publicdata/cms-gov
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cms-gov/security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook
Scott Williams b906a0e722 Initial commit
2025-02-28 14:41:14 -05:00

1 line
No EOL
220 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="preload" as="image" href="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg" fetchPriority="high"/><link rel="stylesheet" href="/_next/static/css/ef46db3751d8e999.css" data-precedence="next"/><link rel="stylesheet" href="/_next/static/css/0759e90f4fecfde7.css" data-precedence="next"/><link rel="preload" as="script" fetchPriority="low" href="/_next/static/chunks/webpack-182b67d00f496f9d.js"/><script src="/_next/static/chunks/fd9d1056-ad09c71b7719f2fb.js" async=""></script><script src="/_next/static/chunks/23-260042deb5df7a88.js" async=""></script><script src="/_next/static/chunks/main-app-6de3c3100b91a0a9.js" async=""></script><script src="/_next/static/chunks/30-49b1c1429d73281d.js" async=""></script><script src="/_next/static/chunks/317-0f87feacc1712b2f.js" async=""></script><script src="/_next/static/chunks/223-bc9ed43510898bbb.js" async=""></script><script src="/_next/static/chunks/app/layout-9fc24027bc047aa2.js" async=""></script><script src="/_next/static/chunks/972-6e520d137ef194fb.js" async=""></script><script src="/_next/static/chunks/app/page-cc829e051925e906.js" async=""></script><script src="/_next/static/chunks/app/template-d264bab5e3061841.js" async=""></script><script src="/_next/static/chunks/e37a0b60-b74be3d42787b18d.js" async=""></script><script src="/_next/static/chunks/904-dbddf7494c3e6975.js" async=""></script><script src="/_next/static/chunks/549-c87c1c3bbacc319f.js" async=""></script><script src="/_next/static/chunks/app/policy-guidance/%5Bslug%5D/page-d95d3b4ebc8065f9.js" async=""></script><link rel="preload" href="/assets/javascript/uswds-init.min.js" as="script"/><link rel="preload" href="/assets/javascript/uswds.min.js" as="script"/><title>CMS Cybersecurity and Privacy Training Handbook | CMS Information Security &amp; Privacy Group</title><meta name="description" content="Find the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe"/><link rel="canonical" href="https://security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook"/><meta name="google-site-verification" content="GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M"/><meta property="og:title" content="CMS Cybersecurity and Privacy Training Handbook | CMS Information Security &amp; Privacy Group"/><meta property="og:description" content="Find the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe"/><meta property="og:url" content="https://security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook"/><meta property="og:image:type" content="image/jpeg"/><meta property="og:image:width" content="1200"/><meta property="og:image:height" content="630"/><meta property="og:image" content="https://security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook/opengraph-image.jpg?a856d5522b751df7"/><meta property="og:type" content="website"/><meta name="twitter:card" content="summary_large_image"/><meta name="twitter:title" content="CMS Cybersecurity and Privacy Training Handbook | CMS Information Security &amp; Privacy Group"/><meta name="twitter:description" content="Find the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe"/><meta name="twitter:image:type" content="image/jpeg"/><meta name="twitter:image:width" content="1200"/><meta name="twitter:image:height" content="630"/><meta name="twitter:image" content="https://security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook/opengraph-image.jpg?a856d5522b751df7"/><link rel="icon" href="/favicon.ico" type="image/x-icon" sizes="48x48"/><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds-init.min.js",{}])</script><script src="/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js" noModule=""></script></head><body><a class="usa-skipnav" href="#main">Skip to main content</a><section class="usa-banner" aria-label="Official website of the United States government"><div class="usa-accordion"><header class="usa-banner__header"><div class="usa-banner__inner"><div class="grid-col-auto"><img aria-hidden="true" alt="" loading="lazy" width="16" height="11" decoding="async" data-nimg="1" class="usa-banner__header-flag" style="color:transparent" srcSet="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=16&amp;q=75 1x, /_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75 2x" src="/_next/image?url=%2Fassets%2Fimg%2Fus_flag_small.png&amp;w=32&amp;q=75"/></div><div class="grid-col-fill tablet:grid-col-auto" aria-hidden="true"><p class="usa-banner__header-text">An official website of the United States government</p><p class="usa-banner__header-action">Here&#x27;s how you know</p></div><button type="button" class="usa-accordion__button usa-banner__button" aria-expanded="false" aria-controls="gov-banner-default-default"><span class="usa-banner__button-text">Here&#x27;s how you know</span></button></div></header><div class="usa-banner__content usa-accordion__content" id="gov-banner-default-default" hidden=""><div class="grid-row grid-gap-lg"><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-dot-gov.3e9cb1b5.svg"/><div class="usa-media-block__body"><p><strong>Official websites use .gov</strong><br/>A <strong>.gov</strong> website belongs to an official government organization in the United States.</p></div></div><div class="usa-banner__guidance tablet:grid-col-6"><img role="img" alt="" aria-hidden="true" loading="lazy" width="40" height="40" decoding="async" data-nimg="1" class="usa-banner__icon usa-media-block__img" style="color:transparent" src="/_next/static/media/icon-https.e7f1a222.svg"/><div class="usa-media-block__body"><p><strong>Secure .gov websites use HTTPS</strong><br/>A <strong>lock</strong> (<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-description-default" focusable="false"><title id="banner-lock-title-default">Lock</title><desc id="banner-lock-description-default">Locked padlock icon</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"></path></svg></span>) or <strong>https://</strong> means you&#x27;ve safely connected to the .gov website. Share sensitive information only on official, secure websites.</p></div></div></div></div></div></section><div class="usa-overlay"></div><header class="usa-header usa-header--extended"><div class="bg-primary-dark"><div class="usa-navbar"><div class="usa-logo padding-y-4 padding-right-3" id="CyberGeek-logo"><a title="CMS CyberGeek Home" href="/"><img alt="CyberGeek logo" fetchPriority="high" width="298" height="35" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a></div><button aria-label="Open menu" type="button" class="usa-menu-btn" data-cy="menu-button">Menu</button></div></div><nav aria-label="Primary navigation" class="usa-nav padding-0 desktop:width-auto bg-white grid-container float-none"><div class="usa-nav__inner"><button type="button" class="usa-nav__close margin-0"><img alt="Close" loading="lazy" width="24" height="24" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/close.1fafc2aa.svg"/></button><ul class="usa-nav__primary usa-accordion"><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="roles"><span>Roles</span></button><ul id="roles" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Roles</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/information-system-security-officer-isso">Information System Security Officer (ISSO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook"><span>ISSO Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos"><span>Getting started (for new ISSOs)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-mentorship-program"><span>ISSO Mentorship Program</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-system-security-officer-isso-handbook#training"><span>ISSO Training</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/data-guardian">Data Guardian</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/data-guardian-handbook"><span>Data Guardian Handbook</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cyber-risk-advisor-cra">Cyber Risk Advisor (CRA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters"><span>Risk Management Handbook (RMH)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/business-system-owner">Business / System Owner (BO/SO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity and Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/isso-service"><span>ISSO As A Service</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="compliance-authorization"><span>Compliance &amp; Authorization</span></button><ul id="compliance-authorization" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Compliance &amp; Authorization</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/authorization-operate-ato">Authorization to Operate (ATO)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato"><span>About ATO at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#types-of-authorizations"><span>Types of authorizations</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#ato-stakeholders"><span>ATO stakeholders</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/authorization-operate-ato#related-documents-and-resources"><span>ATO tools and resources</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-technical-reference-architecture-tra"><span>CMS Technical Reference Architecture (TRA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/learn/ongoing-authorization-oa">Ongoing Authorization (OA)</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa"><span>About OA at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa"><span>OA eligibility requirements</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Assessments &amp; Audits</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/security-impact-analysis-sia"><span>Security Impact Analysis (SIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-audits"><span>System Audits</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="policy-guidance"><span>Policy &amp; Guidance</span></button><ul id="policy-guidance" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Policy &amp; Guidance</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/cms-policies-and-guidance">CMS Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-acceptable-risk-safeguards-ars"><span>CMS Acceptable Risk Safeguards (ARS)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-information-systems-security-privacy-policy-is2p2"><span>CMS Information Security and Privacy Policy (IS2P2)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-security-and-privacy-handbooks"><span>CMS Security and Privacy Handbooks</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-risk-management-framework-rmf"><span>CMS Risk Management Framework (RMF)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/email-encryption-requirements-cms"><span>CMS Email Encryption</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/federal-policies-and-guidance">Federal Policies and Guidance</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/national-institute-standards-and-technology-nist"><span>National Institute of Standards and Technology (NIST)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/federal-information-security-modernization-act-fisma"><span>Federal Information Security Modernization Act (FISMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/fedramp"><span>Federal Risk and Authorization Management Program (FedRAMP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="system-security"><span>System Security</span></button><ul id="system-security" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">System Security</span></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/application-security">Application Security</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/zero-trust"><span>Zero Trust</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/software-bill-materials-sbom"><span>Software Bill of Materials (SBOM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/security-operations">Security Operations</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir"><span>Incident Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header"><a href="/ispg/risk-management-and-reporting">Risk Management and Reporting</a></h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/plan-action-and-milestones-poam"><span>Plan of Action and Milestones (POA&amp;M)</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="privacy"><span>Privacy</span></button><ul id="privacy" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Privacy</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Agreements</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-computer-matching-agreement-cma"><span>Computer Matching Agreement (CMA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-information-exchange-agreement-iea"><span>Information Exchange Agreement (IEA)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Activities</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/breach-response"><span>Breach Response</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/system-records-notice-sorn"><span>System of Records Notice (SORN)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Privacy Resources</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/ispg/privacy"><span>Privacy at CMS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-breach-response-handbook"><span>CMS Breach Response Handbook</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/health-insurance-portability-and-accountability-act-1996-hipaa"><span>Health Insurance Portability and Accessibility Act (HIPAA)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/policy-guidance/cms-privacy-impact-assessment-pia-handbook"><span>CMS Privacy Impact Assessment (PIA) Handbook</span></a></li></ul></section></div></li></ul></li><li class="usa-nav__primary-item"><button type="button" class="usa-accordion__button usa-nav__link font-family-serif text-medium tablet:text-no-wrap desktop:text-primary-vivid" aria-expanded="false" aria-controls="tools-services"><span>Tools &amp; Services</span></button><ul id="tools-services" class="usa-nav__submenu usa-megamenu bg-white" hidden=""><li class="grid-row grid-gap-3 padding-bottom-6"><div class="usa-col text-center desktop:text-right text-normal position-relative nav-label"><span class="display-block font-heading-xl padding-top-2">Tools &amp; Services</span></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Reporting &amp; Compliance</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/isso-service"><span>ISSO As A Service</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-fisma-continuous-tracking-system-cfacts"><span>CFACTS</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cyber-risk-reports"><span>Cyber Risk Reports and Dashboards</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/continuous-diagnostics-and-mitigation-cdm"><span>Continuous Diagnostics and Mitigation (CDM)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">System Security</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/threat-modeling"><span>Threat Modeling</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cloud-services"><span>CMS Cloud Services</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cms-cybersecurity-integration-center-ccic"><span>CMS Cybersecurity Integration Center (CCIC)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="https://security.cms.gov/learn/cms-security-data-lake-sdl"><span>CMS Security Data Lake (SDL)</span></a></li></ul></section></div><div class="usa-col"><section><h3 class="usa-col__list-header list-header-margin">Tests &amp; Assessments</h3><ul class="usa-nav__submenu-list"><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/cybersecurity-risk-assessment-program-csrap"><span>Cybersecurity Risk Assessment Program (CSRAP)</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/penetration-testing-pentesting"><span>Penetration Testing</span></a></li><li class="usa-nav__submenu-item font-sans-2xs"><a class="padding-x-0" href="/learn/privacy-impact-assessment-pia"><span>Privacy Impact Assessment (PIA)</span></a></li></ul></section></div></li></ul></li></ul><div class="usa-nav__secondary padding-left-2"><section aria-label="Header search box"><form class="usa-search usa-search--small" role="search" action="/search"><label class="usa-sr-only" for="header-search-box">Search</label><input class="usa-input search__input" id="header-search-box" type="search" name="ispg[query]"/><button aria-label="header search box button" class="usa-button" id="header-search-box-btn" type="submit"><svg aria-describedby="searchIcon" class="usa-icon" aria-hidden="true" focusable="false" role="img"><title id="searchIcon">Search</title><use href="/assets/img/sprite.svg#search"></use></svg></button></form></section></div></div></nav></header><main id="main"><div id="template"><!--$--><!--/$--><section class="hero hero--theme-library undefined"><div class="maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7"><div class="tablet:grid-container position-relative "><div class="hero__row grid-row grid-gap"><div class="tablet:grid-col-5 widescreen:position-relative"></div><div class="hero__column tablet:grid-col-7 flow padding-bottom-2"><h1 class="hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2">CMS Cybersecurity and Privacy Training Handbook</h1><p class="hero__description">Find the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe</p><p class="font-sans-2xs line-height-sans-5 margin-bottom-0">Last reviewed<!-- -->: <!