Chief Information Security Officer

The person in charge of information security within the enterprise

The person in an organization responsible for: • Developing and implementing an information system security training and orientation program in accordance with FISMA requirements; • Developing, evaluating and providing information about the CMS Information Security (IS) Program, and communicating CMS IS Program requirements and concerns to CMS management and personnel; • Ensuring that System Security Plans (SSPs) are developed, reviewed, implemented, and revised; • Maintaining documentation used to establish systems security level designations for all SSPs within CMS; • Ensuring that IS Risk Assessments (RAs) are developed, reviewed, and implemented for the SSP process; • Providing leadership & participating in IS incident response and reporting IS incidents in accordance with reporting procedures developed and implemented by Federal mandates, DHHS, and CMS; • Mediating and resolving systems security issues that arise between two CMS organizations, CMS and other federal organizations, or CMS and States or contractors; • Assuring that CMS business Component Information System Security Officers (ISSOs) are appointed and trained; • Assisting CMS business Component ISSOs in developing local systems security; and • Researching state-of-the-art systems security technology and disseminating information material in a timely fashion.