":\"node--explainer\",\"id\":\"96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a\",\"meta\":\"$2a7\"}\n2a9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa/field_link?resourceVersion=id%3A19480\"}\n2aa:{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa/relationships/field_link?resourceVersion=id%3A19480\"}\n2a8:{\"related\":\"$2a9\",\"self\":\"$2aa\"}\n2a5:{\"data\":\"$2a6\",\"links\":\"$2a8\"}\n29e:{\"paragraph_type\":\"$29f\",\"field_link\":\"$2a5\"}\n299:{\"type\":\"paragraph--internal_link\",\"id\":\"63dffb2c-c587-4991-8523-142b2378a5aa\",\"links\":\"$29a\",\"attributes\":\"$29c\",\"relationships\":\"$29e\"}\n2ad:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58?resourceVersion=id%3A5668\"}\n2ac:{\"self\":\"$2ad\"}\n2af:{\"alias\":\"/learn/cms-cloud-services\",\"pid\":236,\"langcode\":\"en\"}\n2b0:{\"value\":\"Platform-As-A-Service with tools, security, and support services designed specifically for CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003ePlatform-As-A-Service with tools, security, and support services designed specifically for CMS\u003c/p\u003e\\n\"}\n2b1:[\"#cms-cloud-security-forum\"]\n2ae:{\"drupal_internal__nid\":246,\"drupal_internal__vid\":5668,\"langcode\":\"en\",\"revision_timestamp\":\"2024-07-12T15:23:53+00:00\",\"status\":true,\"title\":\"CMS Cloud Services\",\"created\":\"2022-08-26T14:47:12+00:00\",\"changed\":\"2024-07-12T15:23:53+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$2af\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"cloudsupport@cms.hhs.gov\",\"field_contact_name\":\"CMS Cloud Support\",\"field_short_description\":\"$2b0\",\"field_slack_channel\":\"$2b1\"}\n2b5:{\"drupal_internal__target_id\":\"explainer\"}\n2b4:{\"t"])</script><script>self.__next_f.push([1,"ype\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$2b5\"}\n2b7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/node_type?resourceVersion=id%3A5668\"}\n2b8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/node_type?resourceVersion=id%3A5668\"}\n2b6:{\"related\":\"$2b7\",\"self\":\"$2b8\"}\n2b3:{\"data\":\"$2b4\",\"links\":\"$2b6\"}\n2bb:{\"drupal_internal__target_id\":6}\n2ba:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$2bb\"}\n2bd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/revision_uid?resourceVersion=id%3A5668\"}\n2be:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/revision_uid?resourceVersion=id%3A5668\"}\n2bc:{\"related\":\"$2bd\",\"self\":\"$2be\"}\n2b9:{\"data\":\"$2ba\",\"links\":\"$2bc\"}\n2c1:{\"drupal_internal__target_id\":26}\n2c0:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$2c1\"}\n2c3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/uid?resourceVersion=id%3A5668\"}\n2c4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/uid?resourceVersion=id%3A5668\"}\n2c2:{\"related\":\"$2c3\",\"self\":\"$2c4\"}\n2bf:{\"data\":\"$2c0\",\"links\":\"$2c2\"}\n2c8:{\"target_revision_id\":18519,\"drupal_internal__target_id\":1371}\n2c7:{\"type\":\"paragraph--page_section\",\"id\":\"15f8e7ab-00f6-4c17-b433-659267271131\",\"meta\":\"$2c8\"}\n2c6:[\"$2c7\"]\n2ca:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_page_section?resourceVersion=id%3A5668\"}\n2cb:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_page_section?resourceVersion=id%3A5668\"}\n2c9:{\"related\":\"$2ca\",\"self\":\"$2cb\"}\n2c5:{\"data\":\"$2c6\",\"links\":\"$2c9\"}\n2cf:{\"target_revision_id\":18520,\"drupal_internal__target_id\":1376}\n2ce:{\"type\":\"paragraph"])</script><script>self.__next_f.push([1,"--internal_link\",\"id\":\"b48e2348-59b0-42a6-9f44-62af8a94ddf1\",\"meta\":\"$2cf\"}\n2d1:{\"target_revision_id\":18521,\"drupal_internal__target_id\":1381}\n2d0:{\"type\":\"paragraph--internal_link\",\"id\":\"17ea04ed-0987-43ea-b494-7c051ddfcd28\",\"meta\":\"$2d1\"}\n2d3:{\"target_revision_id\":18522,\"drupal_internal__target_id\":1391}\n2d2:{\"type\":\"paragraph--internal_link\",\"id\":\"ae49a5b4-3922-4f8d-bbe5-624b243b4637\",\"meta\":\"$2d3\"}\n2d5:{\"target_revision_id\":18523,\"drupal_internal__target_id\":1396}\n2d4:{\"type\":\"paragraph--internal_link\",\"id\":\"3ebbf63a-35a8-4c15-8002-2b41f7ef528a\",\"meta\":\"$2d5\"}\n2cd:[\"$2ce\",\"$2d0\",\"$2d2\",\"$2d4\"]\n2d7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_related_collection?resourceVersion=id%3A5668\"}\n2d8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_related_collection?resourceVersion=id%3A5668\"}\n2d6:{\"related\":\"$2d7\",\"self\":\"$2d8\"}\n2cc:{\"data\":\"$2cd\",\"links\":\"$2d6\"}\n2db:{\"drupal_internal__target_id\":121}\n2da:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":\"$2db\"}\n2dd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_resource_type?resourceVersion=id%3A5668\"}\n2de:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_resource_type?resourceVersion=id%3A5668\"}\n2dc:{\"related\":\"$2dd\",\"self\":\"$2de\"}\n2d9:{\"data\":\"$2da\",\"links\":\"$2dc\"}\n2e2:{\"drupal_internal__target_id\":76}\n2e1:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$2e2\"}\n2e4:{\"drupal_internal__target_id\":71}\n2e3:{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":\"$2e4\"}\n2e0:[\"$2e1\",\"$2e3\"]\n2e6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_roles?resourceVersion=id%3A5668\"}\n2e7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationsh"])</script><script>self.__next_f.push([1,"ips/field_roles?resourceVersion=id%3A5668\"}\n2e5:{\"related\":\"$2e6\",\"self\":\"$2e7\"}\n2df:{\"data\":\"$2e0\",\"links\":\"$2e5\"}\n2eb:{\"drupal_internal__target_id\":41}\n2ea:{\"type\":\"taxonomy_term--topics\",\"id\":\"34eaf3c8-5635-4a38-b8c3-7225aa196f4c\",\"meta\":\"$2eb\"}\n2ed:{\"drupal_internal__target_id\":11}\n2ec:{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"meta\":\"$2ed\"}\n2e9:[\"$2ea\",\"$2ec\"]\n2ef:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_topics?resourceVersion=id%3A5668\"}\n2f0:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_topics?resourceVersion=id%3A5668\"}\n2ee:{\"related\":\"$2ef\",\"self\":\"$2f0\"}\n2e8:{\"data\":\"$2e9\",\"links\":\"$2ee\"}\n2b2:{\"node_type\":\"$2b3\",\"revision_uid\":\"$2b9\",\"uid\":\"$2bf\",\"field_page_section\":\"$2c5\",\"field_related_collection\":\"$2cc\",\"field_resource_type\":\"$2d9\",\"field_roles\":\"$2df\",\"field_topics\":\"$2e8\"}\n2ab:{\"type\":\"node--explainer\",\"id\":\"42018625-2456-415e-bd2c-f1c061290d58\",\"links\":\"$2ac\",\"attributes\":\"$2ae\",\"relationships\":\"$2b2\"}\n2f3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2?resourceVersion=id%3A5737\"}\n2f2:{\"self\":\"$2f3\"}\n2f5:{\"alias\":\"/learn/authorization-operate-ato\",\"pid\":196,\"langcode\":\"en\"}\n2f6:{\"value\":\"Testing and documenting system security and compliance to gain approval to operate the system at CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eTesting and documenting system security and compliance to gain approval to operate the system at CMS\u003c/p\u003e\\n\"}\n2f7:[\"#cra-help\"]\n2f4:{\"drupal_internal__nid\":206,\"drupal_internal__vid\":5737,\"langcode\":\"en\",\"revision_timestamp\":\"2024-07-31T17:37:48+00:00\",\"status\":true,\"title\":\"Authorization to Operate (ATO)\",\"created\":\"2022-08-25T19:06:37+00:00\",\"changed\":\"2024-07-31T17:37:48+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$2f5\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response"])</script><script>self.__next_f.push([1,"\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":\"$2f6\",\"field_slack_channel\":\"$2f7\"}\n2fb:{\"drupal_internal__target_id\":\"explainer\"}\n2fa:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$2fb\"}\n2fd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/node_type?resourceVersion=id%3A5737\"}\n2fe:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/node_type?resourceVersion=id%3A5737\"}\n2fc:{\"related\":\"$2fd\",\"self\":\"$2fe\"}\n2f9:{\"data\":\"$2fa\",\"links\":\"$2fc\"}\n301:{\"drupal_internal__target_id\":6}\n300:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$301\"}\n303:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/revision_uid?resourceVersion=id%3A5737\"}\n304:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/revision_uid?resourceVersion=id%3A5737\"}\n302:{\"related\":\"$303\",\"self\":\"$304\"}\n2ff:{\"data\":\"$300\",\"links\":\"$302\"}\n307:{\"drupal_internal__target_id\":26}\n306:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$307\"}\n309:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/uid?resourceVersion=id%3A5737\"}\n30a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/uid?resourceVersion=id%3A5737\"}\n308:{\"related\":\"$309\",\"self\":\"$30a\"}\n305:{\"data\":\"$306\",\"links\":\"$308\"}\n30e:{\"target_revision_id\":18928,\"drupal_internal__target_id\":711}\n30d:{\"type\":\"paragraph--page_section\",\"id\":\"d94629f9-9668-41dd-bce7-a4f267239c07\",\"meta\":\"$30e\"}\n310:{\"target_revision_id\":18929,\"drupal_internal__target_id\":736}\n30f:{\"type\":\"paragraph--page_section\",\"id\":\"243e2d3f-f903-438c-8b1f-aee53390b1df\",\"meta\":\"$310\"}\n30c:[\"$30d\",\"$30f\"]\n312:{\"hr"])</script><script>self.__next_f.push([1,"ef\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_page_section?resourceVersion=id%3A5737\"}\n313:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_page_section?resourceVersion=id%3A5737\"}\n311:{\"related\":\"$312\",\"self\":\"$313\"}\n30b:{\"data\":\"$30c\",\"links\":\"$311\"}\n317:{\"target_revision_id\":18930,\"drupal_internal__target_id\":3376}\n316:{\"type\":\"paragraph--internal_link\",\"id\":\"6f904ac4-c80e-47d9-b786-ee79256befed\",\"meta\":\"$317\"}\n319:{\"target_revision_id\":18931,\"drupal_internal__target_id\":1306}\n318:{\"type\":\"paragraph--internal_link\",\"id\":\"e20959d7-2a7b-4a01-b985-cfa5363233f5\",\"meta\":\"$319\"}\n31b:{\"target_revision_id\":18932,\"drupal_internal__target_id\":1316}\n31a:{\"type\":\"paragraph--internal_link\",\"id\":\"dba9b926-f657-43ce-bc94-0a2d803430c6\",\"meta\":\"$31b\"}\n31d:{\"target_revision_id\":18933,\"drupal_internal__target_id\":2521}\n31c:{\"type\":\"paragraph--internal_link\",\"id\":\"44f7083e-9341-42a5-85dc-a9043cdccdce\",\"meta\":\"$31d\"}\n31f:{\"target_revision_id\":18934,\"drupal_internal__target_id\":3444}\n31e:{\"type\":\"paragraph--internal_link\",\"id\":\"bd0366d9-64ce-401f-9453-bf38aa8054a1\",\"meta\":\"$31f\"}\n315:[\"$316\",\"$318\",\"$31a\",\"$31c\",\"$31e\"]\n321:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_related_collection?resourceVersion=id%3A5737\"}\n322:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_related_collection?resourceVersion=id%3A5737\"}\n320:{\"related\":\"$321\",\"self\":\"$322\"}\n314:{\"data\":\"$315\",\"links\":\"$320\"}\n325:{\"drupal_internal__target_id\":131}\n324:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$325\"}\n327:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_resource_type?resourceVersion=id%3A5737\"}\n328:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_resource_type?r"])</script><script>self.