-- -->7/15/2024</p><div class="hero__meta radius-lg padding-x-2 padding-y-1 bg-white font-sans-2xs line-height-sans-5 display-inline-block text-primary-darker">Contact: <span class="text-bold">Training &amp; Awareness team</span><span class="hidden-mobile"> | </span><span class="break-mobile"><a href="mailto:CMSISPGTrainers@cms.hhs.gov">CMSISPGTrainers@cms.hhs.gov</a></span></div></div></div></div></div></section><div class="grid-container"><div class="grid-row grid-gap margin-top-5"><div class="tablet:grid-col-4"><nav class="table-of-contents overflow-y-auto overflow-x-hidden position-sticky top-3 padding-1 radius-lg shadow-2 display-none tablet:display-block" aria-label="Table of contents"><div class="text-uppercase text-bold border-bottom border-base-lighter padding-bottom-1">Table of Contents</div><p class="text-italic text-base font-sans-xs">No table of content entries to display.</p></nav></div><div class="tablet:grid-col-8"><section class="resource-collection radius-md padding-y-2 padding-x-3 bg-base-lightest"><h1 class="resource-collection__header h3 margin-top-0 margin-bottom-2">Related Resources</h1><div class="grid-row grid-gap-4"><div class="tablet:grid-col-4 tablet:margin-top-0"><a class="text-no-underline text-bold" href="https://cms-lms.usalearning.net/">Cybersecurity training in the CBT/LMS (login required)<svg class="usa-icon" aria-hidden="true" role="img" data-testid="library-resources-external"><use href="/assets/img/sprite.svg#launch"></use></svg></a></div><div class="tablet:grid-col-4 margin-top-4 tablet:margin-top-0"><a class="text-no-underline text-bold" href="https://www.youtube.com/watch?v=axPj2GVZZD4">Video demo: How to take ISSPA training<svg class="usa-icon" aria-hidden="true" role="img" data-testid="library-resources-external"><use href="/assets/img/sprite.svg#launch"></use></svg></a></div><div class="tablet:grid-col-4 margin-top-4 tablet:margin-top-0"><a class="text-no-underline text-bold" href="/learn/cms-cyberworks">CMS CyberWorks (annual cybersecurity event)</a></div></div></section><section><div class="text-block text-block--theme-library"><h2 dir="ltr">Introduction</h2><p dir="ltr">At CMS, we prioritize the security of our data, systems, and your work environment. Every person here is part of our effort to keep CMS information and beneficiary data safe. Security and privacy are everyone's job. Being aware of cyber threats is an ongoing responsibility that we all share.</p><p dir="ltr">This handbook will be your companion for security and privacy awareness, whether you're new to CMS or have been with us for a while. It can also guide you to training opportunities that help you advance your knowledge and skills in areas specific to your role.</p><p dir="ltr">New hires and contractors will find information on the ISSPA security training they need to complete. Current employees will learn about renewing ISSPA training, plus other training and career development opportunities available to them. Everyone gets pointers on cybersecurity basics, events, and resources at CMS.&nbsp;</p><h2 dir="ltr">Take required ISSPA training</h2><h3 dir="ltr">What is ISSPA training?</h3><p dir="ltr"><strong>Information System Security and Privacy Awareness (ISSPA)&nbsp;</strong>training covers the basics of information security and privacy, so everyone can do their part to keep sensitive data safe. It's hosted in the CMS learning management system (CBT/LMS).</p><p dir="ltr"><strong>All CMS employees and contractors must take ISSPA training each year.</strong> New employees first take it when they are hired. Current employees renew their training once every year after that.</p><p dir="ltr">Taking your ISSPA training satisfies three requirements:</p><ol><li dir="ltr">Mandatory cybersecurity training (required for all CMS contractors)</li><li dir="ltr"><a href="https://security.cms.gov/learn/role-based-training-rbt">Role Based Training</a> (RBT) (required for people at CMS with security responsibilities)</li><li dir="ltr">Signing the HHS Rules of Behavior (required for everyone working at CMS)</li></ol><p dir="ltr">When the due date for renewing your ISSPA training is near, you will get an email reminder.&nbsp;<strong>You must complete the training before your due date, or you will be locked out of CMS systems.</strong> If that happens, you will need to go through an extension process to complete the training and regain your access.</p><p dir="ltr">Instructions for completing your ISSPA training are outlined in the next section. You can also&nbsp;<a href="https://www.youtube.com/watch?v=axPj2GVZZD4"><strong>watch this video explainer</strong></a> to see a step-by-step tutorial.</p><p><strong>How does ISSPA relate to RBT?</strong></p><p>CMS is responsible for providing <a href="https://security.cms.gov/learn/role-based-training-rbt">Role Based Training (RBT)</a> to Federal staff and direct support contractors who have significant security or privacy responsibilities.&nbsp; The RBT provided by CMS is imbedded in the yearly required annual Information Systems Security and Privacy Awareness (ISSPA) Training.&nbsp; This training covers the security and privacy policies, procedures, and skills needed for the respective roles and satisfies both the role and annual requirements. (This is described above.)</p><p>Some roles may require <strong>additional RBT</strong> due to specific security and privacy responsibilities. You may find relevant training for your role in the <a href="https://cms-lms.usalearning.net/">CMS Computer Based Training/Learning Management System</a> (CMS login required). You can also talk to your supervisor to see what RBT you need.</p><h3 dir="ltr">How to access ISSPA in the CBT/LMS</h3><p dir="ltr">There are two ways to get into the CMS learning management system (CBT/LMS), where your personalized dashboard shows what training you need to complete.</p><p dir="ltr"><strong>1. Use a direct URL</strong></p><ul><li dir="ltr">Go to&nbsp;<a href="https://cms-lms.usalearning.net/">cms-lms.usalearning.net</a> (formerly cms.gov/cbt)</li><li dir="ltr">Log in using your 4-character CMS user ID and your password, or use your CMS PIV card</li></ul><p dir="ltr"><strong>2. Use your IDM dashboard</strong></p><ul><li dir="ltr">Go to your&nbsp;<a href="https://idm.cms.gov/app/UserHome">IDM dashboard</a> (you'll be redirected to login if you're not already logged in)</li><li dir="ltr">Select the&nbsp;<strong>ISPG LMS</strong> button to go to the CBT/LMS</li></ul><p dir="ltr">If you have trouble logging in, you can:</p><ul><li dir="ltr">Consult the&nbsp;<a href="https://cms-lms.usalearning.net/mod/resource/view.php?id=249">Logging In Job Aid</a></li><li dir="ltr">Call the CMS LMS Helpdesk at 202-753-0845 (MonFri, 8:30am6:00pm ET)</li></ul><h3 dir="ltr">How to get credit for ISSPA training</h3><p dir="ltr">Make sure you complete all items below when you are in the CBT/LMS taking your ISSPA training. If you leave any of these undone, you wont get credit for taking it.</p><ol><li dir="ltr">Complete your ISSPA training</li><li dir="ltr">Sign and upload page 8 of the Rules of Behavior</li><li dir="ltr">*Optional- Complete the brief post-course evaluation</li></ol><h2 dir="ltr">Explore personalized training</h2><p dir="ltr">ISSPA training is just one way to expand your cybersecurity knowledge using the CBT/LMS.</p><p dir="ltr">CMS offers a variety of security and privacy awareness and training, and recommends educational resources to benefit the CMS community. The CBT/LMS also tracks your personal learning journey, so you can get credit for required training and get recommendations for additional training specific to your role.</p><p dir="ltr">Resources and offerings include online training, videos, quick guides, podcasts, and documentation, all designed to deepen your knowledge about security related topics at CMS.&nbsp;</p><p dir="ltr"><a href="https://cms-lms.usalearning.net/">See training offerings in the CBT/LMS</a> (CMS login required)</p><h2 dir="ltr">CFACTS training (for new ISSOs / CRAs)</h2><p dir="ltr"><a href="https://cfacts3.cms.cmsnet/">CFACTS</a> is the CMS governance, risk, and compliance tool used as a repository to manage its information systems security and privacy requirements. The CFACTS platform provides a common foundation to manage policies, controls, risks, assessments, and deficiencies across all CMS systems.</p><p dir="ltr">The Training &amp; Awareness Team at CMS offers several training sessions every year, designed to provide you with the knowledge you need to use CFACTS effectively.</p><h3>Who should take this course?</h3><p dir="ltr">If youre an&nbsp;<strong>ISSO or CRA</strong> and&nbsp;<strong>new to the CMS Cybersecurity program</strong>, this introductory training session was designed for you. Youll learn about roles and responsibilities, security controls, security assessment remediation plans of action, and more.&nbsp;</p><p dir="ltr">We have sessions available in 2024 in August and October.&nbsp;</p><h3>What will you learn in this course?&nbsp;</h3><p dir="ltr">This course will use the CMS FISMA Continuous Tracking System (CFACTS) mapped to the steps within the <a href="https://security.cms.gov/learn/national-institute-standards-and-technology-nist#nist-risk-management-framework-rmf">Risk Management Framework (RMF)</a>. Topics you will learn about in this session:&nbsp;</p><ul><li dir="ltr">Understanding roles and responsibilities</li><li dir="ltr">Categorizing and implementing security controls</li><li dir="ltr">Milestones in the security assessment remediation plan of action&nbsp;</li><li dir="ltr"><a href="https://csrc.nist.gov/pubs/sp/800/37/r2/final">NIST Special Publication 800-37</a>, ”Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy”</li><li dir="ltr"><a href="https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final">NIST Special Publication 800-53</a>, “Security and Privacy Controls for Federal Information Systems and Organizations”</li><li dir="ltr"><a href="https://security.cms.gov/learn/system-security-and-privacy-plan-sspp">System Security and Privacy Plan (SSPP)</a></li><li dir="ltr">Authorization to Operate (ATO) packages to request for FISMA certification</li></ul><h3>Course details</h3><p dir="ltr">These are the sessions remaining in 2024. Each training consists of&nbsp;<strong>two sessions</strong> across&nbsp;<strong>two days</strong>:</p><ul><li dir="ltr">October 29 and 30</li></ul><p dir="ltr">This course is NOT a hands-on session using CFACTS — it is a presentation of <strong>introductory concepts</strong>. Experienced ISSOs and CRAs who have been working in CFACTS for awhile should not attend this course.&nbsp;</p><h3>Reserve your spot</h3><p dir="ltr">Send an email to&nbsp;<a href="mailto:cmsispgtrainers@cms.hhs.gov">cmsispgtrainers@cms.hhs.gov</a>. Include:</p><ul><li dir="ltr">Subject line: CFACTS Training Registration</li><li dir="ltr">Your name</li><li dir="ltr">Dates of the course you want to attend</li></ul><p dir="ltr">We will reply to your email to confirm your registration and give you further details. If you have questions, email the Training &amp; Awareness Team:&nbsp;<a href="mailto:CMSISPGTrainers@cms.hhs.gov">CMSISPGTrainers@cms.hhs.gov</a> or find us in the CMS Slack channel: <em>#cyber-training-support.</em></p><h2 dir="ltr">Practice everyday security</h2><p dir="ltr">Your role in keeping CMS information safe doesnt end after you take cybersecurity training. Thats just the beginning! Practicing security awareness and avoiding security risks is an everyday task that is everyones job.&nbsp;</p><p dir="ltr">The information in this handbook will help you practice “everyday security” in the workplace. But we also provide you with tips for digital safety in all areas of your life through the&nbsp;<strong>Cyber360</strong> campaign, a yearlong series to help CMS employees build security awareness to protect themselves and their families.&nbsp;</p><p dir="ltr"><a href="https://security.cms.gov/posts/cyber360">Learn more about Cyber360 here</a> — and dont forget to save the date for&nbsp;<a href="https://security.cms.gov/learn/cms-cyberworks"><strong>CMS CyberWorks</strong></a>. Every October, this annual cybersecurity festival includes the Cyber360 finale and much more.</p><p dir="ltr">Following are cybersecurity topics and tips that everyone at CMS needs to be familiar with. When you make security awareness a priority in your daily work, you help protect the sensitive information of millions of beneficiaries who entrust their personal data to CMS for healthcare services and benefits.</p><h3 dir="ltr">Protect PII and PHI</h3><p dir="ltr">Personally Identifiable Information (PII) and Protected Health Information (PHI) are two major kinds of information that CMS has access to and that require special handling and treatment. Theyre attractive targets for bad actors. Safeguarding both kinds of information is one of your major responsibilities as part of CMS.&nbsp;</p><p dir="ltr"><strong>Personally Identifiable Information (PII)</strong> is any information that can be used to identify a specific individual. PII is sensitive, and requires special protection due to the risks associated with its misuse.</p><p dir="ltr">Examples of PII include full names, Social Security Numbers, addresses, bank account numbers, fingerprints, employee IDs, and email addresses. This is not a comprehensive list — many other kinds of information are considered PII!</p><p dir="ltr">Determining whether or not certain information counts as PII can require a case-by-case assessment of whether an individuals identity can be revealed by piecing information together.</p><p dir="ltr">More guidance for identifying PII can be found in the ISSPA training.</p><p dir="ltr"><strong>Protected Health Information (PHI)</strong> at CMS is any individually identifiable health information that is held or transmitted by a covered entity or its business associates and that is related to the physical or mental health or condition of an individual.</p><p dir="ltr">Examples of PHI include prescription information, health plan beneficiary numbers, and medical records. As with PII, this is not a full list, and many other kinds of information can be PHI.&nbsp;</p><p dir="ltr">More guidance for identifying PHI can be found in the ISSPA training.</p><h3 dir="ltr">Reporting breaches and incidents</h3><p dir="ltr">Any time you suspect that PII or PHI has been used or shared in an unauthorized manner, report the incident to the CMS Information Technology Service Desk.</p><ul><li dir="ltr">Phone:&nbsp;<strong>410-786-2580</strong> or&nbsp;<strong>800-562-1963</strong></li><li dir="ltr">Email:&nbsp;<a href="mailto:CMS_IT_Service_Desk@cms.hhs.gov">CMS_IT_Service_Desk@cms.hhs.gov</a></li></ul><p dir="ltr">The&nbsp;<a href="https://security.cms.gov/policy-guidance/cms-breach-response-handbook#reporting-incidents-and-breaches">CMS Breach Response Handbook</a> is a comprehensive guide to breaches and incidents, with more information about each kind, how to report them, and what happens next.&nbsp;</p><h3 dir="ltr">Watch out for phishing</h3><p dir="ltr">Phishing by email or text message is one of the most popular social engineering attacks.&nbsp;</p><p dir="ltr">Phishers typically pretend to be a person or business familiar to you. They use a sense of urgency to hijack your normal desire to be helpful. Their goal is to get you to reveal sensitive information, or to click on a file or link that could introduce malware or ransomware to the CMS network.</p><p dir="ltr">More guidance on phishing can be found&nbsp;<a href="https://cms-lms.usalearning.net/course/view.php?id=13">here in the CBT/LMS</a> (CMS login required).</p><h3 dir="ltr">Password security</h3><p dir="ltr">When setting up login credentials for CMS accounts (such as your 4-character CMS user ID), use the most secure passwords you can. The stronger and longer your password is, the better.&nbsp;</p><p dir="ltr">Create complex passwords using a combination of uppercase and lowercase letters, numbers, and special characters. Avoid easily guessable information and use unique passwords for each account.</p><p dir="ltr">Never reuse your CMS password.&nbsp;</p><p dir="ltr">For policy guidance on setting up passwords for CMS systems, see&nbsp;<a href="https://security.cms.gov/learn/password-requirements">Password Requirements</a>.</p><h3 dir="ltr">CMS email accounts</h3><p dir="ltr">Your CMS email is a business email address, provided to you for business use only.&nbsp;</p><p dir="ltr">Do not use your CMS email address for shopping, entertainment, or other personal websites. Use a personal email address for personal use.&nbsp;</p><p dir="ltr">Using your CMS email address for non-business purposes adds risk, cost, and difficulty to maintaining cybersecurity at CMS.&nbsp;</p><h3 dir="ltr">Beware free public WiFi</h3><p dir="ltr">Do not use "free" public WiFi networks in places like airports or restaurants for CMS business.&nbsp;</p><p dir="ltr">They are often fake networks run by hackers. When you log in to one, bad actors get access to your personal data and CMS information.&nbsp;</p><h3 dir="ltr">Protect your hardware and workspace</h3><p dir="ltr">Protect CMS systems and information by securing your computer and mobile devices when you're not using them. Set your devices and screens to automatically lock after a few minutes of inactivity. Dont leave devices unattended unless they are in a secure space, such as a closed office or your home.</p><p dir="ltr">Safeguard your home workspace. Be aware of windows that could provide a way for someone to glimpse CMS sensitive information. Keep your home locked when you leave.&nbsp;</p><h3>Rules for foreign travel</h3><p dir="ltr">Do not take CMS computers, cell phones, and other equipment furnished by the government with you on personal foreign travel.&nbsp;</p><p dir="ltr">It is not permitted to access CMS information systems on personal foreign travel. This includes use of a virtual desktop application.&nbsp;</p><p dir="ltr">If you will need to access CMS systems during approved, official travel, contact the CMS International Travel Team via email:&nbsp;international@cms.hhs.gov.</p><p dir="ltr">Start this process in advance (10 or more days before you depart) so you can complete all requirements.