Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
The Centers for Medicare & Medicaid Services (CMS) Information Security Acceptable Risk Safeguards (ARS), CMS Minimum Security Requirements (CMSR) contain a broad set of required security standards based upon the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Revision 3, Security and Privacy Controls for Federal Information Systems and Organizations, dated April 2013, as well as additional standards based on CMS policies, procedures, and guidance, other federal and non-federal guidance resources and industry leading security practices.
It is also important to note that the ARS does not address specific business-process requirements that ensure business requirements are fulfilled. The goal of the CMSRs is to provide a baseline of minimal internal/external information security and privacy assurance controls. It is the responsibility of the Business Owner of CMS systems, with direction provided by the Office of Information Services (OIS), to ensure that all applicable internal/external information security and privacy assurance controls are incorporated into CMS systems. Business Owners must document and certify the incorporated controls in their respective security plan and identify any risks in the corresponding risk assessment for their system.
Download Solution Brief
Protecting and ensuring the confidentiality, integrity, and availability (CIA) for all of CMS’ information and information systems is the primary purpose of the information security and privacy assurance program. The ARS complies with the CMS Policy for the Information Security and Privacy and the CMS Policy for the Information Security and Privacy Program1 by providing a defense-in-depth security structure along with a least-privilege, need-to-know basis for all information access.
The CMSRs within the ARS are not intended to be an all-inclusive list of security controls nor are they intended to replace a Business Owner’s due diligence to incorporate additional controls to mitigate risk.
All CMS employees, contractors, sub-contractors, and their respective facilities supporting CMS business missions and performing work on behalf of CMS shall observe the baseline policy statements described in the CMS Policy for the Information Security and Privacy Program and the complementary controls defined in the ARS as the minimum security requirements for all CMS information and information systems.
Requirement: Establish a process to determine, based on a risk assessment and CMS mission/business needs, that the information system is capable of auditing the events specified in “Implementation”.
Requirement: The information system generates audit records containing information that establishes what type of event occurred, when the event occurred, where the event occurred, the source of the event, the outcome of the event, and the identity of any individuals or subjects associated with the event.
Solution: EventTracker system collects audit records containing information that establishes:
Requirement: The information system protects audit information and audit tools from unauthorized access, modification, and deletion.
Solution: EventTracker protects audit information and audit tools from unauthorized:
Requirement: Monitor the information system.
Solution: EventTracker monitors and collects all events from all IDS devices at network perimeter points and host-based IDS sensors on critical servers.
Our managed platform approach to cybersecurity gives you unmatched flexibility and scalability. Check out our Solution Advisor Wizard to customize a managed threat protection solution that fits your business needs.
Solution Advisor Wizard
Talk to one of our experts about your cybersecurity needs and find out how Netsurion can help you solve them.