__next_f.push([1,"esourceVersion=id%3A5737\"}\n326:{\"related\":\"$327\",\"self\":\"$328\"}\n323:{\"data\":\"$324\",\"links\":\"$326\"}\n32c:{\"drupal_internal__target_id\":66}\n32b:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$32c\"}\n32e:{\"drupal_internal__target_id\":61}\n32d:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$32e\"}\n330:{\"drupal_internal__target_id\":76}\n32f:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$330\"}\n32a:[\"$32b\",\"$32d\",\"$32f\"]\n332:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_roles?resourceVersion=id%3A5737\"}\n333:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_roles?resourceVersion=id%3A5737\"}\n331:{\"related\":\"$332\",\"self\":\"$333\"}\n329:{\"data\":\"$32a\",\"links\":\"$331\"}\n337:{\"drupal_internal__target_id\":11}\n336:{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"meta\":\"$337\"}\n335:[\"$336\"]\n339:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_topics?resourceVersion=id%3A5737\"}\n33a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_topics?resourceVersion=id%3A5737\"}\n338:{\"related\":\"$339\",\"self\":\"$33a\"}\n334:{\"data\":\"$335\",\"links\":\"$338\"}\n2f8:{\"node_type\":\"$2f9\",\"revision_uid\":\"$2ff\",\"uid\":\"$305\",\"field_page_section\":\"$30b\",\"field_related_collection\":\"$314\",\"field_resource_type\":\"$323\",\"field_roles\":\"$329\",\"field_topics\":\"$334\"}\n2f1:{\"type\":\"node--explainer\",\"id\":\"defa7277-790b-4bbd-b6ee-cc539e121df2\",\"links\":\"$2f2\",\"attributes\":\"$2f4\",\"relationships\":\"$2f8\"}\n33d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf?resourceVersion=id%3A6076\"}\n33c:{\"self\":\"$33d\"}\n33f:{\"alias\":\"/learn/zero-trust\",\"pid\":661,\"langcode\":\"en\"}\n340:{\"value\":\"Security paradigm that requires the continuous verification of system users to promote system security"])</script><script>self.__next_f.push([1,"\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eSecurity paradigm that requires the continuous verification of system users to promote system security\u003c/p\u003e\\n\"}\n341:[\"#cms-zero-trust\"]\n33e:{\"drupal_internal__nid\":671,\"drupal_internal__vid\":6076,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-15T16:28:16+00:00\",\"status\":true,\"title\":\"Zero Trust \",\"created\":\"2023-02-02T19:12:26+00:00\",\"changed\":\"2025-01-15T16:28:16+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$33f\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"ISPGZeroTrust@cms.hhs.gov\",\"field_contact_name\":\"Zero Trust Team\",\"field_short_description\":\"$340\",\"field_slack_channel\":\"$341\"}\n345:{\"drupal_internal__target_id\":\"explainer\"}\n344:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$345\"}\n347:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/node_type?resourceVersion=id%3A6076\"}\n348:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/node_type?resourceVersion=id%3A6076\"}\n346:{\"related\":\"$347\",\"self\":\"$348\"}\n343:{\"data\":\"$344\",\"links\":\"$346\"}\n34b:{\"drupal_internal__target_id\":138}\n34a:{\"type\":\"user--user\",\"id\":\"bebd6b4a-b250-4060-a68d-15e540df32b8\",\"meta\":\"$34b\"}\n34d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/revision_uid?resourceVersion=id%3A6076\"}\n34e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/revision_uid?resourceVersion=id%3A6076\"}\n34c:{\"related\":\"$34d\",\"self\":\"$34e\"}\n349:{\"data\":\"$34a\",\"links\":\"$34c\"}\n351:{\"drupal_internal__target_id\":26}\n350:{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":\"$351\"}\n353:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-"])</script><script>self.__next_f.push([1,"b3ab2faf97cf/uid?resourceVersion=id%3A6076\"}\n354:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/uid?resourceVersion=id%3A6076\"}\n352:{\"related\":\"$353\",\"self\":\"$354\"}\n34f:{\"data\":\"$350\",\"links\":\"$352\"}\n358:{\"target_revision_id\":19936,\"drupal_internal__target_id\":536}\n357:{\"type\":\"paragraph--page_section\",\"id\":\"9271f09e-6087-42ce-9b2a-2ddf6888888d\",\"meta\":\"$358\"}\n356:[\"$357\"]\n35a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_page_section?resourceVersion=id%3A6076\"}\n35b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_page_section?resourceVersion=id%3A6076\"}\n359:{\"related\":\"$35a\",\"self\":\"$35b\"}\n355:{\"data\":\"$356\",\"links\":\"$359\"}\n35f:{\"target_revision_id\":19941,\"drupal_internal__target_id\":3398}\n35e:{\"type\":\"paragraph--internal_link\",\"id\":\"c6911d3e-5198-4b35-ac2a-13d123aedee1\",\"meta\":\"$35f\"}\n361:{\"target_revision_id\":19946,\"drupal_internal__target_id\":1616}\n360:{\"type\":\"paragraph--internal_link\",\"id\":\"2bcabaa5-d621-42c9-bdc8-e0b80b3869d3\",\"meta\":\"$361\"}\n363:{\"target_revision_id\":19951,\"drupal_internal__target_id\":3499}\n362:{\"type\":\"paragraph--internal_link\",\"id\":\"670741af-bf41-4d99-a21c-a24dc57f4424\",\"meta\":\"$363\"}\n365:{\"target_revision_id\":19956,\"drupal_internal__target_id\":1611}\n364:{\"type\":\"paragraph--internal_link\",\"id\":\"f7a739a6-3d16-4633-bfad-fd8f469ffb64\",\"meta\":\"$365\"}\n367:{\"target_revision_id\":19961,\"drupal_internal__target_id\":1621}\n366:{\"type\":\"paragraph--internal_link\",\"id\":\"80d01d00-9ecf-4254-8e6e-a9242e8289f1\",\"meta\":\"$367\"}\n369:{\"target_revision_id\":19966,\"drupal_internal__target_id\":1626}\n368:{\"type\":\"paragraph--internal_link\",\"id\":\"d576257b-f5ba-4ad4-a81b-7628a82e8dce\",\"meta\":\"$369\"}\n35d:[\"$35e\",\"$360\",\"$362\",\"$364\",\"$366\",\"$368\"]\n36b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_related_collection?resourceVersion=id%3A6076\"}\n36c:{\"href\":\"https://cybergeek.cms.gov/jso"])</script><script>self.__next_f.push([1,"napi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_related_collection?resourceVersion=id%3A6076\"}\n36a:{\"related\":\"$36b\",\"self\":\"$36c\"}\n35c:{\"data\":\"$35d\",\"links\":\"$36a\"}\n36f:{\"drupal_internal__target_id\":131}\n36e:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":\"$36f\"}\n371:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_resource_type?resourceVersion=id%3A6076\"}\n372:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_resource_type?resourceVersion=id%3A6076\"}\n370:{\"related\":\"$371\",\"self\":\"$372\"}\n36d:{\"data\":\"$36e\",\"links\":\"$370\"}\n376:{\"drupal_internal__target_id\":66}\n375:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":\"$376\"}\n378:{\"drupal_internal__target_id\":61}\n377:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$378\"}\n37a:{\"drupal_internal__target_id\":76}\n379:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$37a\"}\n374:[\"$375\",\"$377\",\"$379\"]\n37c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_roles?resourceVersion=id%3A6076\"}\n37d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_roles?resourceVersion=id%3A6076\"}\n37b:{\"related\":\"$37c\",\"self\":\"$37d\"}\n373:{\"data\":\"$374\",\"links\":\"$37b\"}\n381:{\"drupal_internal__target_id\":21}\n380:{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":\"$381\"}\n37f:[\"$380\"]\n383:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_topics?resourceVersion=id%3A6076\"}\n384:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_topics?resourceVersion=id%3A6076\"}\n382:{\"related\":\"$383\",\"self\":\"$384\"}\n37e:{\"data\":\"$37f\",\"links\":\"$382\"}\n342:{\"node_type\":\"$343\",\"revisio"])</script><script>self.__next_f.push([1,"n_uid\":\"$349\",\"uid\":\"$34f\",\"field_page_section\":\"$355\",\"field_related_collection\":\"$35c\",\"field_resource_type\":\"$36d\",\"field_roles\":\"$373\",\"field_topics\":\"$37e\"}\n33b:{\"type\":\"node--explainer\",\"id\":\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\",\"links\":\"$33c\",\"attributes\":\"$33e\",\"relationships\":\"$342\"}\n387:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a?resourceVersion=id%3A5934\"}\n388:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a?resourceVersion=rel%3Aworking-copy\"}\n386:{\"self\":\"$387\",\"working-copy\":\"$388\"}\n38a:{\"alias\":\"/learn/saas-governance-saasg\",\"pid\":726,\"langcode\":\"en\"}\n38b:{\"value\":\"Considerations and guidelines for CMS business units wanting to use SaaS applications\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eConsiderations and guidelines for CMS business units wanting to use SaaS applications\u003c/p\u003e\\n\"}\n38c:[\"#ispg-saas-governance\"]\n389:{\"drupal_internal__nid\":736,\"drupal_internal__vid\":5934,\"langcode\":\"en\",\"revision_timestamp\":\"2024-09-28T13:01:56+00:00\",\"status\":true,\"title\":\"SaaS Governance (SaaSG)\",\"created\":\"2023-02-13T19:52:17+00:00\",\"changed\":\"2024-09-28T13:01:56+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":\"$38a\",\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"saasg@cms.hhs.gov\",\"field_contact_name\":\"SaaSG Team\",\"field_short_description\":\"$38b\",\"field_slack_channel\":\"$38c\"}\n390:{\"drupal_internal__target_id\":\"explainer\"}\n38f:{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":\"$390\"}\n392:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/node_type?resourceVersion=id%3A5934\"}\n393:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/node_type?resourceVersion=id%3A5934\"}\n391:{\"relat"])</script><script>self.__next_f.push([1,"ed\":\"$392\",\"self\":\"$393\"}\n38e:{\"data\":\"$38f\",\"links\":\"$391\"}\n396:{\"drupal_internal__target_id\":6}\n395:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$396\"}\n398:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/revision_uid?resourceVersion=id%3A5934\"}\n399:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/revision_uid?resourceVersion=id%3A5934\"}\n397:{\"related\":\"$398\",\"self\":\"$399\"}\n394:{\"data\":\"$395\",\"links\":\"$397\"}\n39c:{\"drupal_internal__target_id\":6}\n39b:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":\"$39c\"}\n39e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/uid?resourceVersion=id%3A5934\"}\n39f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/uid?resourceVersion=id%3A5934\"}\n39d:{\"related\":\"$39e\",\"self\":\"$39f\"}\n39a:{\"data\":\"$39b\",\"links\":\"$39d\"}\n3a3:{\"target_revision_id\":19389,\"drupal_internal__target_id\":1446}\n3a2:{\"type\":\"paragraph--page_section\",\"id\":\"32796f74-9a4b-49be-b101-133dce4c4568\",\"meta\":\"$3a3\"}\n3a5:{\"target_revision_id\":19396,\"drupal_internal__target_id\":3528}\n3a4:{\"type\":\"paragraph--page_section\",\"id\":\"23cc1637-59ba-448f-8e17-e5aed202cb74\",\"meta\":\"$3a5\"}\n3a7:{\"target_revision_id\":19397,\"drupal_internal__target_id\":3529}\n3a6:{\"type\":\"paragraph--page_section\",\"id\":\"53da5747-8514-4ea5-9f3d-2905f9a61edb\",\"meta\":\"$3a7\"}\n3a9:{\"target_revision_id\":19398,\"drupal_internal__target_id\":1451}\n3a8:{\"type\":\"paragraph--page_section\",\"id\":\"c1fc448a-a41f-4061-9bc9-59b74374d79a\",\"meta\":\"$3a9\"}\n3a1:[\"$3a2\",\"$3a4\",\"$3a6\",\"$3a8\"]\n3ab:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_page_section?resourceVersion=id%3A5934\"}\n3ac:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_page_section?resourceVersion=id%3A5934\"}\n3aa:{\"related\":\"$3ab\",\"self\":\"$3ac\""])</script><script>self.__next_f.push([1,"}\n3a0:{\"data\":\"$3a1\",\"links\":\"$3aa\"}\n3b0:{\"target_revision_id\":19399,\"drupal_internal__target_id\":1671}\n3af:{\"type\":\"paragraph--internal_link\",\"id\":\"e0d07bf6-c606-4a38-ba34-9521f9e77733\",\"meta\":\"$3b0\"}\n3b2:{\"target_revision_id\":19400,\"drupal_internal__target_id\":1676}\n3b1:{\"type\":\"paragraph--internal_link\",\"id\":\"be5c8dd0-860f-4570-bf13-358733b392ca\",\"meta\":\"$3b2\"}\n3b4:{\"target_revision_id\":19401,\"drupal_internal__target_id\":1681}\n3b3:{\"type\":\"paragraph--internal_link\",\"id\":\"10abb234-5289-40da-9df3-f4e6e9c06a80\",\"meta\":\"$3b4\"}\n3ae:[\"$3af\",\"$3b1\",\"$3b3\"]\n3b6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_related_collection?resourceVersion=id%3A5934\"}\n3b7:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_related_collection?resourceVersion=id%3A5934\"}\n3b5:{\"related\":\"$3b6\",\"self\":\"$3b7\"}\n3ad:{\"data\":\"$3ae\",\"links\":\"$3b5\"}\n3ba:{\"drupal_internal__target_id\":121}\n3b9:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":\"$3ba\"}\n3bc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_resource_type?resourceVersion=id%3A5934\"}\n3bd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_resource_type?resourceVersion=id%3A5934\"}\n3bb:{\"related\":\"$3bc\",\"self\":\"$3bd\"}\n3b8:{\"data\":\"$3b9\",\"links\":\"$3bb\"}\n3c1:{\"drupal_internal__target_id\":61}\n3c0:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":\"$3c1\"}\n3c3:{\"drupal_internal__target_id\":76}\n3c2:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":\"$3c3\"}\n3bf:[\"$3c0\",\"$3c2\"]\n3c5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_roles?resourceVersion=id%3A5934\"}\n3c6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_roles?resourceVersion=id%3A5934\"}\n3c"])</script><script>self.