&nbsp;&nbsp;</p><h2 dir="ltr">Level up your security expertise</h2><p dir="ltr">You have access to many government and industry resources beyond what CMS provides in the CBT/LMS. You can take courses, strengthen your skills, earn continuing education units, and even earn professional certifications. Cybersecurity training resources are outlined below.&nbsp;&nbsp;</p><h3 dir="ltr">HHS training</h3><p dir="ltr">The&nbsp;<strong>Department of Health and Human Services (HHS)</strong>&nbsp;<strong>Learning Portal</strong> provides many professional development courses, including cybersecurity certification preparatory training and continuing education unit (CEUs). To access these courses:</p><ul><li dir="ltr"><strong>Federal government employees:</strong> Log in to the&nbsp;<a href="https://ams.hhs.gov/amsLogin/SimpleLogin.jsp">HHS Learning Portal</a></li><li dir="ltr"><strong>Contractors:</strong> Email the Training and Awareness Team at&nbsp;<a href="https://cybergeek-epsilon.batcave-ispg-nonprod.internal.cms.gov/policy-guidance/CMSISPGTrainers@cms.hhs.gov">CMSISPGTrainers@cms.hhs.gov</a>. Include your name, the class you want to attend, and contact information for your approving government supervisor.</li></ul><h3 dir="ltr">CISA training</h3><p dir="ltr"><strong>Cybersecurity and Infrastructure Security Agency (CISA)</strong> offers training for federal employees, private-sector cybersecurity professionals, critical infrastructure operators, educational partners, and the general public.</p><p dir="ltr"><a href="https://www.cisa.gov/topics/cybersecurity-best-practices/cybersecurity-education-career-development">Explore CISA training opportunities</a></p><h3 dir="ltr">NICCS training</h3><p dir="ltr">The&nbsp;<strong>National Initiative for Cybersecurity Careers and Studies (NICCS)</strong> helps people find cybersecurity education and training to advance their careers and close skill gaps across the workforce.</p><p dir="ltr"><a href="https://niccs.cisa.gov/">Explore NICCS training opportunities</a></p><h3 dir="ltr">FedVTE training</h3><p dir="ltr">The&nbsp;<strong>Federal Virtual Training Environment (FedVTE)</strong> provides free online cybersecurity training to federal, state, local, tribal, and territorial government employees, federal contractors, and US military veterans.</p><p dir="ltr">CMS employees and contractors interested in FedVTE training will need to get an account to login and prior approval from their supervisor.</p><p dir="ltr"><a href="https://fedvte.usalearning.gov/">See FedVTE training</a> for the full catalog of program offerings.</p><h3 dir="ltr">AWS training</h3><p dir="ltr">Amazon Web Services (AWS) training and resources are available for you to learn more about cloud services, developer tools, machine learning, and system architecture.</p><p dir="ltr">Prior supervisor approval is required to complete AWS training. Free training resources are available to anyone at CMS; prior supervisor approval is required for paid AWS training.</p><p dir="ltr"><a href="https://aws.amazon.com/training/">See AWS training</a></p><h3 dir="ltr">Splunk training</h3><p dir="ltr">CMS developers use Splunk to monitor and interpret security data. Splunk offers resources and training to help you get a handle on your systems data.</p><p dir="ltr">Prior supervisor approval is required for Splunks paid training.</p><p dir="ltr"><a href="https://www.splunk.com/en_us/training.html">See Splunk training</a></p><h3 dir="ltr">Fortinet training</h3><p dir="ltr">Fortinets training program includes self-paced and instructor-led courses, as well as practical, experiential exercises that demonstrate mastery of complex network security concepts.</p><p dir="ltr">Fortinet training offers a number of certification levels.&nbsp;</p><p dir="ltr">Prior supervisor approval is required.</p><p dir="ltr"><a href="https://www.fortinet.com/training/cybersecurity-professionals">See Fortinet training</a></p></div></section></div></div></div></div></main><footer class="usa-footer usa-footer--slim"><div class="grid-container"><div class="grid-row flex-align-end"><div class="grid-col"><div class="usa-footer__return-to-top"><a class="font-sans-xs" href="#">Return to top</a></div></div><div class="grid-col padding-bottom-2 padding-top-4 display-flex flex-justify-end"><a class="usa-button" href="/feedback">Give feedback</a></div></div></div><div class="usa-footer__primary-section"><div class="usa-footer__primary-container grid-row"><div class="tablet:grid-col-3"><a class="usa-footer__primary-link" href="/"><img alt="CyberGeek logo" loading="lazy" width="142" height="26" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/CyberGeek-logo.8e9bbd2b.svg"/></a><p class="usa-footer__logo-heading display-none tablet-lg:display-block">The official website of the CMS Information Security and Privacy Group (ISPG)</p></div><div class="tablet:grid-col-12 tablet-lg:grid-col-9"><nav class="usa-footer__nav" aria-label="Footer navigation,"><ul class="grid-row grid-gap"><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="/learn/about-ispg-cybergeek">What is CyberGeek?</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/privacy">Privacy policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/about-cms/information-systems/privacy/vulnerability-disclosure-policy">CMS Vulnerability Disclosure Policy</a></li><li class=" tablet:grid-col-3 desktop:grid-col-auto usa-footer__primary-content "><a class="usa-footer__primary-link" href="https://www.cms.gov/About-CMS/Agency-Information/Aboutwebsite/Policiesforaccessibility">Accessibility</a></li></ul></nav></div></div></div><div class="usa-footer__secondary-section"><div class="grid-container"><div class="usa-footer__logo grid-row grid-gap-2"><div class="mobile-lg:grid-col-3"><a href="https://www.cms.gov/"><img alt="CMS homepage" loading="lazy" width="124" height="29" decoding="async" data-nimg="1" style="color:transparent" src="/_next/static/media/cmsLogo.10a64ce4.svg"/></a></div><div class="mobile-lg:grid-col-7"><p class="font-sans-3xs line-height-sans-3">A federal government website managed and paid for by the U.S. Centers for Medicare &amp; Medicaid Services.</p><address class="font-sans-3xs line-height-sans-3">7500 Security Boulevard, Baltimore, MD 21244</address></div></div></div></div></footer><script>(self.__next_s=self.__next_s||[]).push(["/assets/javascript/uswds.min.js",{}])</script><script src="/_next/static/chunks/webpack-182b67d00f496f9d.js" async=""></script><script>(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script>self.__next_f.push([1,"1:HL[\"/_next/static/css/ef46db3751d8e999.css\",\"style\"]\n2:HL[\"/_next/static/css/0759e90f4fecfde7.css\",\"style\"]\n"])</script><script>self.__next_f.push([1,"3:I[5751,[],\"\"]\n6:I[9275,[],\"\"]\n8:I[1343,[],\"\"]\nb:I[6130,[],\"\"]\n7:[\"slug\",\"cms-cybersecurity-and-privacy-handbook\",\"d\"]\nc:[]\n0:[\"$\",\"$L3\",null,{\"buildId\":\"m9SaS4P6zugJbBHpXSk5Y\",\"assetPrefix\":\"\",\"urlParts\":[\"\",\"policy-guidance\",\"cms-cybersecurity-and-privacy-handbook\"],\"initialTree\":[\"\",{\"children\":[\"policy-guidance\",{\"children\":[[\"slug\",\"cms-cybersecurity-and-privacy-handbook\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[\"policy-guidance\",{\"children\":[[\"slug\",\"cms-cybersecurity-and-privacy-handbook\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L4\",\"$L5\",null],null],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"policy-guidance\",\"children\",\"$7\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[null,[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"policy-guidance\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L8\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/ef46db3751d8e999.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/0759e90f4fecfde7.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],\"$L9\"],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$La\"],\"globalErrorComponent\":\"$b\",\"missingSlots\":\"$Wc\"}]\n"])</script><script>self.__next_f.push([1,"d:I[4080,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"\"]\ne:I[8173,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"Image\"]\nf:I[7529,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n11:I[231,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"\"]\n12:I[7303,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n13:I[8521,[\"489\",\"static/chunks/app/template-d264bab5e3061841.js\"],\"default\"]\n14:I[5922,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"972\",\"static/chunks/972-6e520d137ef194fb.js\",\"931\",\"static/chunks/app/page-cc829e051925e906.js\"],\"default\"]\n15:I[7182,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"default\"]\n16:I[4180,[\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"223\",\"static/chunks/223-bc9ed43510898bbb.js\",\"185\",\"static/chunks/app/layout-9fc24027bc047aa2.js\"],\"TealiumTagManager\"]\n10:Tdced,"])</script><script>self.__next_f.push([1,"{\"id\":\"mega-menu\",\"linkset\":{\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87},\"elements\":[{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}}],\"size\":87,\"tree\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Roles\",\"hierarchy\":[\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/information-system-security-officer-isso\",\"attributes\":{\"title\":\"Information System Security Officer (ISSO)\",\"hierarchy\":[\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook\",\"attributes\":{\"title\":\"ISSO Handbook\",\"hierarchy\":[\"0\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#getting-started-for-new-issos\",\"attributes\":{\"title\":\"Getting started (for new ISSOs)\",\"hierarchy\":[\"0\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-mentorship-program\",\"attributes\":{\"title\":\"ISSO Mentorship Program\",\"hierarchy\":[\"0\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-system-security-officer-isso-handbook#training\",\"attributes\":{\"title\":\"ISSO Training\",\"hierarchy\":[\"0\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/data-guardian\",\"attributes\":{\"title\":\"Data Guardian\",\"hierarchy\":[\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/data-guardian-handbook\",\"attributes\":{\"title\":\"Data Guardian Handbook\",\"hierarchy\":[\"0\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cyber-risk-advisor-cra\",\"attributes\":{\"title\":\"Cyber Risk Advisor (CRA)\",\"hierarchy\":[\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"0\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks#risk-management-handbook-rmh-chapters\",\"attributes\":{\"title\":\"Risk Management Handbook (RMH)\",\"hierarchy\":[\"0\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/business-system-owner\",\"attributes\":{\"title\":\"Business / System Owner (BO/SO)\",\"hierarchy\":[\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity and Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"0\",\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"0\",\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"0\",\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"0\",\"3\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Compliance \u0026 Authorization\",\"hierarchy\":[\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"Authorization to Operate (ATO)\",\"hierarchy\":[\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato\",\"attributes\":{\"title\":\"About ATO at CMS\",\"hierarchy\":[\"1\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#types-of-authorizations\",\"attributes\":{\"title\":\"Types of authorizations\",\"hierarchy\":[\"1\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#ato-stakeholders\",\"attributes\":{\"title\":\"ATO stakeholders\",\"hierarchy\":[\"1\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/authorization-operate-ato#related-documents-and-resources\",\"attributes\":{\"title\":\"ATO tools and resources\",\"hierarchy\":[\"1\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-technical-reference-architecture-tra\",\"attributes\":{\"title\":\"CMS Technical Reference Architecture (TRA)\",\"hierarchy\":[\"1\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"Ongoing Authorization (OA)\",\"hierarchy\":[\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa\",\"attributes\":{\"title\":\"About OA at CMS\",\"hierarchy\":[\"1\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/ongoing-authorization-oa#is-my-system-eligible-for-oa\",\"attributes\":{\"title\":\"OA eligibility requirements\",\"hierarchy\":[\"1\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"1\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Assessments \u0026 Audits\",\"hierarchy\":[\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"1\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"1\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"1\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/security-impact-analysis-sia\",\"attributes\":{\"title\":\"Security Impact Analysis (SIA)\",\"hierarchy\":[\"1\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-audits\",\"attributes\":{\"title\":\"System Audits\",\"hierarchy\":[\"1\",\"2\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Policy \u0026 Guidance\",\"hierarchy\":[\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/cms-policies-and-guidance\",\"attributes\":{\"title\":\"CMS Policies and Guidance\",\"hierarchy\":[\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-acceptable-risk-safeguards-ars\",\"attributes\":{\"title\":\"CMS Acceptable Risk Safeguards (ARS)\",\"hierarchy\":[\"2\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-information-systems-security-privacy-policy-is2p2\",\"attributes\":{\"title\":\"CMS Information Security and Privacy Policy (IS2P2)\",\"hierarchy\":[\"2\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-security-and-privacy-handbooks\",\"attributes\":{\"title\":\"CMS Security and Privacy Handbooks\",\"hierarchy\":[\"2\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-risk-management-framework-rmf\",\"attributes\":{\"title\":\"CMS Risk Management Framework (RMF)\",\"hierarchy\":[\"2\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/email-encryption-requirements-cms\",\"attributes\":{\"title\":\"CMS Email Encryption\",\"hierarchy\":[\"2\",\"0\",\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/federal-policies-and-guidance\",\"attributes\":{\"title\":\"Federal Policies and Guidance\",\"hierarchy\":[\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/national-institute-standards-and-technology-nist\",\"attributes\":{\"title\":\"National Institute of Standards and Technology (NIST)\",\"hierarchy\":[\"2\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/federal-information-security-modernization-act-fisma\",\"attributes\":{\"title\":\"Federal Information Security Modernization Act (FISMA)\",\"hierarchy\":[\"2\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/fedramp\",\"attributes\":{\"title\":\"Federal Risk and Authorization Management Program (FedRAMP)\",\"hierarchy\":[\"2\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"2\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/application-security\",\"attributes\":{\"title\":\"Application Security\",\"hierarchy\":[\"3\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"3\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/zero-trust\",\"attributes\":{\"title\":\"Zero Trust\",\"hierarchy\":[\"3\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"3\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/software-bill-materials-sbom\",\"attributes\":{\"title\":\"Software Bill of Materials (SBOM)\",\"hierarchy\":[\"3\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/security-operations\",\"attributes\":{\"title\":\"Security Operations\",\"hierarchy\":[\"3\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/risk-management-handbook-chapter-8-incident-response-ir\",\"attributes\":{\"title\":\"Incident Response\",\"hierarchy\":[\"3\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"3\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"3\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/risk-management-and-reporting\",\"attributes\":{\"title\":\"Risk Management and Reporting\",\"hierarchy\":[\"3\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"3\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports\",\"hierarchy\":[\"3\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/plan-action-and-milestones-poam\",\"attributes\":{\"title\":\"Plan of Action and Milestones (POA\u0026M)\",\"hierarchy\":[\"3\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy\",\"hierarchy\":[\"4\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Agreements\",\"hierarchy\":[\"4\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-computer-matching-agreement-cma\",\"attributes\":{\"title\":\"Computer Matching Agreement (CMA)\",\"hierarchy\":[\"4\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-information-exchange-agreement-iea\",\"attributes\":{\"title\":\"Information Exchange Agreement (IEA)\",\"hierarchy\":[\"4\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Activities\",\"hierarchy\":[\"4\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/breach-response\",\"attributes\":{\"title\":\"Breach Response\",\"hierarchy\":[\"4\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"4\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/system-records-notice-sorn\",\"attributes\":{\"title\":\"System of Records Notice (SORN)\",\"hierarchy\":[\"4\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Privacy Resources\",\"hierarchy\":[\"4\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/ispg/privacy\",\"attributes\":{\"title\":\"Privacy at CMS\",\"hierarchy\":[\"4\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-breach-response-handbook\",\"attributes\":{\"title\":\"CMS Breach Response Handbook\",\"hierarchy\":[\"4\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/health-insurance-portability-and-accountability-act-1996-hipaa\",\"attributes\":{\"title\":\"Health Insurance Portability and Accessibility Act (HIPAA)\",\"hierarchy\":[\"4\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/policy-guidance/cms-privacy-impact-assessment-pia-handbook\",\"attributes\":{\"title\":\"CMS Privacy Impact Assessment (PIA) Handbook\",\"hierarchy\":[\"4\",\"2\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tools \u0026 Services\",\"hierarchy\":[\"5\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Reporting \u0026 Compliance\",\"hierarchy\":[\"5\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/isso-service\",\"attributes\":{\"title\":\"ISSO As A Service\",\"hierarchy\":[\"5\",\"0\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-fisma-continuous-tracking-system-cfacts\",\"attributes\":{\"title\":\"CFACTS\",\"hierarchy\":[\"5\",\"0\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cyber-risk-reports\",\"attributes\":{\"title\":\"Cyber Risk Reports and Dashboards\",\"hierarchy\":[\"5\",\"0\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/continuous-diagnostics-and-mitigation-cdm\",\"attributes\":{\"title\":\"Continuous Diagnostics and Mitigation (CDM)\",\"hierarchy\":[\"5\",\"0\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"System Security\",\"hierarchy\":[\"5\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/threat-modeling\",\"attributes\":{\"title\":\"Threat Modeling\",\"hierarchy\":[\"5\",\"1\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cloud-services\",\"attributes\":{\"title\":\"CMS Cloud Services\",\"hierarchy\":[\"5\",\"1\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cms-cybersecurity-integration-center-ccic\",\"attributes\":{\"title\":\"CMS Cybersecurity Integration Center (CCIC)\",\"hierarchy\":[\"5\",\"1\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"https://security.cms.gov/learn/cms-security-data-lake-sdl\",\"attributes\":{\"title\":\"CMS Security Data Lake (SDL)\",\"hierarchy\":[\"5\",\"1\",\"3\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"\",\"attributes\":{\"title\":\"Tests \u0026 Assessments\",\"hierarchy\":[\"5\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/cybersecurity-risk-assessment-program-csrap\",\"attributes\":{\"title\":\"Cybersecurity Risk Assessment Program (CSRAP)\",\"hierarchy\":[\"5\",\"2\",\"0\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/penetration-testing-pentesting\",\"attributes\":{\"title\":\"Penetration Testing\",\"hierarchy\":[\"5\",\"2\",\"1\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]},{\"link\":{\"anchor\":\"/system/menu/mega-menu/linkset\",\"rel\":\"item\",\"href\":\"/learn/privacy-impact-assessment-pia\",\"attributes\":{\"title\":\"Privacy Impact Assessment (PIA)\",\"hierarchy\":[\"5\",\"2\",\"2\"],\"machine-name\":[\"mega-menu\"]}},\"children\":[]}]}]}]}"])</script><script>self.__next_f.push([1,"9:[\"$\",\"html\",null,{\"lang\":\"en\",\"children\":[[\"$\",\"head\",null,{\"children\":[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds-init.min.js\",\"strategy\":\"beforeInteractive\"}]}],[\"$\",\"body\",null,{\"children\":[[[\"$\",\"a\",null,{\"className\":\"usa-skipnav\",\"href\":\"#main\",\"children\":\"Skip to main content\"}],[\"$\",\"section\",null,{\"className\":\"usa-banner\",\"aria-label\":\"Official website of the United States government\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-accordion\",\"children\":[[\"$\",\"header\",null,{\"className\":\"usa-banner__header\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-banner__inner\",\"children\":[[\"$\",\"div\",null,{\"className\":\"grid-col-auto\",\"children\":[\"$\",\"$Le\",null,{\"aria-hidden\":\"true\",\"className\":\"usa-banner__header-flag\",\"src\":\"/assets/img/us_flag_small.png\",\"alt\":\"\",\"width\":\"16\",\"height\":\"11\"}]}],[\"$\",\"div\",null,{\"className\":\"grid-col-fill tablet:grid-col-auto\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"p\",null,{\"className\":\"usa-banner__header-text\",\"children\":\"An official website of the United States government\"}],[\"$\",\"p\",null,{\"className\":\"usa-banner__header-action\",\"children\":\"Here's how you know\"}]]}],[\"$\",\"button\",null,{\"type\":\"button\",\"className\":\"usa-accordion__button usa-banner__button\",\"aria-expanded\":\"false\",\"aria-controls\":\"gov-banner-default-default\",\"children\":[\"$\",\"span\",null,{\"className\":\"usa-banner__button-text\",\"children\":\"Here's how you know\"}]}]]}]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__content usa-accordion__content\",\"id\":\"gov-banner-default-default\",\"hidden\":true,\"children\":[\"$\",\"div\",null,{\"className\":\"grid-row grid-gap-lg\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-dot-gov.3e9cb1b5.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Official websites use .gov\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\".gov\"}],\" website belongs to an official government organization in the United States.\"]}]}]]}],[\"$\",\"div\",null,{\"className\":\"usa-banner__guidance tablet:grid-col-6\",\"children\":[[\"$\",\"$Le\",null,{\"className\":\"usa-banner__icon usa-media-block__img\",\"src\":{\"src\":\"/_next/static/media/icon-https.e7f1a222.svg\",\"height\":64,\"width\":64,\"blurWidth\":0,\"blurHeight\":0},\"role\":\"img\",\"alt\":\"\",\"aria-hidden\":\"true\",\"width\":\"40\",\"height\":\"40\"}],[\"$\",\"div\",null,{\"className\":\"usa-media-block__body\",\"children\":[\"$\",\"p\",null,{\"children\":[[\"$\",\"strong\",null,{\"children\":\"Secure .gov websites use HTTPS\"}],[\"$\",\"br\",null,{}],\"A \",[\"$\",\"strong\",null,{\"children\":\"lock\"}],\" (\",[\"$\",\"span\",null,{\"className\":\"icon-lock\",\"children\":[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":\"52\",\"height\":\"64\",\"viewBox\":\"0 0 52 64\",\"className\":\"usa-banner__lock-image\",\"role\":\"img\",\"aria-labelledby\":\"banner-lock-description-default\",\"focusable\":\"false\",\"children\":[[\"$\",\"title\",null,{\"id\":\"banner-lock-title-default\",\"children\":\"Lock\"}],[\"$\",\"desc\",null,{\"id\":\"banner-lock-description-default\",\"children\":\"Locked padlock icon\"}],[\"$\",\"path\",null,{\"fill\":\"#000000\",\"fillRule\":\"evenodd\",\"d\":\"M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z\"}]]}]}],\") or \",[\"$\",\"strong\",null,{\"children\":\"https://\"}],\" means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.\"]}]}]]}]]}]}]]}]}]],[\"$\",\"$Lf\",null,{\"value\":\"$10\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-overlay\"}],[\"$\",\"header\",null,{\"className\":\"usa-header usa-header--extended\",\"children\":[[\"$\",\"div\",null,{\"className\":\"bg-primary-dark\",\"children\":[\"$\",\"div\",null,{\"className\":\"usa-navbar\",\"children\":[[\"$\",\"div\",null,{\"className\":\"usa-logo padding-y-4 padding-right-3\",\"id\":\"CyberGeek-logo\",\"children\":[\"$\",\"$L11\",null,{\"href\":\"/\",\"title\":\"CMS CyberGeek Home\",\"children\":[\"$\",\"$Le\",null,{\"src\":{\"src\":\"/_next/static/media/CyberGeek-logo.8e9bbd2b.svg\",\"height\":50,\"width\":425,\"blurWidth\":0,\"blurHeight\":0},\"alt\":\"CyberGeek logo\",\"width\":\"298\",\"height\":\"35\",\"priority\":true}]}]}],[\"$\",\"button\",null,{\"aria-label\":\"Open menu\",\"type\":\"button\",\"className\":\"usa-menu-btn\",\"data-cy\":\"menu-button\",\"children\":\"Menu\"}]]}]}],[\"$\",\"$L12\",null,{}]]}]]}],[\"$\",\"main\",null,{\"id\":\"main\",\"children\":[\"$\",\"$L6\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$L13\",null,{\"children\":[\"$\",\"$L8\",null,{}]}],\"templateStyles\":[],\"templateScripts\":[],\"notFound\":[\"$\",\"section\",null,{\"className\":\"hero hero--theme-content-not-found undefined\",\"children\":[[\"$\",\"$Le\",null,{\"alt\":\"404 page not found\",\"className\":\"hero__graphic\",\"priority\":true,\"src\":{\"src\":\"/_next/static/media/content-not-found-graphic.8f104f47.svg\",\"height\":551,\"width\":948,\"blurWidth\":0,\"blurHeight\":0}}],[\"$\",\"div\",null,{\"className\":\"maxw-widescreen margin-x-auto padding-x-2 desktop:padding-x-0 padding-top-4 padding-bottom-6 desktop:padding-y-7\",\"children\":[\"$\",\"div\",null,{\"className\":\"tablet:grid-container position-relative \",\"children\":[\"$\",\"div\",null,{\"className\":\"hero__row grid-row grid-gap\",\"children\":[[\"$\",\"div\",null,{\"className\":\"tablet:grid-col-5 widescreen:position-relative\",\"children\":[false,false]}],[\"$\",\"div\",null,{\"className\":\"hero__column tablet:grid-col-7 flow padding-bottom-2\",\"children\":[\"$undefined\",\"$undefined\",false,[\"$\",\"h1\",null,{\"className\":\"hero__heading margin-0 line-height-sans-3 desktop:line-height-sans-2\",\"children\":\"We can't find that page.\"}],\"$undefined\",\"$undefined\",false,[\"$\",\"div\",null,{\"children\":[[\"$\",\"div\",null,{\"className\":\"hero__description\",\"children\":[[\"The page you're looking for may have been moved or retired. You can\",\" \",[\"$\",\"$L11\",null,{\"href\":\"/\",\"children\":\"visit our home page\"}],\" or use the search box to find helpful resources.\"]]}],[\"$\",\"div\",null,{\"className\":\"margin-top-6 search-container\",\"children\":[\"$\",\"$L14\",null,{\"theme\":\"content-not-found\"}]}]]}],false]}],false,false]}]}]}]]}],\"notFoundStyles\":[]}]}],[\"$\",\"$L15\",null,{}],[\"$\",\"$L16\",null,{}],[\"$\",\"$Ld\",null,{\"src\":\"/assets/javascript/uswds.min.js\",\"strategy\":\"beforeInteractive\"}]]}]]}]\n"])</script><script>self.__next_f.push([1,"17:I[3055,[\"866\",\"static/chunks/e37a0b60-b74be3d42787b18d.js\",\"30\",\"static/chunks/30-49b1c1429d73281d.js\",\"317\",\"static/chunks/317-0f87feacc1712b2f.js\",\"904\",\"static/chunks/904-dbddf7494c3e6975.js\",\"549\",\"static/chunks/549-c87c1c3bbacc319f.js\",\"907\",\"static/chunks/app/policy-guidance/%5Bslug%5D/page-d95d3b4ebc8065f9.js\"],\"default\"]\n18:T5126,"])</script><script>self.__next_f.push([1,"\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eIntroduction\u003c/strong\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eAt CMS, we prioritize the security of our data, systems, and your work environment. Every person here is part of our effort to keep CMS information and beneficiary data safe. Security and privacy are everyone's job. Being aware of cyber threats is an ongoing responsibility that we all share.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThis handbook will be your companion for security and privacy awareness, whether you're new to CMS or have been with us for a while. It can also guide you to training opportunities that help you advance your knowledge and skills in areas specific to your role.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eNew hires and contractors will find information on the ISSPA security training they need to complete. Current employees will learn about renewing ISSPA training, plus other training and career development opportunities available to them. Everyone gets pointers on cybersecurity basics, events, and resources at CMS.\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eTake required ISSPA training\u003c/strong\u003e\u003c/h2\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eWhat is ISSPA training?\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eInformation System Security and Privacy Awareness (ISSPA)\u0026nbsp;\u003c/strong\u003etraining covers the basics of information security and privacy, so everyone can do their part to keep sensitive data safe. It's hosted in the CMS learning management system (CBT/LMS).\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eAll CMS employees and contractors must take ISSPA training each year.\u003c/strong\u003e New employees first take it when they are hired. Current employees renew their training once every year after that.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eTaking your ISSPA training satisfies three requirements:\u003c/p\u003e\u003col\u003e\u003cli dir=\"ltr\"\u003eMandatory cybersecurity training (required for all CMS contractors)\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eRole Based Training\u003c/a\u003e (RBT) (required for people at CMS with security responsibilities)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSigning the HHS Rules of Behavior (required for everyone working at CMS)\u003c/li\u003e\u003c/ol\u003e\u003cp dir=\"ltr\"\u003eWhen the due date for renewing your ISSPA training is near, you will get an email reminder.\u0026nbsp;\u003cstrong\u003eYou must complete the training before your due date, or you will be locked out of CMS systems.\u003c/strong\u003e If that happens, you will need to go through an extension process to complete the training and regain your access.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eInstructions for completing your ISSPA training are outlined in the next section. You can also\u0026nbsp;\u003ca href=\"https://www.youtube.com/watch?v=axPj2GVZZD4\"\u003e\u003cstrong\u003ewatch this video explainer\u003c/strong\u003e\u003c/a\u003e to see a step-by-step tutorial.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eHow does ISSPA relate to RBT?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eCMS is responsible for providing \u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eRole Based Training (RBT)\u003c/a\u003e to Federal staff and direct support contractors who have significant security or privacy responsibilities.\u0026nbsp; The RBT provided by CMS is imbedded in the yearly required annual Information Systems Security and Privacy Awareness (ISSPA) Training.\u0026nbsp; This training covers the security and privacy policies, procedures, and skills needed for the respective roles and satisfies both the role and annual requirements. (This is described above.)\u003c/p\u003e\u003cp\u003eSome roles may require \u003cstrong\u003eadditional RBT\u003c/strong\u003e due to specific security and privacy responsibilities. You may find relevant training for your role in the \u003ca href=\"https://cms-lms.usalearning.net/\"\u003eCMS Computer Based Training/Learning Management System\u003c/a\u003e (CMS login required). You can also talk to your supervisor to see what RBT you need.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eHow to access ISSPA in the CBT/LMS\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThere are two ways to get into the CMS learning management system (CBT/LMS), where your personalized dashboard shows what training you need to complete.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003e1. Use a direct URL\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eGo to\u0026nbsp;\u003ca href=\"https://cms-lms.usalearning.net/\"\u003ecms-lms.usalearning.net\u003c/a\u003e (formerly cms.gov/cbt)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eLog in using your 4-character CMS user ID and your password, or use your CMS PIV card\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003e2. Use your IDM dashboard\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eGo to your\u0026nbsp;\u003ca href=\"https://idm.cms.gov/app/UserHome\"\u003eIDM dashboard\u003c/a\u003e (you'll be redirected to login if you're not already logged in)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSelect the\u0026nbsp;\u003cstrong\u003eISPG LMS\u003c/strong\u003e button to go to the CBT/LMS\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eIf you have trouble logging in, you can:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eConsult the\u0026nbsp;\u003ca href=\"https://cms-lms.usalearning.net/mod/resource/view.php?id=249\"\u003eLogging In Job Aid\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCall the CMS LMS Helpdesk at 202-753-0845 (MonFri, 8:30am6:00pm ET)\u003c/li\u003e\u003c/ul\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eHow to get credit for ISSPA training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eMake sure you complete all items below when you are in the CBT/LMS taking your ISSPA training. If you leave any of these undone, you wont get credit for taking it.\u003c/p\u003e\u003col\u003e\u003cli dir=\"ltr\"\u003eComplete your ISSPA training\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSign and upload page 8 of the Rules of Behavior\u003c/li\u003e\u003cli dir=\"ltr\"\u003e*Optional- Complete the brief post-course evaluation\u003c/li\u003e\u003c/ol\u003e\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eExplore personalized training\u003c/strong\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eISSPA training is just one way to expand your cybersecurity knowledge using the CBT/LMS.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eCMS offers a variety of security and privacy awareness and training, and recommends educational resources to benefit the CMS community. The CBT/LMS also tracks your personal learning journey, so you can get credit for required training and get recommendations for additional training specific to your role.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eResources and offerings include online training, videos, quick guides, podcasts, and documentation, all designed to deepen your knowledge about security related topics at CMS.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://cms-lms.usalearning.net/\"\u003eSee training offerings in the CBT/LMS\u003c/a\u003e (CMS login required)\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eCFACTS training (for new ISSOs / CRAs)\u003c/h2\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://cfacts3.cms.cmsnet/\"\u003eCFACTS\u003c/a\u003e is the CMS governance, risk, and compliance tool used as a repository to manage its information systems security and privacy requirements. The CFACTS platform provides a common foundation to manage policies, controls, risks, assessments, and deficiencies across all CMS systems.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe Training \u0026amp; Awareness Team at CMS offers several training sessions every year, designed to provide you with the knowledge you need to use CFACTS effectively.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eWho should take this course?\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eIf youre an\u0026nbsp;\u003cstrong\u003eISSO or CRA\u003c/strong\u003e and\u0026nbsp;\u003cstrong\u003enew to the CMS Cybersecurity program\u003c/strong\u003e, this introductory training session was designed for you. Youll learn about roles and responsibilities, security controls, security assessment remediation plans of action, and more.