__next_f.push([1,"4:{\"related\":\"$3c5\",\"self\":\"$3c6\"}\n3be:{\"data\":\"$3bf\",\"links\":\"$3c4\"}\n3ca:{\"drupal_internal__target_id\":41}\n3c9:{\"type\":\"taxonomy_term--topics\",\"id\":\"34eaf3c8-5635-4a38-b8c3-7225aa196f4c\",\"meta\":\"$3ca\"}\n3cc:{\"drupal_internal__target_id\":16}\n3cb:{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"meta\":\"$3cc\"}\n3c8:[\"$3c9\",\"$3cb\"]\n3ce:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_topics?resourceVersion=id%3A5934\"}\n3cf:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_topics?resourceVersion=id%3A5934\"}\n3cd:{\"related\":\"$3ce\",\"self\":\"$3cf\"}\n3c7:{\"data\":\"$3c8\",\"links\":\"$3cd\"}\n38d:{\"node_type\":\"$38e\",\"revision_uid\":\"$394\",\"uid\":\"$39a\",\"field_page_section\":\"$3a0\",\"field_related_collection\":\"$3ad\",\"field_resource_type\":\"$3b8\",\"field_roles\":\"$3be\",\"field_topics\":\"$3c7\"}\n385:{\"type\":\"node--explainer\",\"id\":\"96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a\",\"links\":\"$386\",\"attributes\":\"$389\",\"relationships\":\"$38d\"}\n"])</script><script>self.__next_f.push([1,"5:[\"$\",\"$L17\",null,{\"content\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"a279358b-5b24-49bc-a98e-11681bd7e65c\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c?resourceVersion=id%3A5942\"}},\"attributes\":{\"drupal_internal__nid\":326,\"drupal_internal__vid\":5942,\"langcode\":\"en\",\"revision_timestamp\":\"2024-10-17T14:55:23+00:00\",\"status\":true,\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"created\":\"2022-08-29T15:22:00+00:00\",\"changed\":\"2024-10-17T14:55:23+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/fedramp\",\"pid\":316,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"FedRAMP@cms.hhs.gov\",\"field_contact_name\":\"CMS FedRAMP PMO\",\"field_short_description\":{\"value\":\"Provides a federally-recognized and standardized security framework for all cloud products and services\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eProvides a federally-recognized and standardized security framework for all cloud products and services\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#fedramp\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/node_type?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/node_type?resourceVersion=id%3A5942\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"d3421e1d-1fda-4bd0-83ab-e404455b0e66\",\"meta\":{\"drupal_internal__target_id\":114}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/revision_uid?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/revision_uid?resourceVersion=id%3A5942\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/uid?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/uid?resourceVersion=id%3A5942\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"2ce39e48-81e4-4bea-a0ff-04f25ddd0041\",\"meta\":{\"target_revision_id\":19451,\"drupal_internal__target_id\":1171}},{\"type\":\"paragraph--page_section\",\"id\":\"77ea2e89-2433-4815-b869-52b2d900029e\",\"meta\":{\"target_revision_id\":19452,\"drupal_internal__target_id\":1211}},{\"type\":\"paragraph--page_section\",\"id\":\"deedf0fe-44e9-4015-90a1-f86ce6cbaf24\",\"meta\":{\"target_revision_id\":19462,\"drupal_internal__target_id\":3431}},{\"type\":\"paragraph--page_section\",\"id\":\"2b2216d8-24c3-4940-930f-6e79f68a279a\",\"meta\":{\"target_revision_id\":19472,\"drupal_internal__target_id\":1261}},{\"type\":\"paragraph--page_section\",\"id\":\"cbda5c42-489d-4480-85f5-db10db44de3e\",\"meta\":{\"target_revision_id\":19474,\"drupal_internal__target_id\":1266}},{\"type\":\"paragraph--page_section\",\"id\":\"37970dd4-a515-4370-a09f-f5177c2f98c2\",\"meta\":{\"target_revision_id\":19475,\"drupal_internal__target_id\":3433}},{\"type\":\"paragraph--page_section\",\"id\":\"434b1960-73e8-43fa-9b9e-253ce35fa55a\",\"meta\":{\"target_revision_id\":19476,\"drupal_internal__target_id\":3434}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_page_section?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_page_section?resourceVersion=id%3A5942\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"7a5f06f0-e0ba-4ed2-aade-79b2233ec125\",\"meta\":{\"target_revision_id\":19477,\"drupal_internal__target_id\":1956}},{\"type\":\"paragraph--internal_link\",\"id\":\"61509c21-9c9e-48d0-8110-b98574cee727\",\"meta\":{\"target_revision_id\":19478,\"drupal_internal__target_id\":1961}},{\"type\":\"paragraph--internal_link\",\"id\":\"c2480fc7-b7c3-49d4-8643-cd42bcd3b56b\",\"meta\":{\"target_revision_id\":19479,\"drupal_internal__target_id\":1966}},{\"type\":\"paragraph--internal_link\",\"id\":\"63dffb2c-c587-4991-8523-142b2378a5aa\",\"meta\":{\"target_revision_id\":19480,\"drupal_internal__target_id\":3435}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_related_collection?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_related_collection?resourceVersion=id%3A5942\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_resource_type?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_resource_type?resourceVersion=id%3A5942\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_roles?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_roles?resourceVersion=id%3A5942\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/field_topics?resourceVersion=id%3A5942\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/a279358b-5b24-49bc-a98e-11681bd7e65c/relationships/field_topics?resourceVersion=id%3A5942\"}}}}},\"included\":[{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/d185e460-4998-4d2b-85cb-b04f304dfb1b\"}},\"attributes\":{\"langcode\":\"en\",\"status\":true,\"dependencies\":{\"module\":[\"menu_ui\",\"scheduler\"]},\"third_party_settings\":{\"menu_ui\":{\"available_menus\":[],\"parent\":\"\"},\"scheduler\":{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}},\"name\":\"Explainer page\",\"drupal_internal__type\":\"explainer\",\"description\":\"Use \u003ci\u003eExplainer pages\u003c/i\u003e to provide general information in plain language about a policy, program, tool, service, or task related to security and privacy at CMS.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}},{\"type\":\"user--user\",\"id\":\"d3421e1d-1fda-4bd0-83ab-e404455b0e66\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/d3421e1d-1fda-4bd0-83ab-e404455b0e66\"}},\"attributes\":{\"display_name\":\"mrobinson\"}},{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/dca2c49b-4a12-4d5f-859d-a759444160a4\"}},\"attributes\":{\"display_name\":\"meg - retired\"}},{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22?resourceVersion=id%3A131\"}},\"attributes\":{\"drupal_internal__tid\":131,\"drupal_internal__revision_id\":131,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:13:33+00:00\",\"status\":true,\"name\":\"General Information\",\"description\":null,\"weight\":2,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":{\"drupal_internal__target_id\":\"resource_type\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/vid?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/vid?resourceVersion=id%3A131\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/revision_user?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/revision_user?resourceVersion=id%3A131\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/parent?resourceVersion=id%3A131\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/a17f4908-9141-4b1e-82aa-e6bfe0f91a22/relationships/parent?resourceVersion=id%3A131\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}},\"attributes\":{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}},\"attributes\":{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}},\"attributes\":{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38?resourceVersion=id%3A21\"}},\"attributes\":{\"drupal_internal__tid\":21,\"drupal_internal__revision_id\":21,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:05:35+00:00\",\"status\":true,\"name\":\"Federal Policy \u0026 Guidance\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:22+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/vid?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/vid?resourceVersion=id%3A21\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/revision_user?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/revision_user?resourceVersion=id%3A21\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/parent?resourceVersion=id%3A21\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/b61c7b1f-0882-4fac-bf13-02c68b56fd38/relationships/parent?resourceVersion=id%3A21\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"2ce39e48-81e4-4bea-a0ff-04f25ddd0041\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041?resourceVersion=id%3A19451\"}},\"attributes\":{\"drupal_internal__id\":1171,\"drupal_internal__revision_id\":19451,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T17:29:03+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$18\",\"format\":\"body_text\",\"processed\":\"$19\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041/paragraph_type?resourceVersion=id%3A19451\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041/relationships/paragraph_type?resourceVersion=id%3A19451\"}}},\"field_specialty_item\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041/field_specialty_item?resourceVersion=id%3A19451\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2ce39e48-81e4-4bea-a0ff-04f25ddd0041/relationships/field_specialty_item?resourceVersion=id%3A19451\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"77ea2e89-2433-4815-b869-52b2d900029e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e?resourceVersion=id%3A19452\"}},\"attributes\":{\"drupal_internal__id\":1211,\"drupal_internal__revision_id\":19452,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T20:25:42+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$1a\",\"format\":\"body_text\",\"processed\":\"$1b\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e/paragraph_type?resourceVersion=id%3A19452\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e/relationships/paragraph_type?resourceVersion=id%3A19452\"}}},\"field_specialty_item\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e/field_specialty_item?resourceVersion=id%3A19452\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/77ea2e89-2433-4815-b869-52b2d900029e/relationships/field_specialty_item?resourceVersion=id%3A19452\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"deedf0fe-44e9-4015-90a1-f86ce6cbaf24\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24?resourceVersion=id%3A19462\"}},\"attributes\":{\"drupal_internal__id\":3431,\"drupal_internal__revision_id\":19462,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:02:05+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