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eWe have sessions available in 2024 in August and October.\u0026nbsp;\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eWhat will you learn in this course?\u0026nbsp;\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThis course will use the CMS FISMA Continuous Tracking System (CFACTS) mapped to the steps within the \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist#nist-risk-management-framework-rmf\"\u003eRisk Management Framework (RMF)\u003c/a\u003e. Topics you will learn about in this session:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eUnderstanding roles and responsibilities\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCategorizing and implementing security controls\u003c/li\u003e\u003cli dir=\"ltr\"\u003eMilestones in the security assessment remediation plan of action\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/37/r2/final\"\u003eNIST Special Publication 800-37\u003c/a\u003e, ”Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy”\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\"\u003eNIST Special Publication 800-53\u003c/a\u003e, “Security and Privacy Controls for Federal Information Systems and Organizations”\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/system-security-and-privacy-plan-sspp\"\u003eSystem Security and Privacy Plan (SSPP)\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003eAuthorization to Operate (ATO) packages to request for FISMA certification\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003eCourse details\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThese are the sessions remaining in 2024. Each training consists of\u0026nbsp;\u003cstrong\u003etwo sessions\u003c/strong\u003e across\u0026nbsp;\u003cstrong\u003etwo days\u003c/strong\u003e:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eOctober 29 and 30\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eThis course is NOT a hands-on session using CFACTS — it is a presentation of \u003cstrong\u003eintroductory concepts\u003c/strong\u003e. Experienced ISSOs and CRAs who have been working in CFACTS for awhile should not attend this course.\u0026nbsp;\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eReserve your spot\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eSend an email to\u0026nbsp;\u003ca href=\"mailto:cmsispgtrainers@cms.hhs.gov\"\u003ecmsispgtrainers@cms.hhs.gov\u003c/a\u003e. Include:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eSubject line: CFACTS Training Registration\u003c/li\u003e\u003cli dir=\"ltr\"\u003eYour name\u003c/li\u003e\u003cli dir=\"ltr\"\u003eDates of the course you want to attend\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eWe will reply to your email to confirm your registration and give you further details. If you have questions, email the Training \u0026amp; Awareness Team:\u0026nbsp;\u003ca href=\"mailto:CMSISPGTrainers@cms.hhs.gov\"\u003eCMSISPGTrainers@cms.hhs.gov\u003c/a\u003e or find us in the CMS Slack channel: \u003cem\u003e#cyber-training-support.\u003c/em\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003ePractice everyday security\u003c/strong\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eYour role in keeping CMS information safe doesnt end after you take cybersecurity training. Thats just the beginning! Practicing security awareness and avoiding security risks is an everyday task that is everyones job.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe information in this handbook will help you practice “everyday security” in the workplace. But we also provide you with tips for digital safety in all areas of your life through the\u0026nbsp;\u003cstrong\u003eCyber360\u003c/strong\u003e campaign, a yearlong series to help CMS employees build security awareness to protect themselves and their families.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/posts/cyber360\"\u003eLearn more about Cyber360 here\u003c/a\u003e — and dont forget to save the date for\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-cyberworks\"\u003e\u003cstrong\u003eCMS CyberWorks\u003c/strong\u003e\u003c/a\u003e. Every October, this annual cybersecurity festival includes the Cyber360 finale and much more.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eFollowing are cybersecurity topics and tips that everyone at CMS needs to be familiar with. When you make security awareness a priority in your daily work, you help protect the sensitive information of millions of beneficiaries who entrust their personal data to CMS for healthcare services and benefits.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eProtect PII and PHI\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003ePersonally Identifiable Information (PII) and Protected Health Information (PHI) are two major kinds of information that CMS has access to and that require special handling and treatment. Theyre attractive targets for bad actors. Safeguarding both kinds of information is one of your major responsibilities as part of CMS.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003ePersonally Identifiable Information (PII)\u003c/strong\u003e is any information that can be used to identify a specific individual. PII is sensitive, and requires special protection due to the risks associated with its misuse.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eExamples of PII include full names, Social Security Numbers, addresses, bank account numbers, fingerprints, employee IDs, and email addresses. This is not a comprehensive list — many other kinds of information are considered PII!\u003c/p\u003e\u003cp dir=\"ltr\"\u003eDetermining whether or not certain information counts as PII can require a case-by-case assessment of whether an individuals identity can be revealed by piecing information together.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMore guidance for identifying PII can be found in the ISSPA training.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eProtected Health Information (PHI)\u003c/strong\u003e at CMS is any individually identifiable health information that is held or transmitted by a covered entity or its business associates and that is related to the physical or mental health or condition of an individual.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eExamples of PHI include prescription information, health plan beneficiary numbers, and medical records. As with PII, this is not a full list, and many other kinds of information can be PHI.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMore guidance for identifying PHI can be found in the ISSPA training.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eReporting breaches and incidents\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eAny time you suspect that PII or PHI has been used or shared in an unauthorized manner, report the incident to the CMS Information Technology Service Desk.\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003ePhone:\u0026nbsp;\u003cstrong\u003e410-786-2580\u003c/strong\u003e or\u0026nbsp;\u003cstrong\u003e800-562-1963\u003c/strong\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEmail:\u0026nbsp;\u003ca href=\"mailto:CMS_IT_Service_Desk@cms.hhs.gov\"\u003eCMS_IT_Service_Desk@cms.hhs.gov\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003ca href=\"https://security.cms.gov/policy-guidance/cms-breach-response-handbook#reporting-incidents-and-breaches\"\u003eCMS Breach Response Handbook\u003c/a\u003e is a comprehensive guide to breaches and incidents, with more information about each kind, how to report them, and what happens next.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eWatch out for phishing\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003ePhishing by email or text message is one of the most popular social engineering attacks.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003ePhishers typically pretend to be a person or business familiar to you. They use a sense of urgency to hijack your normal desire to be helpful. Their goal is to get you to reveal sensitive information, or to click on a file or link that could introduce malware or ransomware to the CMS network.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMore guidance on phishing can be found\u0026nbsp;\u003ca href=\"https://cms-lms.usalearning.net/course/view.php?id=13\"\u003ehere in the CBT/LMS\u003c/a\u003e (CMS login required).\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003ePassword security\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eWhen setting up login credentials for CMS accounts (such as your 4-character CMS user ID), use the most secure passwords you can. The stronger and longer your password is, the better.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eCreate complex passwords using a combination of uppercase and lowercase letters, numbers, and special characters. Avoid easily guessable information and use unique passwords for each account.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eNever reuse your CMS password.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eFor policy guidance on setting up passwords for CMS systems, see\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/password-requirements\"\u003ePassword Requirements\u003c/a\u003e.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eCMS email accounts\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eYour CMS email is a business email address, provided to you for business use only.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eDo not use your CMS email address for shopping, entertainment, or other personal websites. Use a personal email address for personal use.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eUsing your CMS email address for non-business purposes adds risk, cost, and difficulty to maintaining cybersecurity at CMS.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eBeware free public WiFi\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eDo not use \"free\" public WiFi networks in places like airports or restaurants for CMS business.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThey are often fake networks run by hackers. When you log in to one, bad actors get access to your personal data and CMS information.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eProtect your hardware and workspace\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eProtect CMS systems and information by securing your computer and mobile devices when you're not using them. Set your devices and screens to automatically lock after a few minutes of inactivity. Dont leave devices unattended unless they are in a secure space, such as a closed office or your home.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eSafeguard your home workspace. Be aware of windows that could provide a way for someone to glimpse CMS sensitive information. Keep your home locked when you leave.\u0026nbsp;\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eRules for foreign travel\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eDo not take CMS computers, cell phones, and other equipment furnished by the government with you on personal foreign travel.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIt is not permitted to access CMS information systems on personal foreign travel. This includes use of a virtual desktop application.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf you will need to access CMS systems during approved, official travel, contact the CMS International Travel Team via email:\u0026nbsp;international@cms.hhs.gov.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eStart this process in advance (10 or more days before you depart) so you can complete all requirements.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eLevel up your security expertise\u003c/strong\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eYou have access to many government and industry resources beyond what CMS provides in the CBT/LMS. You can take courses, strengthen your skills, earn continuing education units, and even earn professional certifications. Cybersecurity training resources are outlined below.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eHHS training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003cstrong\u003eDepartment of Health and Human Services (HHS)\u003c/strong\u003e\u0026nbsp;\u003cstrong\u003eLearning Portal\u003c/strong\u003e provides many professional development courses, including cybersecurity certification preparatory training and continuing education unit (CEUs). To access these courses:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eFederal government employees:\u003c/strong\u003e Log in to the\u0026nbsp;\u003ca href=\"https://ams.hhs.gov/amsLogin/SimpleLogin.jsp\"\u003eHHS Learning Portal\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eContractors:\u003c/strong\u003e Email the Training and Awareness Team at\u0026nbsp;\u003ca href=\"https://cybergeek-epsilon.batcave-ispg-nonprod.internal.cms.gov/policy-guidance/CMSISPGTrainers@cms.hhs.gov\"\u003eCMSISPGTrainers@cms.hhs.gov\u003c/a\u003e. Include your name, the class you want to attend, and contact information for your approving government supervisor.\u003c/li\u003e\u003c/ul\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eCISA training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCybersecurity and Infrastructure Security Agency (CISA)\u003c/strong\u003e offers training for federal employees, private-sector cybersecurity professionals, critical infrastructure operators, educational partners, and the general public.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://www.cisa.gov/topics/cybersecurity-best-practices/cybersecurity-education-career-development\"\u003eExplore CISA training opportunities\u003c/a\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eNICCS training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003cstrong\u003eNational Initiative for Cybersecurity Careers and Studies (NICCS)\u003c/strong\u003e helps people find cybersecurity education and training to advance their careers and close skill gaps across the workforce.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://niccs.cisa.gov/\"\u003eExplore NICCS training opportunities\u003c/a\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eFedVTE training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003cstrong\u003eFederal Virtual Training Environment (FedVTE)\u003c/strong\u003e provides free online cybersecurity training to federal, state, local, tribal, and territorial government employees, federal contractors, and US military veterans.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eCMS employees and contractors interested in FedVTE training will need to get an account to login and prior approval from their supervisor.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://fedvte.usalearning.gov/\"\u003eSee FedVTE training\u003c/a\u003e for the full catalog of program offerings.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eAWS training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eAmazon Web Services (AWS) training and resources are available for you to learn more about cloud services, developer tools, machine learning, and system architecture.\u003c/p\u003e\u003cp dir=\"ltr\"\u003ePrior supervisor approval is required to complete AWS training. Free training resources are available to anyone at CMS; prior supervisor approval is required for paid AWS training.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://aws.amazon.com/training/\"\u003eSee AWS training\u003c/a\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eSplunk training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eCMS developers use Splunk to monitor and interpret security data. Splunk offers resources and training to help you get a handle on your systems data.\u003c/p\u003e\u003cp dir=\"ltr\"\u003ePrior supervisor approval is required for Splunks paid training.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://www.splunk.com/en_us/training.html\"\u003eSee Splunk training\u003c/a\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eFortinet training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eFortinets training program includes self-paced and instructor-led courses, as well as practical, experiential exercises that demonstrate mastery of complex network security concepts.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eFortinet training offers a number of certification levels.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003ePrior supervisor approval is required.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://www.fortinet.com/training/cybersecurity-professionals\"\u003eSee Fortinet training\u003c/a\u003e\u003c/p\u003e"])</script><script>self.__next_f.push([1,"19:T5126,"])</script><script>self.__next_f.push([1,"\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eIntroduction\u003c/strong\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eAt CMS, we prioritize the security of our data, systems, and your work environment. Every person here is part of our effort to keep CMS information and beneficiary data safe. Security and privacy are everyone's job. Being aware of cyber threats is an ongoing responsibility that we all share.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThis handbook will be your companion for security and privacy awareness, whether you're new to CMS or have been with us for a while. It can also guide you to training opportunities that help you advance your knowledge and skills in areas specific to your role.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eNew hires and contractors will find information on the ISSPA security training they need to complete. Current employees will learn about renewing ISSPA training, plus other training and career development opportunities available to them. Everyone gets pointers on cybersecurity basics, events, and resources at CMS.\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eTake required ISSPA training\u003c/strong\u003e\u003c/h2\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eWhat is ISSPA training?\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eInformation System Security and Privacy Awareness (ISSPA)\u0026nbsp;\u003c/strong\u003etraining covers the basics of information security and privacy, so everyone can do their part to keep sensitive data safe. It's hosted in the CMS learning management system (CBT/LMS).\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eAll CMS employees and contractors must take ISSPA training each year.\u003c/strong\u003e New employees first take it when they are hired. Current employees renew their training once every year after that.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eTaking your ISSPA training satisfies three requirements:\u003c/p\u003e\u003col\u003e\u003cli dir=\"ltr\"\u003eMandatory cybersecurity training (required for all CMS contractors)\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eRole Based Training\u003c/a\u003e (RBT) (required for people at CMS with security responsibilities)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSigning the HHS Rules of Behavior (required for everyone working at CMS)\u003c/li\u003e\u003c/ol\u003e\u003cp dir=\"ltr\"\u003eWhen the due date for renewing your ISSPA training is near, you will get an email reminder.\u0026nbsp;\u003cstrong\u003eYou must complete the training before your due date, or you will be locked out of CMS systems.\u003c/strong\u003e If that happens, you will need to go through an extension process to complete the training and regain your access.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eInstructions for completing your ISSPA training are outlined in the next section. You can also\u0026nbsp;\u003ca href=\"https://www.youtube.com/watch?v=axPj2GVZZD4\"\u003e\u003cstrong\u003ewatch this video explainer\u003c/strong\u003e\u003c/a\u003e to see a step-by-step tutorial.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eHow does ISSPA relate to RBT?\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eCMS is responsible for providing \u003ca href=\"https://security.cms.gov/learn/role-based-training-rbt\"\u003eRole Based Training (RBT)\u003c/a\u003e to Federal staff and direct support contractors who have significant security or privacy responsibilities.\u0026nbsp; The RBT provided by CMS is imbedded in the yearly required annual Information Systems Security and Privacy Awareness (ISSPA) Training.\u0026nbsp; This training covers the security and privacy policies, procedures, and skills needed for the respective roles and satisfies both the role and annual requirements. (This is described above.)\u003c/p\u003e\u003cp\u003eSome roles may require \u003cstrong\u003eadditional RBT\u003c/strong\u003e due to specific security and privacy responsibilities. You may find relevant training for your role in the \u003ca href=\"https://cms-lms.usalearning.net/\"\u003eCMS Computer Based Training/Learning Management System\u003c/a\u003e (CMS login required). You can also talk to your supervisor to see what RBT you need.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eHow to access ISSPA in the CBT/LMS\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThere are two ways to get into the CMS learning management system (CBT/LMS), where your personalized dashboard shows what training you need to complete.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003e1. Use a direct URL\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eGo to\u0026nbsp;\u003ca href=\"https://cms-lms.usalearning.net/\"\u003ecms-lms.usalearning.net\u003c/a\u003e (formerly cms.gov/cbt)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eLog in using your 4-character CMS user ID and your password, or use your CMS PIV card\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003e2. Use your IDM dashboard\u003c/strong\u003e\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eGo to your\u0026nbsp;\u003ca href=\"https://idm.cms.gov/app/UserHome\"\u003eIDM dashboard\u003c/a\u003e (you'll be redirected to login if you're not already logged in)\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSelect the\u0026nbsp;\u003cstrong\u003eISPG LMS\u003c/strong\u003e button to go to the CBT/LMS\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eIf you have trouble logging in, you can:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eConsult the\u0026nbsp;\u003ca href=\"https://cms-lms.usalearning.net/mod/resource/view.php?id=249\"\u003eLogging In Job Aid\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCall the CMS LMS Helpdesk at 202-753-0845 (MonFri, 8:30am6:00pm ET)\u003c/li\u003e\u003c/ul\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eHow to get credit for ISSPA training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eMake sure you complete all items below when you are in the CBT/LMS taking your ISSPA training. If you leave any of these undone, you wont get credit for taking it.\u003c/p\u003e\u003col\u003e\u003cli dir=\"ltr\"\u003eComplete your ISSPA training\u003c/li\u003e\u003cli dir=\"ltr\"\u003eSign and upload page 8 of the Rules of Behavior\u003c/li\u003e\u003cli dir=\"ltr\"\u003e*Optional- Complete the brief post-course evaluation\u003c/li\u003e\u003c/ol\u003e\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eExplore personalized training\u003c/strong\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eISSPA training is just one way to expand your cybersecurity knowledge using the CBT/LMS.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eCMS offers a variety of security and privacy awareness and training, and recommends educational resources to benefit the CMS community. The CBT/LMS also tracks your personal learning journey, so you can get credit for required training and get recommendations for additional training specific to your role.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eResources and offerings include online training, videos, quick guides, podcasts, and documentation, all designed to deepen your knowledge about security related topics at CMS.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://cms-lms.usalearning.net/\"\u003eSee training offerings in the CBT/LMS\u003c/a\u003e (CMS login required)\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003eCFACTS training (for new ISSOs / CRAs)\u003c/h2\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://cfacts3.cms.cmsnet/\"\u003eCFACTS\u003c/a\u003e is the CMS governance, risk, and compliance tool used as a repository to manage its information systems security and privacy requirements. The CFACTS platform provides a common foundation to manage policies, controls, risks, assessments, and deficiencies across all CMS systems.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe Training \u0026amp; Awareness Team at CMS offers several training sessions every year, designed to provide you with the knowledge you need to use CFACTS effectively.\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eWho should take this course?\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eIf youre an\u0026nbsp;\u003cstrong\u003eISSO or CRA\u003c/strong\u003e and\u0026nbsp;\u003cstrong\u003enew to the CMS Cybersecurity program\u003c/strong\u003e, this introductory training session was designed for you. Youll learn about roles and responsibilities, security controls, security assessment remediation plans of action, and more.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eWe have sessions available in 2024 in August and October.\u0026nbsp;\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eWhat will you learn in this course?\u0026nbsp;\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThis course will use the CMS FISMA Continuous Tracking System (CFACTS) mapped to the steps within the \u003ca href=\"https://security.cms.gov/learn/national-institute-standards-and-technology-nist#nist-risk-management-framework-rmf\"\u003eRisk Management Framework (RMF)\u003c/a\u003e. Topics you will learn about in this session:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eUnderstanding roles and responsibilities\u003c/li\u003e\u003cli dir=\"ltr\"\u003eCategorizing and implementing security controls\u003c/li\u003e\u003cli dir=\"ltr\"\u003eMilestones in the security assessment remediation plan of action\u0026nbsp;\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/37/r2/final\"\u003eNIST Special Publication 800-37\u003c/a\u003e, ”Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy”\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final\"\u003eNIST Special Publication 800-53\u003c/a\u003e, “Security and Privacy Controls for Federal Information Systems and Organizations”\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/learn/system-security-and-privacy-plan-sspp\"\u003eSystem Security and Privacy Plan (SSPP)\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003eAuthorization to Operate (ATO) packages to request for FISMA certification\u003c/li\u003e\u003c/ul\u003e\u003ch3\u003e\u003cstrong\u003eCourse details\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThese are the sessions remaining in 2024. Each training consists of\u0026nbsp;\u003cstrong\u003etwo sessions\u003c/strong\u003e across\u0026nbsp;\u003cstrong\u003etwo days\u003c/strong\u003e:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eOctober 29 and 30\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eThis course is NOT a hands-on session using CFACTS — it is a presentation of \u003cstrong\u003eintroductory concepts\u003c/strong\u003e. Experienced ISSOs and CRAs who have been working in CFACTS for awhile should not attend this course.\u0026nbsp;\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eReserve your spot\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eSend an email to\u0026nbsp;\u003ca href=\"mailto:cmsispgtrainers@cms.hhs.gov\"\u003ecmsispgtrainers@cms.hhs.gov\u003c/a\u003e. Include:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003eSubject line: CFACTS Training Registration\u003c/li\u003e\u003cli dir=\"ltr\"\u003eYour name\u003c/li\u003e\u003cli dir=\"ltr\"\u003eDates of the course you want to attend\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eWe will reply to your email to confirm your registration and give you further details. If you have questions, email the Training \u0026amp; Awareness Team:\u0026nbsp;\u003ca href=\"mailto:CMSISPGTrainers@cms.hhs.gov\"\u003eCMSISPGTrainers@cms.hhs.gov\u003c/a\u003e or find us in the CMS Slack channel: \u003cem\u003e#cyber-training-support.\u003c/em\u003e\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003ePractice everyday security\u003c/strong\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eYour role in keeping CMS information safe doesnt end after you take cybersecurity training. Thats just the beginning! Practicing security awareness and avoiding security risks is an everyday task that is everyones job.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThe information in this handbook will help you practice “everyday security” in the workplace. But we also provide you with tips for digital safety in all areas of your life through the\u0026nbsp;\u003cstrong\u003eCyber360\u003c/strong\u003e campaign, a yearlong series to help CMS employees build security awareness to protect themselves and their families.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://security.cms.gov/posts/cyber360\"\u003eLearn more about Cyber360 here\u003c/a\u003e — and dont forget to save the date for\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/cms-cyberworks\"\u003e\u003cstrong\u003eCMS CyberWorks\u003c/strong\u003e\u003c/a\u003e. Every October, this annual cybersecurity festival includes the Cyber360 finale and much more.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eFollowing are cybersecurity topics and tips that everyone at CMS needs to be familiar with. When you make security awareness a priority in your daily work, you help protect the sensitive information of millions of beneficiaries who entrust their personal data to CMS for healthcare services and benefits.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eProtect PII and PHI\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003ePersonally Identifiable Information (PII) and Protected Health Information (PHI) are two major kinds of information that CMS has access to and that require special handling and treatment. Theyre attractive targets for bad actors. Safeguarding both kinds of information is one of your major responsibilities as part of CMS.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003ePersonally Identifiable Information (PII)\u003c/strong\u003e is any information that can be used to identify a specific individual. PII is sensitive, and requires special protection due to the risks associated with its misuse.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eExamples of PII include full names, Social Security Numbers, addresses, bank account numbers, fingerprints, employee IDs, and email addresses. This is not a comprehensive list — many other kinds of information are considered PII!\u003c/p\u003e\u003cp dir=\"ltr\"\u003eDetermining whether or not certain information counts as PII can require a case-by-case assessment of whether an individuals identity can be revealed by piecing information together.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMore guidance for identifying PII can be found in the ISSPA training.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eProtected Health Information (PHI)\u003c/strong\u003e at CMS is any individually identifiable health information that is held or transmitted by a covered entity or its business associates and that is related to the physical or mental health or condition of an individual.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eExamples of PHI include prescription information, health plan beneficiary numbers, and medical records. As with PII, this is not a full list, and many other kinds of information can be PHI.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMore guidance for identifying PHI can be found in the ISSPA training.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eReporting breaches and incidents\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eAny time you suspect that PII or PHI has been used or shared in an unauthorized manner, report the incident to the CMS Information Technology Service Desk.\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003ePhone:\u0026nbsp;\u003cstrong\u003e410-786-2580\u003c/strong\u003e or\u0026nbsp;\u003cstrong\u003e800-562-1963\u003c/strong\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003eEmail:\u0026nbsp;\u003ca href=\"mailto:CMS_IT_Service_Desk@cms.hhs.gov\"\u003eCMS_IT_Service_Desk@cms.hhs.gov\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003ca href=\"https://security.cms.gov/policy-guidance/cms-breach-response-handbook#reporting-incidents-and-breaches\"\u003eCMS Breach Response Handbook\u003c/a\u003e is a comprehensive guide to breaches and incidents, with more information about each kind, how to report them, and what happens next.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eWatch out for phishing\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003ePhishing by email or text message is one of the most popular social engineering attacks.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003ePhishers typically pretend to be a person or business familiar to you. They use a sense of urgency to hijack your normal desire to be helpful. Their goal is to get you to reveal sensitive information, or to click on a file or link that could introduce malware or ransomware to the CMS network.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eMore guidance on phishing can be found\u0026nbsp;\u003ca href=\"https://cms-lms.usalearning.net/course/view.php?id=13\"\u003ehere in the CBT/LMS\u003c/a\u003e (CMS login required).\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003ePassword security\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eWhen setting up login credentials for CMS accounts (such as your 4-character CMS user ID), use the most secure passwords you can. The stronger and longer your password is, the better.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eCreate complex passwords using a combination of uppercase and lowercase letters, numbers, and special characters. Avoid easily guessable information and use unique passwords for each account.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eNever reuse your CMS password.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eFor policy guidance on setting up passwords for CMS systems, see\u0026nbsp;\u003ca href=\"https://security.cms.gov/learn/password-requirements\"\u003ePassword Requirements\u003c/a\u003e.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eCMS email accounts\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eYour CMS email is a business email address, provided to you for business use only.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eDo not use your CMS email address for shopping, entertainment, or other personal websites. Use a personal email address for personal use.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eUsing your CMS email address for non-business purposes adds risk, cost, and difficulty to maintaining cybersecurity at CMS.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eBeware free public WiFi\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eDo not use \"free\" public WiFi networks in places like airports or restaurants for CMS business.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eThey are often fake networks run by hackers. When you log in to one, bad actors get access to your personal data and CMS information.