$1c\",\"format\":\"body_text\",\"processed\":\"$1d\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24/paragraph_type?resourceVersion=id%3A19462\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24/relationships/paragraph_type?resourceVersion=id%3A19462\"}}},\"field_specialty_item\":{\"data\":{\"type\":\"paragraph--process_list\",\"id\":\"5ad34745-bdd0-4431-9dd5-eca900bdcadf\",\"meta\":{\"target_revision_id\":19461,\"drupal_internal__target_id\":3430}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24/field_specialty_item?resourceVersion=id%3A19462\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/deedf0fe-44e9-4015-90a1-f86ce6cbaf24/relationships/field_specialty_item?resourceVersion=id%3A19462\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"2b2216d8-24c3-4940-930f-6e79f68a279a\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a?resourceVersion=id%3A19472\"}},\"attributes\":{\"drupal_internal__id\":1261,\"drupal_internal__revision_id\":19472,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T20:30:59+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$1e\",\"format\":\"body_text\",\"processed\":\"$1f\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a/paragraph_type?resourceVersion=id%3A19472\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a/relationships/paragraph_type?resourceVersion=id%3A19472\"}}},\"field_specialty_item\":{\"data\":{\"type\":\"paragraph--process_list\",\"id\":\"13045e8b-0f56-41bd-bfb7-a7462625f7df\",\"meta\":{\"target_revision_id\":19471,\"drupal_internal__target_id\":1256}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a/field_specialty_item?resourceVersion=id%3A19472\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/2b2216d8-24c3-4940-930f-6e79f68a279a/relationships/field_specialty_item?resourceVersion=id%3A19472\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"cbda5c42-489d-4480-85f5-db10db44de3e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e?resourceVersion=id%3A19474\"}},\"attributes\":{\"drupal_internal__id\":1266,\"drupal_internal__revision_id\":19474,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:26:34+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"\u003ch2\u003eProducts\u003c/h2\u003e\",\"format\":\"body_text\",\"processed\":\"\u003ch2\u003eProducts\u003c/h2\u003e\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e/paragraph_type?resourceVersion=id%3A19474\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e/relationships/paragraph_type?resourceVersion=id%3A19474\"}}},\"field_specialty_item\":{\"data\":{\"type\":\"paragraph--call_out_box\",\"id\":\"09410fda-e6cd-4131-ad62-ae6fcbafad49\",\"meta\":{\"target_revision_id\":19473,\"drupal_internal__target_id\":3432}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e/field_specialty_item?resourceVersion=id%3A19474\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/cbda5c42-489d-4480-85f5-db10db44de3e/relationships/field_specialty_item?resourceVersion=id%3A19474\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"37970dd4-a515-4370-a09f-f5177c2f98c2\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2?resourceVersion=id%3A19475\"}},\"attributes\":{\"drupal_internal__id\":3433,\"drupal_internal__revision_id\":19475,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:26:10+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$20\",\"format\":\"body_text\",\"processed\":\"$21\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2/paragraph_type?resourceVersion=id%3A19475\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2/relationships/paragraph_type?resourceVersion=id%3A19475\"}}},\"field_specialty_item\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2/field_specialty_item?resourceVersion=id%3A19475\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/37970dd4-a515-4370-a09f-f5177c2f98c2/relationships/field_specialty_item?resourceVersion=id%3A19475\"}}}}},{\"type\":\"paragraph--page_section\",\"id\":\"434b1960-73e8-43fa-9b9e-253ce35fa55a\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a?resourceVersion=id%3A19476\"}},\"attributes\":{\"drupal_internal__id\":3434,\"drupal_internal__revision_id\":19476,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:28:07+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_page_section\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_text_block\":{\"value\":\"$22\",\"format\":\"body_text\",\"processed\":\"$23\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"57f3f40a-8120-4393-b881-a5758f9fb30d\",\"meta\":{\"drupal_internal__target_id\":\"page_section\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a/paragraph_type?resourceVersion=id%3A19476\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a/relationships/paragraph_type?resourceVersion=id%3A19476\"}}},\"field_specialty_item\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a/field_specialty_item?resourceVersion=id%3A19476\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/page_section/434b1960-73e8-43fa-9b9e-253ce35fa55a/relationships/field_specialty_item?resourceVersion=id%3A19476\"}}}}},{\"type\":\"paragraph--process_list\",\"id\":\"5ad34745-bdd0-4431-9dd5-eca900bdcadf\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf?resourceVersion=id%3A19461\"}},\"attributes\":{\"drupal_internal__id\":3430,\"drupal_internal__revision_id\":19461,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:03:44+00:00\",\"parent_id\":\"3431\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_process_list_conclusion\":null},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"8a1fa202-0dc7-4f58-9b3d-7f9c44c9a9c8\",\"meta\":{\"drupal_internal__target_id\":\"process_list\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf/paragraph_type?resourceVersion=id%3A19461\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf/relationships/paragraph_type?resourceVersion=id%3A19461\"}}},\"field_process_list_item\":{\"data\":[{\"type\":\"paragraph--process_list_item\",\"id\":\"623c9f93-08b9-4568-b852-feb753cafb4d\",\"meta\":{\"target_revision_id\":19453,\"drupal_internal__target_id\":3422}},{\"type\":\"paragraph--process_list_item\",\"id\":\"d7ec40c2-ed5a-4f39-b624-94807cfa40a1\",\"meta\":{\"target_revision_id\":19454,\"drupal_internal__target_id\":3423}},{\"type\":\"paragraph--process_list_item\",\"id\":\"2453e205-2551-4d10-8048-0f38e1f48aa0\",\"meta\":{\"target_revision_id\":19455,\"drupal_internal__target_id\":3424}},{\"type\":\"paragraph--process_list_item\",\"id\":\"d3430be6-95c0-4375-8aac-4dc868f871d8\",\"meta\":{\"target_revision_id\":19456,\"drupal_internal__target_id\":3425}},{\"type\":\"paragraph--process_list_item\",\"id\":\"5a513f69-74ee-42c8-aaff-0ef930932a08\",\"meta\":{\"target_revision_id\":19457,\"drupal_internal__target_id\":3426}},{\"type\":\"paragraph--process_list_item\",\"id\":\"e0063305-ce7d-45f2-afef-b8d9f4ecc0bf\",\"meta\":{\"target_revision_id\":19458,\"drupal_internal__target_id\":3427}},{\"type\":\"paragraph--process_list_item\",\"id\":\"f48e593e-b69d-4609-ab3c-d25d243fd7d0\",\"meta\":{\"target_revision_id\":19459,\"drupal_internal__target_id\":3428}},{\"type\":\"paragraph--process_list_item\",\"id\":\"6f356d04-306e-478f-8569-579d303b4de0\",\"meta\":{\"target_revision_id\":19460,\"drupal_internal__target_id\":3429}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf/field_process_list_item?resourceVersion=id%3A19461\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/5ad34745-bdd0-4431-9dd5-eca900bdcadf/relationships/field_process_list_item?resourceVersion=id%3A19461\"}}}}},{\"type\":\"paragraph--process_list\",\"id\":\"13045e8b-0f56-41bd-bfb7-a7462625f7df\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df?resourceVersion=id%3A19471\"}},\"attributes\":{\"drupal_internal__id\":1256,\"drupal_internal__revision_id\":19471,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T20:37:07+00:00\",\"parent_id\":\"1261\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_process_list_conclusion\":{\"value\":\"\u003cp\u003eOnce youve completed the steps above, the package request will be sent through the approval process with the Department and with the FedRAMP PMO. You will receive confirmation once your access is granted. Please allow a couple of weeks for approval time.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eOnce youve completed the steps above, the package request will be sent through the approval process with the Department and with the FedRAMP PMO. You will receive confirmation once your access is granted. Please allow a couple of weeks for approval time.\u003c/p\u003e\"}},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"8a1fa202-0dc7-4f58-9b3d-7f9c44c9a9c8\",\"meta\":{\"drupal_internal__target_id\":\"process_list\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df/paragraph_type?resourceVersion=id%3A19471\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df/relationships/paragraph_type?resourceVersion=id%3A19471\"}}},\"field_process_list_item\":{\"data\":[{\"type\":\"paragraph--process_list_item\",\"id\":\"cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8\",\"meta\":{\"target_revision_id\":19463,\"drupal_internal__target_id\":1216}},{\"type\":\"paragraph--process_list_item\",\"id\":\"088baed3-27e7-4e01-9d07-9598442a1291\",\"meta\":{\"target_revision_id\":19464,\"drupal_internal__target_id\":1221}},{\"type\":\"paragraph--process_list_item\",\"id\":\"62c260e3-b8dc-470e-a07a-462dd5affec9\",\"meta\":{\"target_revision_id\":19465,\"drupal_internal__target_id\":1226}},{\"type\":\"paragraph--process_list_item\",\"id\":\"c287ddbf-f689-469f-8e81-5db4b8899c1e\",\"meta\":{\"target_revision_id\":19466,\"drupal_internal__target_id\":1231}},{\"type\":\"paragraph--process_list_item\",\"id\":\"296b3cad-e467-409c-897d-110458ca9456\",\"meta\":{\"target_revision_id\":19467,\"drupal_internal__target_id\":1236}},{\"type\":\"paragraph--process_list_item\",\"id\":\"cf223be7-513a-452e-bf60-c4223d70b826\",\"meta\":{\"target_revision_id\":19468,\"drupal_internal__target_id\":1241}},{\"type\":\"paragraph--process_list_item\",\"id\":\"1791dd29-fe3d-4938-8ab2-92755a6ae409\",\"meta\":{\"target_revision_id\":19469,\"drupal_internal__target_id\":1246}},{\"type\":\"paragraph--process_list_item\",\"id\":\"46b4e165-819a-4ba4-ba6e-eddefd744bc5\",\"meta\":{\"target_revision_id\":19470,\"drupal_internal__target_id\":1251}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df/field_process_list_item?resourceVersion=id%3A19471\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list/13045e8b-0f56-41bd-bfb7-a7462625f7df/relationships/field_process_list_item?resourceVersion=id%3A19471\"}}}}},{\"type\":\"paragraph--call_out_box\",\"id\":\"09410fda-e6cd-4131-ad62-ae6fcbafad49\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/09410fda-e6cd-4131-ad62-ae6fcbafad49?resourceVersion=id%3A19473\"}},\"attributes\":{\"drupal_internal__id\":3432,\"drupal_internal__revision_id\":19473,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:33:55+00:00\",\"parent_id\":\"1266\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_specialty_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_call_out_link\":{\"uri\":\"https://marketplace.fedramp.gov/agencies/22-005-06\",\"title\":\"\",\"options\":[],\"url\":\"https://marketplace.fedramp.gov/agencies/22-005-06\"},\"field_call_out_link_text\":\"Go to the FedRAMP Marketplace\",\"field_call_out_text\":{\"value\":\"The FedRAMP Marketplace provides a searchable and sortable database of Cloud Service Offerings (CSOs) that have achieved a FedRAMP designation, a list of federal agencies using FedRAMP Authorized CSOs, and FedRAMP recognized auditors (3PAOs) that can perform a FedRAMP assessment. \",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eThe FedRAMP Marketplace provides a searchable and sortable database of Cloud Service Offerings (CSOs) that have achieved a FedRAMP designation, a list of federal agencies using FedRAMP Authorized CSOs, and FedRAMP recognized auditors (3PAOs) that can perform a FedRAMP assessment.