\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eProtect your hardware and workspace\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eProtect CMS systems and information by securing your computer and mobile devices when you're not using them. Set your devices and screens to automatically lock after a few minutes of inactivity. Dont leave devices unattended unless they are in a secure space, such as a closed office or your home.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eSafeguard your home workspace. Be aware of windows that could provide a way for someone to glimpse CMS sensitive information. Keep your home locked when you leave.\u0026nbsp;\u003c/p\u003e\u003ch3\u003e\u003cstrong\u003eRules for foreign travel\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eDo not take CMS computers, cell phones, and other equipment furnished by the government with you on personal foreign travel.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIt is not permitted to access CMS information systems on personal foreign travel. This includes use of a virtual desktop application.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003eIf you will need to access CMS systems during approved, official travel, contact the CMS International Travel Team via email:\u0026nbsp;international@cms.hhs.gov.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eStart this process in advance (10 or more days before you depart) so you can complete all requirements.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003ch2 dir=\"ltr\"\u003e\u003cstrong\u003eLevel up your security expertise\u003c/strong\u003e\u003c/h2\u003e\u003cp dir=\"ltr\"\u003eYou have access to many government and industry resources beyond what CMS provides in the CBT/LMS. You can take courses, strengthen your skills, earn continuing education units, and even earn professional certifications. Cybersecurity training resources are outlined below.\u0026nbsp;\u0026nbsp;\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eHHS training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003cstrong\u003eDepartment of Health and Human Services (HHS)\u003c/strong\u003e\u0026nbsp;\u003cstrong\u003eLearning Portal\u003c/strong\u003e provides many professional development courses, including cybersecurity certification preparatory training and continuing education unit (CEUs). To access these courses:\u003c/p\u003e\u003cul\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eFederal government employees:\u003c/strong\u003e Log in to the\u0026nbsp;\u003ca href=\"https://ams.hhs.gov/amsLogin/SimpleLogin.jsp\"\u003eHHS Learning Portal\u003c/a\u003e\u003c/li\u003e\u003cli dir=\"ltr\"\u003e\u003cstrong\u003eContractors:\u003c/strong\u003e Email the Training and Awareness Team at\u0026nbsp;\u003ca href=\"https://cybergeek-epsilon.batcave-ispg-nonprod.internal.cms.gov/policy-guidance/CMSISPGTrainers@cms.hhs.gov\"\u003eCMSISPGTrainers@cms.hhs.gov\u003c/a\u003e. Include your name, the class you want to attend, and contact information for your approving government supervisor.\u003c/li\u003e\u003c/ul\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eCISA training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003e\u003cstrong\u003eCybersecurity and Infrastructure Security Agency (CISA)\u003c/strong\u003e offers training for federal employees, private-sector cybersecurity professionals, critical infrastructure operators, educational partners, and the general public.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://www.cisa.gov/topics/cybersecurity-best-practices/cybersecurity-education-career-development\"\u003eExplore CISA training opportunities\u003c/a\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eNICCS training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003cstrong\u003eNational Initiative for Cybersecurity Careers and Studies (NICCS)\u003c/strong\u003e helps people find cybersecurity education and training to advance their careers and close skill gaps across the workforce.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://niccs.cisa.gov/\"\u003eExplore NICCS training opportunities\u003c/a\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eFedVTE training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eThe\u0026nbsp;\u003cstrong\u003eFederal Virtual Training Environment (FedVTE)\u003c/strong\u003e provides free online cybersecurity training to federal, state, local, tribal, and territorial government employees, federal contractors, and US military veterans.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eCMS employees and contractors interested in FedVTE training will need to get an account to login and prior approval from their supervisor.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://fedvte.usalearning.gov/\"\u003eSee FedVTE training\u003c/a\u003e for the full catalog of program offerings.\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eAWS training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eAmazon Web Services (AWS) training and resources are available for you to learn more about cloud services, developer tools, machine learning, and system architecture.\u003c/p\u003e\u003cp dir=\"ltr\"\u003ePrior supervisor approval is required to complete AWS training. Free training resources are available to anyone at CMS; prior supervisor approval is required for paid AWS training.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://aws.amazon.com/training/\"\u003eSee AWS training\u003c/a\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eSplunk training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eCMS developers use Splunk to monitor and interpret security data. Splunk offers resources and training to help you get a handle on your systems data.\u003c/p\u003e\u003cp dir=\"ltr\"\u003ePrior supervisor approval is required for Splunks paid training.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://www.splunk.com/en_us/training.html\"\u003eSee Splunk training\u003c/a\u003e\u003c/p\u003e\u003ch3 dir=\"ltr\"\u003e\u003cstrong\u003eFortinet training\u003c/strong\u003e\u003c/h3\u003e\u003cp dir=\"ltr\"\u003eFortinets training program includes self-paced and instructor-led courses, as well as practical, experiential exercises that demonstrate mastery of complex network security concepts.\u003c/p\u003e\u003cp dir=\"ltr\"\u003eFortinet training offers a number of certification levels.\u0026nbsp;\u003c/p\u003e\u003cp dir=\"ltr\"\u003ePrior supervisor approval is required.\u003c/p\u003e\u003cp dir=\"ltr\"\u003e\u003ca href=\"https://www.fortinet.com/training/cybersecurity-professionals\"\u003eSee Fortinet training\u003c/a\u003e\u003c/p\u003e"])</script><script>self.__next_f.push([1,"1c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/ab4b0312-f678-40b9-ae06-79025f52ff43\"}\n1b:{\"self\":\"$1c\"}\n1f:[\"menu_ui\",\"scheduler\"]\n1e:{\"module\":\"$1f\"}\n22:[]\n21:{\"available_menus\":\"$22\",\"parent\":\"\"}\n23:{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}\n20:{\"menu_ui\":\"$21\",\"scheduler\":\"$23\"}\n1d:{\"langcode\":\"en\",\"status\":true,\"dependencies\":\"$1e\",\"third_party_settings\":\"$20\",\"name\":\"Library page\",\"drupal_internal__type\":\"library\",\"description\":\"Use \u003ci\u003eLibrary pages\u003c/i\u003e to publish CMS Security and Privacy Handbooks or other long-form policy and guidance documents.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}\n1a:{\"type\":\"node_type--node_type\",\"id\":\"ab4b0312-f678-40b9-ae06-79025f52ff43\",\"links\":\"$1b\",\"attributes\":\"$1d\"}\n26:{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/e352e203-fe9c-47ba-af75-2c7f8302fca8\"}\n25:{\"self\":\"$26\"}\n27:{\"display_name\":\"mburgess\"}\n24:{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"links\":\"$25\",\"attributes\":\"$27\"}\n2a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e?resourceVersion=id%3A91\"}\n29:{\"self\":\"$2a\"}\n2c:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n2b:{\"drupal_internal__tid\":91,\"drupal_internal__revision_id\":91,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:10:37+00:00\",\"status\":true,\"name\":\"Handbooks\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$2c\"}\n30:{\"drupal_internal__target_id\":\"resource_type\"}\n2f:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":\"$30\"}\n32:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_typ"])</script><script>self.__next_f.push([1,"e/e3394b9a-cbff-4bad-b68e-c6fad326132e/vid?resourceVersion=id%3A91\"}\n33:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/vid?resourceVersion=id%3A91\"}\n31:{\"related\":\"$32\",\"self\":\"$33\"}\n2e:{\"data\":\"$2f\",\"links\":\"$31\"}\n36:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/revision_user?resourceVersion=id%3A91\"}\n37:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/revision_user?resourceVersion=id%3A91\"}\n35:{\"related\":\"$36\",\"self\":\"$37\"}\n34:{\"data\":null,\"links\":\"$35\"}\n3e:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n3d:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$3e\"}\n3c:{\"help\":\"$3d\"}\n3b:{\"links\":\"$3c\"}\n3a:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":\"$3b\"}\n39:[\"$3a\"]\n40:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/parent?resourceVersion=id%3A91\"}\n41:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/parent?resourceVersion=id%3A91\"}\n3f:{\"related\":\"$40\",\"self\":\"$41\"}\n38:{\"data\":\"$39\",\"links\":\"$3f\"}\n2d:{\"vid\":\"$2e\",\"revision_user\":\"$34\",\"parent\":\"$38\"}\n28:{\"type\":\"taxonomy_term--resource_type\",\"id\":\"e3394b9a-cbff-4bad-b68e-c6fad326132e\",\"links\":\"$29\",\"attributes\":\"$2b\",\"relationships\":\"$2d\"}\n44:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}\n43:{\"self\":\"$44\"}\n46:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n45:{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$46\"}\n4a:{\"drupal_inter"])</script><script>self.__next_f.push([1,"nal__target_id\":\"roles\"}\n49:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$4a\"}\n4c:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"}\n4d:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}\n4b:{\"related\":\"$4c\",\"self\":\"$4d\"}\n48:{\"data\":\"$49\",\"links\":\"$4b\"}\n50:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"}\n51:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}\n4f:{\"related\":\"$50\",\"self\":\"$51\"}\n4e:{\"data\":null,\"links\":\"$4f\"}\n58:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n57:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$58\"}\n56:{\"help\":\"$57\"}\n55:{\"links\":\"$56\"}\n54:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$55\"}\n53:[\"$54\"]\n5a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"}\n5b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}\n59:{\"related\":\"$5a\",\"self\":\"$5b\"}\n52:{\"data\":\"$53\",\"links\":\"$59\"}\n47:{\"vid\":\"$48\",\"revision_user\":\"$4e\",\"parent\":\"$52\"}\n42:{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":\"$43\",\"attributes\":\"$45\",\"relationships\":\"$47\"}\n5e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26?resourceVersion=id%3A81\"}\n5d:{\"self\":\"$5e\"}\n60:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n5f:{\"drupal_internal__tid\":81,\"drupal_internal__revision_id\":81,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:09:11+00:00\",\"status\":true,\"name\":\"Data Guardian\",\"description\":null,\"weight"])</script><script>self.__next_f.push([1,"\":0,\"changed\":\"2022-08-02T23:09:11+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$60\"}\n64:{\"drupal_internal__target_id\":\"roles\"}\n63:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$64\"}\n66:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/vid?resourceVersion=id%3A81\"}\n67:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/vid?resourceVersion=id%3A81\"}\n65:{\"related\":\"$66\",\"self\":\"$67\"}\n62:{\"data\":\"$63\",\"links\":\"$65\"}\n6a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/revision_user?resourceVersion=id%3A81\"}\n6b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/revision_user?resourceVersion=id%3A81\"}\n69:{\"related\":\"$6a\",\"self\":\"$6b\"}\n68:{\"data\":null,\"links\":\"$69\"}\n72:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n71:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$72\"}\n70:{\"help\":\"$71\"}\n6f:{\"links\":\"$70\"}\n6e:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$6f\"}\n6d:[\"$6e\"]\n74:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/parent?resourceVersion=id%3A81\"}\n75:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/parent?resourceVersion=id%3A81\"}\n73:{\"related\":\"$74\",\"self\":\"$75\"}\n6c:{\"data\":\"$6d\",\"links\":\"$73\"}\n61:{\"vid\":\"$62\",\"revision_user\":\"$68\",\"parent\":\"$6c\"}\n5c:{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"links\":\"$5d\",\"attributes\":\"$5f\",\"relationships\":\"$61\"}\n78:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}\n77:{\"self\":\"$78\"}\n7a:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n79:{\"drupal_internal__tid\":61,\"drupal_internal__revision"])</script><script>self.__next_f.push([1,"_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$7a\"}\n7e:{\"drupal_internal__target_id\":\"roles\"}\n7d:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$7e\"}\n80:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"}\n81:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}\n7f:{\"related\":\"$80\",\"self\":\"$81\"}\n7c:{\"data\":\"$7d\",\"links\":\"$7f\"}\n84:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"}\n85:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}\n83:{\"related\":\"$84\",\"self\":\"$85\"}\n82:{\"data\":null,\"links\":\"$83\"}\n8c:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\n8b:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$8c\"}\n8a:{\"help\":\"$8b\"}\n89:{\"links\":\"$8a\"}\n88:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$89\"}\n87:[\"$88\"]\n8e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"}\n8f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}\n8d:{\"related\":\"$8e\",\"self\":\"$8f\"}\n86:{\"data\":\"$87\",\"links\":\"$8d\"}\n7b:{\"vid\":\"$7c\",\"revision_user\":\"$82\",\"parent\":\"$86\"}\n76:{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":\"$77\",\"attributes\":\"$79\",\"relationships\":\"$7b\"}\n92:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-"])</script><script>self.__next_f.push([1,"af66-7998a3329f34?resourceVersion=id%3A76\"}\n91:{\"self\":\"$92\"}\n94:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\n93:{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$94\"}\n98:{\"drupal_internal__target_id\":\"roles\"}\n97:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$98\"}\n9a:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"}\n9b:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}\n99:{\"related\":\"$9a\",\"self\":\"$9b\"}\n96:{\"data\":\"$97\",\"links\":\"$99\"}\n9e:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"}\n9f:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}\n9d:{\"related\":\"$9e\",\"self\":\"$9f\"}\n9c:{\"data\":null,\"links\":\"$9d\"}\na6:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\na5:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$a6\"}\na4:{\"help\":\"$a5\"}\na3:{\"links\":\"$a4\"}\na2:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$a3\"}\na1:[\"$a2\"]\na8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"}\na9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}\na7:{\"related\":\"$a8\",\"self\":\"$a9\"}\na0:{\"data\":\"$a1\",\"links\":\"$a7\"}\n95:{\"vid\":\"$96\",\"revision_user\":\"$9c\",\"parent\":\"$a0\"}\n90:{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f3"])</script><script>self.__next_f.push([1,"4\",\"links\":\"$91\",\"attributes\":\"$93\",\"relationships\":\"$95\"}\nac:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e?resourceVersion=id%3A71\"}\nab:{\"self\":\"$ac\"}\nae:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\nad:{\"drupal_internal__tid\":71,\"drupal_internal__revision_id\":71,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:42+00:00\",\"status\":true,\"name\":\"System Teams\",\"description\":null,\"weight\":0,\"changed\":\"2024-08-02T21:29:47+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$ae\"}\nb2:{\"drupal_internal__target_id\":\"roles\"}\nb1:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":\"$b2\"}\nb4:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/vid?resourceVersion=id%3A71\"}\nb5:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/vid?resourceVersion=id%3A71\"}\nb3:{\"related\":\"$b4\",\"self\":\"$b5\"}\nb0:{\"data\":\"$b1\",\"links\":\"$b3\"}\nb8:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/revision_user?resourceVersion=id%3A71\"}\nb9:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/revision_user?resourceVersion=id%3A71\"}\nb7:{\"related\":\"$b8\",\"self\":\"$b9\"}\nb6:{\"data\":null,\"links\":\"$b7\"}\nc0:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\nbf:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$c0\"}\nbe:{\"help\":\"$bf\"}\nbd:{\"links\":\"$be\"}\nbc:{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":\"$bd\"}\nbb:[\"$bc\"]\nc2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/parent?resourceVersion=id%3A71\"}\nc3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/parent?resourceVersion=id%3A71\"}\nc1:{\"related\":\"$c2\",\"self\":\"$c3\"}\nba:{\"data\":\"$bb\",\"links\":\"$c"])</script><script>self.