\u003c/p\u003e\\n\"},\"field_header\":\"See all approved FedRAMP Products\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"a1d0a205-c6c9-4816-b701-4763d05de8e8\",\"meta\":{\"drupal_internal__target_id\":\"call_out_box\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/09410fda-e6cd-4131-ad62-ae6fcbafad49/paragraph_type?resourceVersion=id%3A19473\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/call_out_box/09410fda-e6cd-4131-ad62-ae6fcbafad49/relationships/paragraph_type?resourceVersion=id%3A19473\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"623c9f93-08b9-4568-b852-feb753cafb4d\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/623c9f93-08b9-4568-b852-feb753cafb4d?resourceVersion=id%3A19453\"}},\"attributes\":{\"drupal_internal__id\":3422,\"drupal_internal__revision_id\":19453,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:03:44+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eCMS has developed a RCR process to provide an initial security review of the cloud service. This is done by the CMS Software as a Service Governance (SaaSG) team. The cloud service should be assessed through the RCR process.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eCMS has developed a RCR process to provide an initial security review of the cloud service. This is done by the CMS Software as a Service Governance (SaaSG) team. The cloud service should be assessed through the RCR process.\u003c/p\u003e\"},\"field_list_item_title\":\"CMS Rapid Cloud Review (RCR)\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/623c9f93-08b9-4568-b852-feb753cafb4d/paragraph_type?resourceVersion=id%3A19453\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/623c9f93-08b9-4568-b852-feb753cafb4d/relationships/paragraph_type?resourceVersion=id%3A19453\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"d7ec40c2-ed5a-4f39-b624-94807cfa40a1\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d7ec40c2-ed5a-4f39-b624-94807cfa40a1?resourceVersion=id%3A19454\"}},\"attributes\":{\"drupal_internal__id\":3423,\"drupal_internal__revision_id\":19454,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:04:23+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eWe highly recommend a FedRAMP Readiness Assessment from an accredited Third-Party Assessment Organization (3PAO) to evaluate your readiness for FedRAMP.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eWe highly recommend a FedRAMP Readiness Assessment from an accredited Third-Party Assessment Organization (3PAO) to evaluate your readiness for FedRAMP.\u003c/p\u003e\"},\"field_list_item_title\":\"FedRAMP Readiness Assessment\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d7ec40c2-ed5a-4f39-b624-94807cfa40a1/paragraph_type?resourceVersion=id%3A19454\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d7ec40c2-ed5a-4f39-b624-94807cfa40a1/relationships/paragraph_type?resourceVersion=id%3A19454\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"2453e205-2551-4d10-8048-0f38e1f48aa0\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/2453e205-2551-4d10-8048-0f38e1f48aa0?resourceVersion=id%3A19455\"}},\"attributes\":{\"drupal_internal__id\":3424,\"drupal_internal__revision_id\":19455,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:04:49+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eThe cloud service environment must be fully built out and ready before the agency will commit to sponsoring the cloud service.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eThe cloud service environment must be fully built out and ready before the agency will commit to sponsoring the cloud service.\u003c/p\u003e\"},\"field_list_item_title\":\"Fully built environment \"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/2453e205-2551-4d10-8048-0f38e1f48aa0/paragraph_type?resourceVersion=id%3A19455\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/2453e205-2551-4d10-8048-0f38e1f48aa0/relationships/paragraph_type?resourceVersion=id%3A19455\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"d3430be6-95c0-4375-8aac-4dc868f871d8\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d3430be6-95c0-4375-8aac-4dc868f871d8?resourceVersion=id%3A19456\"}},\"attributes\":{\"drupal_internal__id\":3425,\"drupal_internal__revision_id\":19456,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:05:12+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003e\u0026nbsp;Your cloud services must comply with all security controls as outlined in the FedRAMP Security Assessment Framework (SAF), which includes controls from the National Institute of Standards and Technology (NIST)Special Publication (SP) 800-53 Revision 5.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003e\u0026nbsp;Your cloud services must comply with all security controls as outlined in the FedRAMP Security Assessment Framework (SAF), which includes controls from the National Institute of Standards and Technology (NIST)Special Publication (SP) 800-53 Revision 5.\u003c/p\u003e\"},\"field_list_item_title\":\"FedRAMP Security Controls Compliance\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d3430be6-95c0-4375-8aac-4dc868f871d8/paragraph_type?resourceVersion=id%3A19456\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/d3430be6-95c0-4375-8aac-4dc868f871d8/relationships/paragraph_type?resourceVersion=id%3A19456\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"5a513f69-74ee-42c8-aaff-0ef930932a08\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/5a513f69-74ee-42c8-aaff-0ef930932a08?resourceVersion=id%3A19457\"}},\"attributes\":{\"drupal_internal__id\":3426,\"drupal_internal__revision_id\":19457,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:06:15+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eIn addition to FedRAMP security requirements, the cloud service must also meet the requirements of the CMS Acceptable Risks and Safeguards (ARS) implementation of the NIST SP800-53 Rev. 5 controls.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eIn addition to FedRAMP security requirements, the cloud service must also meet the requirements of the CMS Acceptable Risks and Safeguards (ARS) implementation of the NIST SP800-53 Rev. 5 controls.\u003c/p\u003e\"},\"field_list_item_title\":\"CMS Security Controls Compliance\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/5a513f69-74ee-42c8-aaff-0ef930932a08/paragraph_type?resourceVersion=id%3A19457\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/5a513f69-74ee-42c8-aaff-0ef930932a08/relationships/paragraph_type?resourceVersion=id%3A19457\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"e0063305-ce7d-45f2-afef-b8d9f4ecc0bf\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e0063305-ce7d-45f2-afef-b8d9f4ecc0bf?resourceVersion=id%3A19458\"}},\"attributes\":{\"drupal_internal__id\":3427,\"drupal_internal__revision_id\":19458,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:06:53+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eIdentify subject matter experts on your cloud team that will support the creation of FedRAMP documentation and liaison with the agency through the authorization process.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eIdentify subject matter experts on your cloud team that will support the creation of FedRAMP documentation and liaison with the agency through the authorization process.\u003c/p\u003e\"},\"field_list_item_title\":\"Identify Subject Matter Experts\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e0063305-ce7d-45f2-afef-b8d9f4ecc0bf/paragraph_type?resourceVersion=id%3A19458\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/e0063305-ce7d-45f2-afef-b8d9f4ecc0bf/relationships/paragraph_type?resourceVersion=id%3A19458\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"f48e593e-b69d-4609-ab3c-d25d243fd7d0\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f48e593e-b69d-4609-ab3c-d25d243fd7d0?resourceVersion=id%3A19459\"}},\"attributes\":{\"drupal_internal__id\":3428,\"drupal_internal__revision_id\":19459,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:07:29+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eWe would require all documentation necessary to support the security controls, such as a System Security and Privacy Plan (SSPP). Developing the SSPP in the Open Security Controls Assessment Language (OSCAL) is recommended.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eWe would require all documentation necessary to support the security controls, such as a System Security and Privacy Plan (SSPP). Developing the SSPP in the Open Security Controls Assessment Language (OSCAL) is recommended.\u003c/p\u003e\"},\"field_list_item_title\":\"Documentation\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f48e593e-b69d-4609-ab3c-d25d243fd7d0/paragraph_type?resourceVersion=id%3A19459\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/f48e593e-b69d-4609-ab3c-d25d243fd7d0/relationships/paragraph_type?resourceVersion=id%3A19459\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"6f356d04-306e-478f-8569-579d303b4de0\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/6f356d04-306e-478f-8569-579d303b4de0?resourceVersion=id%3A19460\"}},\"attributes\":{\"drupal_internal__id\":3429,\"drupal_internal__revision_id\":19460,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:08:26+00:00\",\"parent_id\":\"3430\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eThe authorization process takes months to complete, so it is essential that the business owner is committed to using the product for the duration of the FedRAMP authorization process.\u003c/p\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eThe authorization process takes months to complete, so it is essential that the business owner is committed to using the product for the duration of the FedRAMP authorization process.\u003c/p\u003e\"},\"field_list_item_title\":\"Commitment of the CMS Business Owner\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/6f356d04-306e-478f-8569-579d303b4de0/paragraph_type?resourceVersion=id%3A19460\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/6f356d04-306e-478f-8569-579d303b4de0/relationships/paragraph_type?resourceVersion=id%3A19460\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8?resourceVersion=id%3A19463\"}},\"attributes\":{\"drupal_internal__id\":1216,\"drupal_internal__revision_id\":19463,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T20:37:07+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eUse the \u003ca href=\\\"https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf\\\"\u003eFedRAMP Package Request Access form\u003c/a\u003e on the FedRAMP website. This is a digital form that you can complete and sign from your computer. Start by filling out \\\"User Information\\\" at the top.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eUse the \u003ca href=\\\"https://www.fedramp.gov/assets/resources/documents/Agency_Package_Request_Form.pdf\\\"\u003eFedRAMP Package Request Access form\u003c/a\u003e on the FedRAMP website. This is a digital form that you can complete and sign from your computer. Start by filling out \\\"User Information\\\" at the top.\u003c/p\u003e\"},\"field_list_item_title\":\"Start package request form\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8/paragraph_type?resourceVersion=id%3A19463\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8/relationships/paragraph_type?resourceVersion=id%3A19463\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"088baed3-27e7-4e01-9d07-9598442a1291\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/088baed3-27e7-4e01-9d07-9598442a1291?resourceVersion=id%3A19464\"}},\"attributes\":{\"drupal_internal__id\":1221,\"drupal_internal__revision_id\":19464,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:19:52+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eFor filling out the “Requested Package” section, you can find details about the package on the \u003ca href=\\\"https://marketplace.fedramp.gov/\\\"\u003eFedRAMP Marketplace\u003c/a\u003e. This will include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eName of Package (Cloud Service Name)\u003c/li\u003e\u003cli\u003ePackage ID (FedRAMP Package ID)\u003c/li\u003e\u003cli\u003eIf requesting permanent access to a package, please include this note following the listing of the FedRAMP Package ID. *Please see requirements for requesting permanent access in the section above.\u0026nbsp;\u003c/li\u003e\u003cli\u003eIf requesting access to multiple packages, you may include all FedRAMP Package ID's on one form.\u003c/li\u003e\u003c/ul\u003e\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eFor filling out the “Requested Package” section, you can find details about the package on the \u003ca href=\\\"https://marketplace.fedramp.gov/\\\"\u003eFedRAMP Marketplace\u003c/a\u003e. This will include:\u003c/p\u003e\u003cul\u003e\u003cli\u003eName of Package (Cloud Service Name)\u003c/li\u003e\u003cli\u003ePackage ID (FedRAMP Package ID)\u003c/li\u003e\u003cli\u003eIf requesting permanent access to a package, please include this note following the listing of the FedRAMP Package ID. *Please see requirements for requesting permanent access in the section above.\u0026nbsp;\u003c/li\u003e\u003cli\u003eIf requesting access to multiple packages, you may include all FedRAMP Package ID's on one form.\u003c/li\u003e\u003c/ul\u003e\"},\"field_list_item_title\":\"Add details about the package\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/088baed3-27e7-4e01-9d07-9598442a1291/paragraph_type?resourceVersion=id%3A19464\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/088baed3-27e7-4e01-9d07-9598442a1291/relationships/paragraph_type?resourceVersion=id%3A19464\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"62c260e3-b8dc-470e-a07a-462dd5affec9\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/62c260e3-b8dc-470e-a07a-462dd5affec9?resourceVersion=id%3A19465\"}},\"attributes\":{\"drupal_internal__id\":1226,\"drupal_internal__revision_id\":19465,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:20:42+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eThis part is completed by HHS. Leave it blank and move on to the next section.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eThis part is completed by HHS. Leave it blank and move on to the next section.\u003c/p\u003e\"},\"field_list_item_title\":\"SKIP \\\"Access Authorization\\\"\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/62c260e3-b8dc-470e-a07a-462dd5affec9/paragraph_type?resourceVersion=id%3A19465\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/62c260e3-b8dc-470e-a07a-462dd5affec9/relationships/paragraph_type?resourceVersion=id%3A19465\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"c287ddbf-f689-469f-8e81-5db4b8899c1e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/c287ddbf-f689-469f-8e81-5db4b8899c1e?resourceVersion=id%3A19466\"}},\"attributes\":{\"drupal_internal__id\":1231,\"drupal_internal__revision_id\":19466,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:21:21+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eIn the next section - “Agreement for Package Review” - initial every line and then digitally sign the document using your CMS PIV.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eIn the next section - “Agreement for Package Review” - initial every line and then digitally sign the document using your CMS PIV.\u003c/p\u003e\"},\"field_list_item_title\":\"Agree and sign\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/c287ddbf-f689-469f-8e81-5db4b8899c1e/paragraph_type?resourceVersion=id%3A19466\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/c287ddbf-f689-469f-8e81-5db4b8899c1e/relationships/paragraph_type?resourceVersion=id%3A19466\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"296b3cad-e467-409c-897d-110458ca9456\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/296b3cad-e467-409c-897d-110458ca9456?resourceVersion=id%3A19467\"}},\"attributes\":{\"drupal_internal__id\":1236,\"drupal_internal__revision_id\":19467,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:22:08+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eThis part is completed by HHS. Leave it blank and move on to the next section.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eThis part is completed by HHS. Leave it blank and move on to the next section.\u003c/p\u003e\"},\"field_list_item_title\":\"SKIP \\\"Agreement for FedRAMP Approver\\\"\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/296b3cad-e467-409c-897d-110458ca9456/paragraph_type?resourceVersion=id%3A19467\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/296b3cad-e467-409c-897d-110458ca9456/relationships/paragraph_type?resourceVersion=id%3A19467\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"cf223be7-513a-452e-bf60-c4223d70b826\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cf223be7-513a-452e-bf60-c4223d70b826?resourceVersion=id%3A19468\"}},\"attributes\":{\"drupal_internal__id\":1241,\"drupal_internal__revision_id\":19468,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:23:35+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eIf youre a federal contractor, you must complete “Attachment A: Federal Contractor Non-Disclosure Agreement for FedRAMP”. Fill in your name in the first paragraph, read the agreement carefully, then digitally sign at the bottom using your CMS PIV (and date). If youre not a federal contractor, you can skip this part.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eIf youre a federal contractor, you must complete “Attachment A: Federal Contractor Non-Disclosure Agreement for FedRAMP”. Fill in your name in the first paragraph, read the agreement carefully, then digitally sign at the bottom using your CMS PIV (and date). If youre not a federal contractor, you can skip this part.\u003c/p\u003e\"},\"field_list_item_title\":\"Contractors complete Attachment A\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cf223be7-513a-452e-bf60-c4223d70b826/paragraph_type?resourceVersion=id%3A19468\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/cf223be7-513a-452e-bf60-c4223d70b826/relationships/paragraph_type?resourceVersion=id%3A19468\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"1791dd29-fe3d-4938-8ab2-92755a6ae409\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/1791dd29-fe3d-4938-8ab2-92755a6ae409?resourceVersion=id%3A19469\"}},\"attributes\":{\"drupal_internal__id\":1246,\"drupal_internal__revision_id\":19469,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:25:23+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eYoure done with the package request form. Now you must create an account at \u003ca href=\\\"https://portal.max.gov/portal/home\\\"\u003eMax.gov\u003c/a\u003e if you dont already have one this is where the packages are stored. Once you have an account, move on to the last step.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eYoure done with the package request form. Now you must create an account at \u003ca href=\\\"https://portal.max.gov/portal/home\\\"\u003eMax.gov\u003c/a\u003e if you dont already have one this is where the packages are stored. Once you have an account, move on to the last step.\u003c/p\u003e\"},\"field_list_item_title\":\"Create Max.gov account\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/1791dd29-fe3d-4938-8ab2-92755a6ae409/paragraph_type?resourceVersion=id%3A19469\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/1791dd29-fe3d-4938-8ab2-92755a6ae409/relationships/paragraph_type?resourceVersion=id%3A19469\"}}}}},{\"type\":\"paragraph--process_list_item\",\"id\":\"46b4e165-819a-4ba4-ba6e-eddefd744bc5\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/46b4e165-819a-4ba4-ba6e-eddefd744bc5?resourceVersion=id%3A19470\"}},\"attributes\":{\"drupal_internal__id\":1251,\"drupal_internal__revision_id\":19470,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-09T21:25:46+00:00\",\"parent_id\":\"1256\",\"parent_type\":\"paragraph\",\"parent_field_name\":\"field_process_list_item\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true,\"field_list_item_description\":{\"value\":\"\u003cp\u003eOpen a CMS ServiceNow request ticket using the \u003ca href=\\\"https://cmsitsm.servicenowservices.com/connect?page=cat_item\u0026amp;sys_id=3dff10441b94f8100888ed7bbc4bcb8a\u0026amp;sysparm_category=5d2681841b17e0100888ed7bbc4bcb7f\\\"\u003eFedRAMP ServiceNow Request\u003c/a\u003e. Add the details of the package you are requesting, and attach the package request form that you filled out and digitally signed.\u003c/p\u003e\\r\\n\",\"format\":\"main_point_html\",\"processed\":\"\u003cp\u003eOpen a CMS ServiceNow request ticket using the \u003ca href=\\\"https://cmsitsm.servicenowservices.com/connect?page=cat_item\u0026amp;sys_id=3dff10441b94f8100888ed7bbc4bcb8a\u0026amp;sysparm_category=5d2681841b17e0100888ed7bbc4bcb7f\\\"\u003eFedRAMP ServiceNow Request\u003c/a\u003e. Add the details of the package you are requesting, and attach the package request form that you filled out and digitally signed.\u003c/p\u003e\"},\"field_list_item_title\":\"Submit request via