__next_f.push([1,"1\"}\naf:{\"vid\":\"$b0\",\"revision_user\":\"$b6\",\"parent\":\"$ba\"}\naa:{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"links\":\"$ab\",\"attributes\":\"$ad\",\"relationships\":\"$af\"}\nc6:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d?resourceVersion=id%3A56\"}\nc5:{\"self\":\"$c6\"}\nc8:{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}\nc7:{\"drupal_internal__tid\":56,\"drupal_internal__revision_id\":56,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:06:35+00:00\",\"status\":true,\"name\":\"Training \u0026 Awareness\",\"description\":null,\"weight\":8,\"changed\":\"2024-06-14T17:38:33+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":\"$c8\"}\ncc:{\"drupal_internal__target_id\":\"topics\"}\ncb:{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":\"$cc\"}\nce:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/vid?resourceVersion=id%3A56\"}\ncf:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/relationships/vid?resourceVersion=id%3A56\"}\ncd:{\"related\":\"$ce\",\"self\":\"$cf\"}\nca:{\"data\":\"$cb\",\"links\":\"$cd\"}\nd2:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/revision_user?resourceVersion=id%3A56\"}\nd3:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/relationships/revision_user?resourceVersion=id%3A56\"}\nd1:{\"related\":\"$d2\",\"self\":\"$d3\"}\nd0:{\"data\":null,\"links\":\"$d1\"}\nda:{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}\nd9:{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":\"$da\"}\nd8:{\"help\":\"$d9\"}\nd7:{\"links\":\"$d8\"}\nd6:{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":\"$d7\"}\nd5:[\"$d6\"]\ndc:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/parent?resourceVersion=id%3A56\"}\ndd:{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/top"])</script><script>self.__next_f.push([1,"ics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/relationships/parent?resourceVersion=id%3A56\"}\ndb:{\"related\":\"$dc\",\"self\":\"$dd\"}\nd4:{\"data\":\"$d5\",\"links\":\"$db\"}\nc9:{\"vid\":\"$ca\",\"revision_user\":\"$d0\",\"parent\":\"$d4\"}\nc4:{\"type\":\"taxonomy_term--topics\",\"id\":\"8b8ffea0-3b0b-404d-8442-7f3a4602482d\",\"links\":\"$c5\",\"attributes\":\"$c7\",\"relationships\":\"$c9\"}\n"])</script><script>self.__next_f.push([1,"5:[\"$\",\"$L17\",null,{\"content\":{\"data\":{\"type\":\"node--library\",\"id\":\"50d570c9-e761-4e35-b182-a2d216e21a28\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28?resourceVersion=id%3A5937\"}},\"attributes\":{\"drupal_internal__nid\":1195,\"drupal_internal__vid\":5937,\"langcode\":\"en\",\"revision_timestamp\":\"2024-10-04T00:46:12+00:00\",\"status\":true,\"title\":\"CMS Cybersecurity and Privacy Training Handbook\",\"created\":\"2024-05-29T22:33:28+00:00\",\"changed\":\"2024-10-04T00:46:12+00:00\",\"promote\":false,\"sticky\":false,\"default_langcode\":true,\"revision_translation_affected\":true,\"moderation_state\":\"published\",\"path\":{\"alias\":\"/policy-guidance/cms-cybersecurity-and-privacy-handbook\",\"pid\":1212,\"langcode\":\"en\"},\"rh_action\":null,\"rh_redirect\":null,\"rh_redirect_response\":null,\"rh_redirect_fallback_action\":null,\"publish_on\":null,\"unpublish_on\":null,\"body\":{\"value\":\"$18\",\"format\":\"body_text\",\"processed\":\"$19\",\"summary\":\"\"},\"field_contact_email\":\"CMSISPGTrainers@cms.hhs.gov\",\"field_contact_name\":\"Training \u0026 Awareness team\",\"field_last_reviewed\":\"2024-07-15\",\"field_related_resources\":[{\"uri\":\"https://cms-lms.usalearning.net/\",\"title\":\"Cybersecurity training in the CBT/LMS (login required)\",\"options\":[],\"url\":\"https://cms-lms.usalearning.net/\"},{\"uri\":\"https://www.youtube.com/watch?v=axPj2GVZZD4\",\"title\":\"Video demo: How to take ISSPA training\",\"options\":[],\"url\":\"https://www.youtube.com/watch?v=axPj2GVZZD4\"},{\"uri\":\"entity:node/1149\",\"title\":\"CMS CyberWorks (annual cybersecurity event)\",\"options\":[],\"url\":\"/learn/cms-cyberworks\"}],\"field_short_description\":{\"value\":\"Find the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe\",\"format\":\"plain_text\",\"processed\":\"\u003cp\u003eFind the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe\u003c/p\u003e\\n\"}},\"relationships\":{\"node_type\":{\"data\":{\"type\":\"node_type--node_type\",\"id\":\"ab4b0312-f678-40b9-ae06-79025f52ff43\",\"meta\":{\"drupal_internal__target_id\":\"library\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/node_type?resourceVersion=id%3A5937\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/relationships/node_type?resourceVersion=id%3A5937\"}}},\"revision_uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/revision_uid?resourceVersion=id%3A5937\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/relationships/revision_uid?resourceVersion=id%3A5937\"}}},\"uid\":{\"data\":{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"meta\":{\"drupal_internal__target_id\":6}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/uid?resourceVersion=id%3A5937\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/relationships/uid?resourceVersion=id%3A5937\"}}},\"field_resource_type\":{\"data\":{\"type\":\"taxonomy_term--resource_type\",\"id\":\"e3394b9a-cbff-4bad-b68e-c6fad326132e\",\"meta\":{\"drupal_internal__target_id\":91}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/field_resource_type?resourceVersion=id%3A5937\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/relationships/field_resource_type?resourceVersion=id%3A5937\"}}},\"field_roles\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"meta\":{\"drupal_internal__target_id\":66}},{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"meta\":{\"drupal_internal__target_id\":81}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"meta\":{\"drupal_internal__target_id\":61}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"meta\":{\"drupal_internal__target_id\":76}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"meta\":{\"drupal_internal__target_id\":71}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/field_roles?resourceVersion=id%3A5937\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/relationships/field_roles?resourceVersion=id%3A5937\"}}},\"field_topics\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"8b8ffea0-3b0b-404d-8442-7f3a4602482d\",\"meta\":{\"drupal_internal__target_id\":56}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/field_topics?resourceVersion=id%3A5937\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node/library/50d570c9-e761-4e35-b182-a2d216e21a28/relationships/field_topics?resourceVersion=id%3A5937\"}}}}},\"included\":[{\"type\":\"node_type--node_type\",\"id\":\"ab4b0312-f678-40b9-ae06-79025f52ff43\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/node_type/node_type/ab4b0312-f678-40b9-ae06-79025f52ff43\"}},\"attributes\":{\"langcode\":\"en\",\"status\":true,\"dependencies\":{\"module\":[\"menu_ui\",\"scheduler\"]},\"third_party_settings\":{\"menu_ui\":{\"available_menus\":[],\"parent\":\"\"},\"scheduler\":{\"expand_fieldset\":\"when_required\",\"fields_display_mode\":\"vertical_tab\",\"publish_enable\":false,\"publish_past_date\":\"error\",\"publish_past_date_created\":false,\"publish_required\":false,\"publish_revision\":false,\"publish_touch\":false,\"show_message_after_update\":true,\"unpublish_enable\":false,\"unpublish_required\":false,\"unpublish_revision\":false}},\"name\":\"Library page\",\"drupal_internal__type\":\"library\",\"description\":\"Use \u003ci\u003eLibrary pages\u003c/i\u003e to publish CMS Security and Privacy Handbooks or other long-form policy and guidance documents.\",\"help\":null,\"new_revision\":true,\"preview_mode\":1,\"display_submitted\":true}},{\"type\":\"user--user\",\"id\":\"e352e203-fe9c-47ba-af75-2c7f8302fca8\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/user/user/e352e203-fe9c-47ba-af75-2c7f8302fca8\"}},\"attributes\":{\"display_name\":\"mburgess\"}},{\"type\":\"taxonomy_term--resource_type\",\"id\":\"e3394b9a-cbff-4bad-b68e-c6fad326132e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e?resourceVersion=id%3A91\"}},\"attributes\":{\"drupal_internal__tid\":91,\"drupal_internal__revision_id\":91,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:10:37+00:00\",\"status\":true,\"name\":\"Handbooks\",\"description\":null,\"weight\":3,\"changed\":\"2023-03-10T19:04:03+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"3a0127c4-ee06-41ed-8239-f796f6d78eb3\",\"meta\":{\"drupal_internal__target_id\":\"resource_type\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/vid?resourceVersion=id%3A91\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/vid?resourceVersion=id%3A91\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/revision_user?resourceVersion=id%3A91\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/revision_user?resourceVersion=id%3A91\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--resource_type\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/parent?resourceVersion=id%3A91\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/resource_type/e3394b9a-cbff-4bad-b68e-c6fad326132e/relationships/parent?resourceVersion=id%3A91\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"9d999ae3-b43c-45fb-973e-dffe50c27da5\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5?resourceVersion=id%3A66\"}},\"attributes\":{\"drupal_internal__tid\":66,\"drupal_internal__revision_id\":66,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:26+00:00\",\"status\":true,\"name\":\"Cyber Risk Advisor (CRA)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:26+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/vid?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/vid?resourceVersion=id%3A66\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/revision_user?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/revision_user?resourceVersion=id%3A66\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/parent?resourceVersion=id%3A66\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/9d999ae3-b43c-45fb-973e-dffe50c27da5/relationships/parent?resourceVersion=id%3A66\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26?resourceVersion=id%3A81\"}},\"attributes\":{\"drupal_internal__tid\":81,\"drupal_internal__revision_id\":81,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:09:11+00:00\",\"status\":true,\"name\":\"Data Guardian\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:09:11+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/vid?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/vid?resourceVersion=id%3A81\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/revision_user?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/revision_user?resourceVersion=id%3A81\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/parent?resourceVersion=id%3A81\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/a2b33f6a-8172-4862-9c0e-6e5076b6cf26/relationships/parent?resourceVersion=id%3A81\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab?resourceVersion=id%3A61\"}},\"attributes\":{\"drupal_internal__tid\":61,\"drupal_internal__revision_id\":61,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:12+00:00\",\"status\":true,\"name\":\"Information System Security Officer (ISSO)\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:12+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/vid?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/vid?resourceVersion=id%3A61\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/revision_user?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/revision_user?resourceVersion=id%3A61\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/parent?resourceVersion=id%3A61\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/7a18463d-b0fc-474f-8536-ad7db1b2e5ab/relationships/parent?resourceVersion=id%3A61\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"f591f442-c0b0-4b8e-af66-7998a3329f34\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34?resourceVersion=id%3A76\"}},\"attributes\":{\"drupal_internal__tid\":76,\"drupal_internal__revision_id\":76,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:55+00:00\",\"status\":true,\"name\":\"System / Business Owner\",\"description\":null,\"weight\":0,\"changed\":\"2022-08-02T23:08:55+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/vid?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/vid?resourceVersion=id%3A76\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/revision_user?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/revision_user?resourceVersion=id%3A76\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/parent?resourceVersion=id%3A76\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/f591f442-c0b0-4b8e-af66-7998a3329f34/relationships/parent?resourceVersion=id%3A76\"}}}}},{\"type\":\"taxonomy_term--roles\",\"id\":\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e?resourceVersion=id%3A71\"}},\"attributes\":{\"drupal_internal__tid\":71,\"drupal_internal__revision_id\":71,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:08:42+00:00\",\"status\":true,\"name\":\"System Teams\",\"description\":null,\"weight\":0,\"changed\":\"2024-08-02T21:29:47+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"a89af840-d1f0-4a08-9f15-7b1cb71c3e35\",\"meta\":{\"drupal_internal__target_id\":\"roles\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/vid?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/vid?resourceVersion=id%3A71\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/revision_user?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/revision_user?resourceVersion=id%3A71\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--roles\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/parent?resourceVersion=id%3A71\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/roles/feb4e85d-429e-48b0-92f0-3d2da2c5056e/relationships/parent?resourceVersion=id%3A71\"}}}}},{\"type\":\"taxonomy_term--topics\",\"id\":\"8b8ffea0-3b0b-404d-8442-7f3a4602482d\",\"links\":{\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d?resourceVersion=id%3A56\"}},\"attributes\":{\"drupal_internal__tid\":56,\"drupal_internal__revision_id\":56,\"langcode\":\"en\",\"revision_created\":\"2022-08-02T23:06:35+00:00\",\"status\":true,\"name\":\"Training \u0026 Awareness\",\"description\":null,\"weight\":8,\"changed\":\"2024-06-14T17:38:33+00:00\",\"default_langcode\":true,\"revision_translation_affected\":true,\"path\":{\"alias\":null,\"pid\":null,\"langcode\":\"en\"}},\"relationships\":{\"vid\":{\"data\":{\"type\":\"taxonomy_vocabulary--taxonomy_vocabulary\",\"id\":\"73f89dec-123f-4c8c-9a97-d025a2b0e5cf\",\"meta\":{\"drupal_internal__target_id\":\"topics\"}},\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/vid?resourceVersion=id%3A56\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/relationships/vid?resourceVersion=id%3A56\"}}},\"revision_user\":{\"data\":null,\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/revision_user?resourceVersion=id%3A56\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/relationships/revision_user?resourceVersion=id%3A56\"}}},\"parent\":{\"data\":[{\"type\":\"taxonomy_term--topics\",\"id\":\"virtual\",\"meta\":{\"links\":{\"help\":{\"href\":\"https://www.drupal.org/docs/8/modules/json-api/core-concepts#virtual\",\"meta\":{\"about\":\"Usage and meaning of the 'virtual' resource identifier.\"}}}}}],\"links\":{\"related\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/parent?resourceVersion=id%3A56\"},\"self\":{\"href\":\"https://cybergeek.cms.gov/jsonapi/taxonomy_term/topics/8b8ffea0-3b0b-404d-8442-7f3a4602482d/relationships/parent?resourceVersion=id%3A56\"}}}}}],\"includedMap\":{\"ab4b0312-f678-40b9-ae06-79025f52ff43\":\"$1a\",\"e352e203-fe9c-47ba-af75-2c7f8302fca8\":\"$24\",\"e3394b9a-cbff-4bad-b68e-c6fad326132e\":\"$28\",\"9d999ae3-b43c-45fb-973e-dffe50c27da5\":\"$42\",\"a2b33f6a-8172-4862-9c0e-6e5076b6cf26\":\"$5c\",\"7a18463d-b0fc-474f-8536-ad7db1b2e5ab\":\"$76\",\"f591f442-c0b0-4b8e-af66-7998a3329f34\":\"$90\",\"feb4e85d-429e-48b0-92f0-3d2da2c5056e\":\"$aa\",\"8b8ffea0-3b0b-404d-8442-7f3a4602482d\":\"$c4\"}}}]\n"])</script><script>self.__next_f.push([1,"a:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"CMS Cybersecurity and Privacy Training Handbook | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"Find the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe\"}],[\"$\",\"link\",\"4\",{\"rel\":\"canonical\",\"href\":\"https://security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook\"}],[\"$\",\"meta\",\"5\",{\"name\":\"google-site-verification\",\"content\":\"GMZIwBDJgz_o_JYUB2GpJazkrs7P85BaWDsoCjxF32M\"}],[\"$\",\"meta\",\"6\",{\"property\":\"og:title\",\"content\":\"CMS Cybersecurity and Privacy Training Handbook | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"7\",{\"property\":\"og:description\",\"content\":\"Find the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe\"}],[\"$\",\"meta\",\"8\",{\"property\":\"og:url\",\"content\":\"https://security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook\"}],[\"$\",\"meta\",\"9\",{\"property\":\"og:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"10\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"11\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"12\",{\"property\":\"og:image\",\"content\":\"https://security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook/opengraph-image.jpg?a856d5522b751df7\"}],[\"$\",\"meta\",\"13\",{\"property\":\"og:type\",\"content\":\"website\"}],[\"$\",\"meta\",\"14\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"15\",{\"name\":\"twitter:title\",\"content\":\"CMS Cybersecurity and Privacy Training Handbook | CMS Information Security \u0026 Privacy Group\"}],[\"$\",\"meta\",\"16\",{\"name\":\"twitter:description\",\"content\":\"Find the right cybersecurity training for your role, and learn how to do your part to keep CMS systems secure and safe\"}],[\"$\",\"meta\",\"17\",{\"name\":\"twitter:image:type\",\"content\":\"image/jpeg\"}],[\"$\",\"meta\",\"18\",{\"name\":\"twitter:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"19\",{\"name\":\"twitter:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"20\",{\"name\":\"twitter:image\",\"content\":\"https://security.cms.gov/policy-guidance/cms-cybersecurity-and-privacy-handbook/opengraph-image.jpg?a856d5522b751df7\"}],[\"$\",\"link\",\"21\",{\"rel\":\"icon\",\"href\":\"/favicon.ico\",\"type\":\"image/x-icon\",\"sizes\":\"48x48\"}]]\n"])</script><script>self.__next_f.push([1,"4:null\n"])</script></body></html>
Reference in a new issue View git blame Copy permalink