ServiceNow\"},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"169b4697-c521-4a95-b21a-aa0d3f051203\",\"meta\":{\"drupal_internal__target_id\":\"process_list_item\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/46b4e165-819a-4ba4-ba6e-eddefd744bc5/paragraph_type?resourceVersion=id%3A19470\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/process_list_item/46b4e165-819a-4ba4-ba6e-eddefd744bc5/relationships/paragraph_type?resourceVersion=id%3A19470\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"7a5f06f0-e0ba-4ed2-aade-79b2233ec125\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125?resourceVersion=id%3A19477\"}},\"attributes\":{\"drupal_internal__id\":1956,\"drupal_internal__revision_id\":19477,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:59:29+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125/paragraph_type?resourceVersion=id%3A19477\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125/relationships/paragraph_type?resourceVersion=id%3A19477\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"42018625-2456-415e-bd2c-f1c061290d58\",\"meta\":{\"drupal_internal__target_id\":246}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125/field_link?resourceVersion=id%3A19477\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/7a5f06f0-e0ba-4ed2-aade-79b2233ec125/relationships/field_link?resourceVersion=id%3A19477\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"61509c21-9c9e-48d0-8110-b98574cee727\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727?resourceVersion=id%3A19478\"}},\"attributes\":{\"drupal_internal__id\":1961,\"drupal_internal__revision_id\":19478,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T20:59:38+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727/paragraph_type?resourceVersion=id%3A19478\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727/relationships/paragraph_type?resourceVersion=id%3A19478\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"defa7277-790b-4bbd-b6ee-cc539e121df2\",\"meta\":{\"drupal_internal__target_id\":206}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727/field_link?resourceVersion=id%3A19478\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/61509c21-9c9e-48d0-8110-b98574cee727/relationships/field_link?resourceVersion=id%3A19478\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"c2480fc7-b7c3-49d4-8643-cd42bcd3b56b\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b?resourceVersion=id%3A19479\"}},\"attributes\":{\"drupal_internal__id\":1966,\"drupal_internal__revision_id\":19479,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-02-15T21:00:10+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b/paragraph_type?resourceVersion=id%3A19479\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b/relationships/paragraph_type?resourceVersion=id%3A19479\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\",\"meta\":{\"drupal_internal__target_id\":671}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b/field_link?resourceVersion=id%3A19479\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/c2480fc7-b7c3-49d4-8643-cd42bcd3b56b/relationships/field_link?resourceVersion=id%3A19479\"}}}}},{\"type\":\"paragraph--internal_link\",\"id\":\"63dffb2c-c587-4991-8523-142b2378a5aa\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa?resourceVersion=id%3A19480\"}},\"attributes\":{\"drupal_internal__id\":3435,\"drupal_internal__revision_id\":19480,\"langcode\":\"en\",\"status\":true,\"created\":\"2023-09-18T16:36:49+00:00\",\"parent_id\":\"326\",\"parent_type\":\"node\",\"parent_field_name\":\"field_related_collection\",\"behavior_settings\":[],\"default_langcode\":true,\"revision_translation_affected\":true},\"relationships\":{\"paragraph_type\":{\"data\":{\"type\":\"paragraphs_type--paragraphs_type\",\"id\":\"81d4313f-807c-40e2-8ffa-700ec8c17167\",\"meta\":{\"drupal_internal__target_id\":\"internal_link\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa/paragraph_type?resourceVersion=id%3A19480\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa/relationships/paragraph_type?resourceVersion=id%3A19480\"}}},\"field_link\":{\"data\":{\"type\":\"node--explainer\",\"id\":\"96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a\",\"meta\":{\"drupal_internal__target_id\":736}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa/field_link?resourceVersion=id%3A19480\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/paragraph/internal_link/63dffb2c-c587-4991-8523-142b2378a5aa/relationships/field_link?resourceVersion=id%3A19480\"}}}}},{\"type\":\"node--explainer\",\"id\":\"42018625-2456-415e-bd2c-f1c061290d58\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58?resourceVersion=id%3A5668\"}},\"attributes\":{\"drupal_internal__nid\":246,\"drupal_internal__vid\":5668,\"langcode\":\"en\",\"revision_timestamp\":\"2024-07-12T15:23:53+00:00\",\"status\":true,\"title\":\"CMS Cloud Services\",\"created\":\"2022-08-26T14:47:12+00:00\",\"changed\":\"2024-07-12T15:23:53+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/cms-cloud-services\",\"pid\":236,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"cloudsupport@cms.hhs.gov\",\"field_contact_name\":\"CMS Cloud Support\",\"field_short_description\":{\"value\":\"Platform-As-A-Service with tools, security, and support services designed specifically for CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003ePlatform-As-A-Service with tools, security, and support services designed specifically for CMS\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#cms-cloud-security-forum\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/node_type?resourceVersion=id%3A5668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/node_type?resourceVersion=id%3A5668\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/revision_uid?resourceVersion=id%3A5668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/revision_uid?resourceVersion=id%3A5668\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/uid?resourceVersion=id%3A5668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/uid?resourceVersion=id%3A5668\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"15f8e7ab-00f6-4c17-b433-659267271131\",\"meta\":{\"target_revision_id\":18519,\"drupal_internal__target_id\":1371}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_page_section?resourceVersion=id%3A5668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_page_section?resourceVersion=id%3A5668\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"b48e2348-59b0-42a6-9f44-62af8a94ddf1\",\"meta\":{\"target_revision_id\":18520,\"drupal_internal__target_id\":1376}},{\"type\":\"paragraph--internal_link\",\"id\":\"17ea04ed-0987-43ea-b494-7c051ddfcd28\",\"meta\":{\"target_revision_id\":18521,\"drupal_internal__target_id\":1381}},{\"type\":\"paragraph--internal_link\",\"id\":\"ae49a5b4-3922-4f8d-bbe5-624b243b4637\",\"meta\":{\"target_revision_id\":18522,\"drupal_internal__target_id\":1391}},{\"type\":\"paragraph--internal_link\",\"id\":\"3ebbf63a-35a8-4c15-8002-2b41f7ef528a\",\"meta\":{\"target_revision_id\":18523,\"drupal_internal__target_id\":1396}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_related_collection?resourceVersion=id%3A5668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_related_collection?resourceVersion=id%3A5668\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":{\"drupal_internal__target_id\":121}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_resource_type?resourceVersion=id%3A5668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_resource_type?resourceVersion=id%3A5668\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":{\"drupal_internal__target_id\":71}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_roles?resourceVersion=id%3A5668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_roles?resourceVersion=id%3A5668\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"34eaf3c8-5635-4a38-b8c3-7225aa196f4c\",\"meta\":{\"drupal_internal__target_id\":41}},{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"meta\":{\"drupal_internal__target_id\":11}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/field_topics?resourceVersion=id%3A5668\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/42018625-2456-415e-bd2c-f1c061290d58/relationships/field_topics?resourceVersion=id%3A5668\"}}}}},{\"type\":\"node--explainer\",\"id\":\"defa7277-790b-4bbd-b6ee-cc539e121df2\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2?resourceVersion=id%3A5737\"}},\"attributes\":{\"drupal_internal__nid\":206,\"drupal_internal__vid\":5737,\"langcode\":\"en\",\"revision_timestamp\":\"2024-07-31T17:37:48+00:00\",\"status\":true,\"title\":\"Authorization to Operate (ATO)\",\"created\":\"2022-08-25T19:06:37+00:00\",\"changed\":\"2024-07-31T17:37:48+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/authorization-operate-ato\",\"pid\":196,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"CISO@cms.hhs.gov\",\"field_contact_name\":\"ISPG Policy Team\",\"field_short_description\":{\"value\":\"Testing and documenting system security and compliance to gain approval to operate the system at CMS\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eTesting and documenting system security and compliance to gain approval to operate the system at CMS\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#cra-help\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/node_type?resourceVersion=id%3A5737\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/node_type?resourceVersion=id%3A5737\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/revision_uid?resourceVersion=id%3A5737\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/revision_uid?resourceVersion=id%3A5737\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/uid?resourceVersion=id%3A5737\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/uid?resourceVersion=id%3A5737\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"d94629f9-9668-41dd-bce7-a4f267239c07\",\"meta\":{\"target_revision_id\":18928,\"drupal_internal__target_id\":711}},{\"type\":\"paragraph--page_section\",\"id\":\"243e2d3f-f903-438c-8b1f-aee53390b1df\",\"meta\":{\"target_revision_id\":18929,\"drupal_internal__target_id\":736}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_page_section?resourceVersion=id%3A5737\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_page_section?resourceVersion=id%3A5737\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"6f904ac4-c80e-47d9-b786-ee79256befed\",\"meta\":{\"target_revision_id\":18930,\"drupal_internal__target_id\":3376}},{\"type\":\"paragraph--internal_link\",\"id\":\"e20959d7-2a7b-4a01-b985-cfa5363233f5\",\"meta\":{\"target_revision_id\":18931,\"drupal_internal__target_id\":1306}},{\"type\":\"paragraph--internal_link\",\"id\":\"dba9b926-f657-43ce-bc94-0a2d803430c6\",\"meta\":{\"target_revision_id\":18932,\"drupal_internal__target_id\":1316}},{\"type\":\"paragraph--internal_link\",\"id\":\"44f7083e-9341-42a5-85dc-a9043cdccdce\",\"meta\":{\"target_revision_id\":18933,\"drupal_internal__target_id\":2521}},{\"type\":\"paragraph--internal_link\",\"id\":\"bd0366d9-64ce-401f-9453-bf38aa8054a1\",\"meta\":{\"target_revision_id\":18934,\"drupal_internal__target_id\":3444}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_related_collection?resourceVersion=id%3A5737\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_related_collection?resourceVersion=id%3A5737\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_resource_type?resourceVersion=id%3A5737\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_resource_type?resourceVersion=id%3A5737\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_roles?resourceVersion=id%3A5737\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_roles?resourceVersion=id%3A5737\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"0bc7c1d0-b569-4514-b66c-367457dead7e\",\"meta\":{\"drupal_internal__target_id\":11}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/field_topics?resourceVersion=id%3A5737\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/defa7277-790b-4bbd-b6ee-cc539e121df2/relationships/field_topics?resourceVersion=id%3A5737\"}}}}},{\"type\":\"node--explainer\",\"id\":\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf?resourceVersion=id%3A6076\"}},\"attributes\":{\"drupal_internal__nid\":671,\"drupal_internal__vid\":6076,\"langcode\":\"en\",\"revision_timestamp\":\"2025-01-15T16:28:16+00:00\",\"status\":true,\"title\":\"Zero Trust \",\"created\":\"2023-02-02T19:12:26+00:00\",\"changed\":\"2025-01-15T16:28:16+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/zero-trust\",\"pid\":661,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"ISPGZeroTrust@cms.hhs.gov\",\"field_contact_name\":\"Zero Trust Team\",\"field_short_description\":{\"value\":\"Security paradigm that requires the continuous verification of system users to promote system security\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eSecurity paradigm that requires the continuous verification of system users to promote system security\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#cms-zero-trust\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/node_type?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/node_type?resourceVersion=id%3A6076\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"bebd6b4a-b250-4060-a68d-15e540df32b8\",\"meta\":{\"drupal_internal__target_id\":138}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/revision_uid?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/revision_uid?resourceVersion=id%3A6076\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"dca2c49b-4a12-4d5f-859d-a759444160a4\",\"meta\":{\"drupal_internal__target_id\":26}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/uid?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/uid?resourceVersion=id%3A6076\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"9271f09e-6087-42ce-9b2a-2ddf6888888d\",\"meta\":{\"target_revision_id\":19936,\"drupal_internal__target_id\":536}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_page_section?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_page_section?resourceVersion=id%3A6076\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"c6911d3e-5198-4b35-ac2a-13d123aedee1\",\"meta\":{\"target_revision_id\":19941,\"drupal_internal__target_id\":3398}},{\"type\":\"paragraph--internal_link\",\"id\":\"2bcabaa5-d621-42c9-bdc8-e0b80b3869d3\",\"meta\":{\"target_revision_id\":19946,\"drupal_internal__target_id\":1616}},{\"type\":\"paragraph--internal_link\",\"id\":\"670741af-bf41-4d99-a21c-a24dc57f4424\",\"meta\":{\"target_revision_id\":19951,\"drupal_internal__target_id\":3499}},{\"type\":\"paragraph--internal_link\",\"id\":\"f7a739a6-3d16-4633-bfad-fd8f469ffb64\",\"meta\":{\"target_revision_id\":19956,\"drupal_internal__target_id\":1611}},{\"type\":\"paragraph--internal_link\",\"id\":\"80d01d00-9ecf-4254-8e6e-a9242e8289f1\",\"meta\":{\"target_revision_id\":19961,\"drupal_internal__target_id\":1621}},{\"type\":\"paragraph--internal_link\",\"id\":\"d576257b-f5ba-4ad4-a81b-7628a82e8dce\",\"meta\":{\"target_revision_id\":19966,\"drupal_internal__target_id\":1626}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_related_collection?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_related_collection?resourceVersion=id%3A6076\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\",\"meta\":{\"drupal_internal__target_id\":131}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_resource_type?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_resource_type?resourceVersion=id%3A6076\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_roles?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_roles?resourceVersion=id%3A6076\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\",\"meta\":{\"drupal_internal__target_id\":21}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/field_topics?resourceVersion=id%3A6076\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/630cad0d-24c7-44f0-8b25-b3ab2faf97cf/relationships/field_topics?resourceVersion=id%3A6076\"}}}}},{\"type\":\"node--explainer\",\"id\":\"96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a?resourceVersion=id%3A5934\"},\"working-copy\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a?resourceVersion=rel%3Aworking-copy\"}},\"attributes\":{\"drupal_internal__nid\":736,\"drupal_internal__vid\":5934,\"langcode\":\"en\",\"revision_timestamp\":\"2024-09-28T13:01:56+00:00\",\"status\":true,\"title\":\"SaaS Governance (SaaSG)\",\"created\":\"2023-02-13T19:52:17+00:00\",\"changed\":\"2024-09-28T13:01:56+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/learn/saas-governance-saasg\",\"pid\":726,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":null,\"field_contact_email\":\"saasg@cms.hhs.gov\",\"field_contact_name\":\"SaaSG Team\",\"field_short_description\":{\"value\":\"Considerations and guidelines for CMS business units wanting to use SaaS applications\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eConsiderations and guidelines for CMS business units wanting to use SaaS applications\u003c/p\u003e\\n\"},\"field_slack_channel\":[\"#ispg-saas-governance\"]},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"d185e460-4998-4d2b-85cb-b04f304dfb1b\",\"meta\":{\"drupal_internal__target_id\":\"explainer\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/node_type?resourceVersion=id%3A5934\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/node_type?resourceVersion=id%3A5934\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/revision_uid?resourceVersion=id%3A5934\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/revision_uid?resourceVersion=id%3A5934\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/uid?resourceVersion=id%3A5934\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/uid?resourceVersion=id%3A5934\"}}},\"field_page_section\":{\"data\":[{\"type\":\"paragraph--page_section\",\"id\":\"32796f74-9a4b-49be-b101-133dce4c4568\",\"meta\":{\"target_revision_id\":19389,\"drupal_internal__target_id\":1446}},{\"type\":\"paragraph--page_section\",\"id\":\"23cc1637-59ba-448f-8e17-e5aed202cb74\",\"meta\":{\"target_revision_id\":19396,\"drupal_internal__target_id\":3528}},{\"type\":\"paragraph--page_section\",\"id\":\"53da5747-8514-4ea5-9f3d-2905f9a61edb\",\"meta\":{\"target_revision_id\":19397,\"drupal_internal__target_id\":3529}},{\"type\":\"paragraph--page_section\",\"id\":\"c1fc448a-a41f-4061-9bc9-59b74374d79a\",\"meta\":{\"target_revision_id\":19398,\"drupal_internal__target_id\":1451}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_page_section?resourceVersion=id%3A5934\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_page_section?resourceVersion=id%3A5934\"}}},\"field_related_collection\":{\"data\":[{\"type\":\"paragraph--internal_link\",\"id\":\"e0d07bf6-c606-4a38-ba34-9521f9e77733\",\"meta\":{\"target_revision_id\":19399,\"drupal_internal__target_id\":1671}},{\"type\":\"paragraph--internal_link\",\"id\":\"be5c8dd0-860f-4570-bf13-358733b392ca\",\"meta\":{\"target_revision_id\":19400,\"drupal_internal__target_id\":1676}},{\"type\":\"paragraph--internal_link\",\"id\":\"10abb234-5289-40da-9df3-f4e6e9c06a80\",\"meta\":{\"target_revision_id\":19401,\"drupal_internal__target_id\":1681}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_related_collection?resourceVersion=id%3A5934\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_related_collection?resourceVersion=id%3A5934\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"9e907eeb-b0a8-4dd3-8818-37cb1557a8f4\",\"meta\":{\"drupal_internal__target_id\":121}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_resource_type?resourceVersion=id%3A5934\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_resource_type?resourceVersion=id%3A5934\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_roles?resourceVersion=id%3A5934\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_roles?resourceVersion=id%3A5934\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"34eaf3c8-5635-4a38-b8c3-7225aa196f4c\",\"meta\":{\"drupal_internal__target_id\":41}},{\"type\":\"taxonomy_term--topics\",\"id\":\"c12221c3-2c7e-4eb0-903f-0470aad63bf0\",\"meta\":{\"drupal_internal__target_id\":16}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/field_topics?resourceVersion=id%3A5934\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/explainer/96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a/relationships/field_topics?resourceVersion=id%3A5934\"}}}}}],\"includedMap\":{\"d185e460-4998-4d2b-85cb-b04f304dfb1b\":\"$24\",\"d3421e1d-1fda-4bd0-83ab-e404455b0e66\":\"$2e\",\"dca2c49b-4a12-4d5f-859d-a759444160a4\":\"$32\",\"a17f4908-9141-4b1e-82aa-e6bfe0f91a22\":\"$36\",\"9d999ae3-b43c-45fb-973e-dffe50c27da5\":\"$50\",\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\":\"$6a\",\"f591f442-c0b0-4b8e-af66-7998a3329f34\":\"$84\",\"b61c7b1f-0882-4fac-bf13-02c68b56fd38\":\"$9e\",\"2ce39e48-81e4-4bea-a0ff-04f25ddd0041\":\"$b8\",\"77ea2e89-2433-4815-b869-52b2d900029e\":\"$cb\",\"deedf0fe-44e9-4015-90a1-f86ce6cbaf24\":\"$de\",\"2b2216d8-24c3-4940-930f-6e79f68a279a\":\"$f3\",\"cbda5c42-489d-4480-85f5-db10db44de3e\":\"$108\",\"37970dd4-a515-4370-a09f-f5177c2f98c2\":\"$11b\",\"434b1960-73e8-43fa-9b9e-253ce35fa55a\":\"$12e\",\"5ad34745-bdd0-4431-9dd5-eca900bdcadf\":\"$141\",\"13045e8b-0f56-41bd-bfb7-a7462625f7df\":\"$162\",\"09410fda-e6cd-4131-ad62-ae6fcbafad49\":\"$184\",\"623c9f93-08b9-4568-b852-feb753cafb4d\":\"$193\",\"d7ec40c2-ed5a-4f39-b624-94807cfa40a1\":\"$1a0\",\"2453e205-2551-4d10-8048-0f38e1f48aa0\":\"$1ad\",\"d3430be6-95c0-4375-8aac-4dc868f871d8\":\"$1ba\",\"5a513f69-74ee-42c8-aaff-0ef930932a08\":\"$1c7\",\"e0063305-ce7d-45f2-afef-b8d9f4ecc0bf\":\"$1d4\",\"f48e593e-b69d-4609-ab3c-d25d243fd7d0\":\"$1e1\",\"6f356d04-306e-478f-8569-579d303b4de0\":\"$1ee\",\"cb6f1b2f-e390-43a3-8f32-8cb8a9af2aa8\":\"$1fb\",\"088baed3-27e7-4e01-9d07-9598442a1291\":\"$208\",\"62c260e3-b8dc-470e-a07a-462dd5affec9\":\"$215\",\"c287ddbf-f689-469f-8e81-5db4b8899c1e\":\"$222\",\"296b3cad-e467-409c-897d-110458ca9456\":\"$22f\",\"cf223be7-513a-452e-bf60-c4223d70b826\":\"$23c\",\"1791dd29-fe3d-4938-8ab2-92755a6ae409\":\"$249\",\"46b4e165-819a-4ba4-ba6e-eddefd744bc5\":\"$256\",\"7a5f06f0-e0ba-4ed2-aade-79b2233ec125\":\"$263\",\"61509c21-9c9e-48d0-8110-b98574cee727\":\"$275\",\"c2480fc7-b7c3-49d4-8643-cd42bcd3b56b\":\"$287\",\"63dffb2c-c587-4991-8523-142b2378a5aa\":\"$299\",\"42018625-2456-415e-bd2c-f1c061290d58\":\"$2ab\",\"defa7277-790b-4bbd-b6ee-cc539e121df2\":\"$2f1\",\"630cad0d-24c7-44f0-8b25-b3ab2faf97cf\":\"$33b\",\"96ebc5ad-9ad8-42ae-9a18-8e35dc2c1e2a\":\"$385\"}}}]\n"])</script><script>self.__next_f.push([1,"a:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"Federal Risk and Authorization Management Program (FedRAMP) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"Provides a federally-recognized and standardized security framework for all cloud products and services\"}],[\"$\",\"link\",\"4\",{\"rel\":\"canonical\",\"href\":\"https://security.cms.gov/learn/fedramp\"}],[\"$\",\"meta\",\"5\",{\"name\":\"google-site-verification\",\"content\":\"GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"Federal Risk and Authorization Management Program (FedRAMP) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"Provides a federally-recognized and standardized security framework for all cloud products and services\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://security.cms.gov/learn/fedramp\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"10\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"11\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"12\",{\"property\":\"og:image\",\"content\":\"https://security.cms.gov/learn/fedramp/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"meta\",\"13\",{\"property\":\"og:type\",\"content\":\"website\"}],[\"$\",\"meta\",\"14\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"15\",{\"name\":\"twitter:title\",\"content\":\"Federal Risk and Authorization Management Program (FedRAMP) | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"16\",{\"name\":\"twitter:description\",\"content\":\"Provides a federally-recognized and standardized security framework for all cloud products and services\"}],[\"$\",\"meta\",\"17\",{\"name\":\"twitter:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"18\",{\"name\":\"twitter:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"19\",{\"name\":\"twitter:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"20\",{\"name\":\"twitter:image\",\"content\":\"https://security.cms.gov/learn/fedramp/opengraph-image.jpg?d21225707c5ed280\"}],[\"$\",\"link\",\"21\",{\"rel\":\"icon\",\"href\":\"/favicon.ico\",\"type\":\"image/x-icon\",\"sizes\":\"48x48\"}]]\n"])</script><script>self.__next_f.push([1,"4:null\n"])</script></body></html>
Reference in a new issue View git blame Copy permalink