-
Notifications
You must be signed in to change notification settings - Fork 3
/
tools.html
313 lines (267 loc) · 15.6 KB
/
tools.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title>Planning for ATO at CMS</title>
<script src="assets/uswds-2.11.1/js/uswds-init.min.js"></script>
<link rel="stylesheet" href="assets/uswds-2.11.1/css/uswds.min.css" />
<meta http-equiv="refresh" content="10;url=https://security.cms.gov/learn/authorization-operate-ato"/>
</head>
<body>
<script src="assets/uswds-2.11.1/js/uswds.min.js"></script>
<a class="usa-skipnav" href="#main-content">Skip to main content</a>
<!--
<section class="usa-banner" aria-label="Official government website">
<div class="usa-accordion">
<header class="usa-banner__header">
<div class="usa-banner__inner">
<div class="grid-col-auto">
<img class="usa-banner__header-flag" src="assets/img/uswds-2.11.1/us_flag_small.png" alt="U.S. flag">
</div>
<div class="grid-col-fill tablet:grid-col-auto">
<p class="usa-banner__header-text">An official website of the United States government</p>
<p class="usa-banner__header-action" aria-hidden="true">Here’s how you know</p>
</div>
<button class="usa-accordion__button usa-banner__button"
aria-expanded="false" aria-controls="gov-banner">
<span class="usa-banner__button-text">Here’s how you know</span>
</button>
</div>
</header>
<div class="usa-banner__content usa-accordion__content" id="gov-banner">
<div class="grid-row grid-gap-lg">
<div class="usa-banner__guidance tablet:grid-col-6">
<img class="usa-banner__icon usa-media-block__img" src="assets/img/uswds-2.11.1/icon-dot-gov.svg" role="img" alt="" aria-hidden="true">
<div class="usa-media-block__body">
<p>
<strong>
Official websites use .gov
</strong>
<br/>
A <strong>.gov</strong> website belongs to an official government organization in the United States.
</p>
</div>
</div>
<div class="usa-banner__guidance tablet:grid-col-6">
<img class="usa-banner__icon usa-media-block__img" src="assets/img/uswds-2.11.1/icon-https.svg" role="img" alt="" aria-hidden="true">
<div class="usa-media-block__body">
<p>
<strong>
Secure .gov websites use HTTPS
</strong>
<br/>
A <strong>lock</strong> (
<span class="icon-lock"><svg xmlns="http://www.w3.org/2000/svg" width="52" height="64" viewBox="0 0 52 64" class="usa-banner__lock-image" role="img" aria-labelledby="banner-lock-title banner-lock-description" focusable="false"><title id="banner-lock-title">Lock</title><desc id="banner-lock-description">A locked padlock</desc><path fill="#000000" fill-rule="evenodd" d="M26 0c10.493 0 19 8.507 19 19v9h3a4 4 0 0 1 4 4v28a4 4 0 0 1-4 4H4a4 4 0 0 1-4-4V32a4 4 0 0 1 4-4h3v-9C7 8.507 15.507 0 26 0zm0 8c-5.979 0-10.843 4.77-10.996 10.712L15 19v9h22v-9c0-6.075-4.925-11-11-11z"/></svg></span>
) or <strong>https://</strong> means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
</p>
</div>
</div>
</div>
</div>
</div>
</section>
-->
<div class="usa-overlay"></div>
<header class="usa-header usa-header--extended"><div class="usa-navbar">
<div class="usa-logo" id="extended-logo">
<em class="usa-logo__text"><a href="index.html" title="Home" aria-label="Home">CMS Security & Compliance Planning</a></em>
</div>
<button class="usa-menu-btn">Menu</button>
</div>
<!-- Redirection Notice -->
<section class="usa-site-alert usa-site-alert--emergency" aria-label="Site alert,">
<div class="usa-alert">
<div class="usa-alert__body">
<h3 class="usa-alert__heading">CMS ATO Notice</h3>
<p class="usa-alert__text">
CMS ATO information can now be found at <a class="usa-link" href="https://security.cms.gov">security.cms.gov</a>, along with other security and privacy resources.
</p>
<p class="usa-alert__text">
This website will be retired. You will be redirected in a moment.
</p>
</div>
</div>
</section>
<!-- End Redirection Notice -->
<nav aria-label="Primary navigation" class="usa-nav">
<div class="usa-nav__inner"><button class="usa-nav__close"><img src="assets/img/uswds-2.11.1/usa-icons/close.svg" role="img" alt="close"></button>
<ul class="usa-nav__primary usa-accordion"><li class="usa-nav__primary-item" style="display: none ">
<button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="extended-nav-section-one"><span>CMS Rapid ATO</span></button>
<ul id="extended-nav-section-one" class="usa-nav__submenu">
<li class="usa-nav__submenu-item">
<a href="rato.html" class=""> What is CMS Rapid ATO</a>
</li>
<li class="usa-nav__submenu-item">
<a href="overview.html" class=""> Background</a></ul></li>
<li class="usa-nav__primary-item">
<button class="usa-accordion__button usa-nav__link " aria-expanded="false" aria-controls="extended-nav-section-two"><span>ATO Phases</span></button>
<ul id="extended-nav-section-two" class="usa-nav__submenu">
<!-- <li class="usa-nav__submenu-item">
<a href="#" class=""> Preparation</a>
</li>-->
<li class="usa-nav__submenu-item">
<a href="overview-phases.html" class=""> Overview</a>
</li><li class="usa-nav__submenu-item">
<a href="initiate.html" class=""> Initiate</a>
</li><li class="usa-nav__submenu-item">
<a href="develop.html" class=""> Develop and Assess</a>
</li><li class="usa-nav__submenu-item">
<a href="operate.html" class=""> Operate</a>
</li>
<li class="usa-nav__submenu-item">
<a href="retire.html" class=""> Retire</a>
</li></ul></li>
<li class="usa-nav__primary-item">
<button class="usa-accordion__button usa-nav__link usa-current" aria-expanded="false" aria-controls="extended-nav-section-three"><span>Resources</span></button>
<ul id="extended-nav-section-three" class="usa-nav__submenu">
<!-- <li class="usa-nav__submenu-item">
<a href="#" class=""> Preparation</a>
</li>-->
<li class="usa-nav__submenu-item">
<a href="types.html" id="auth" class=""> Authorizations & Agreements </a>
</li>
<li class="usa-nav__submenu-item">
<a href="roles.html" class=""> Key Roles & Stakeholders</a>
</li>
<li class="usa-nav__submenu-item">
<a href="tools.html" class=""> Tools & Services </a>
</li>
</ul></li>
</ul>
</div>
</div>
</nav>
</header>
<main id="main-content">
<div class="usa-section">
<div class="grid-container">
<div class="grid-row grid-gap">
<div class="usa-layout-docs__sidenav desktop:grid-col-3">
<nav aria-label="Secondary navigation">
<ul class="usa-sidenav">
<li class="usa-sidenav__item">
<a href="types.html" class="usa-current"> Tools & Services </a><ul class="usa-sidenav__sublist">
<li class="usa-sidenav__item">
<a href="#auth">Security Automation Framework (SAF)</a>
</li><li class="usa-sidenav__item">
<a href="#cloud">CMS Cloud Services </a>
</li>
<li class="usa-sidenav__item">
<a href="#bat">BatCave </a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</nav>
</div>
<main class="usa-layout-docs__main desktop:grid-col-9 usa-prose usa-layout-docs" id="main-content">
<h1> Tools & Services </h1>
<h4 id="auth"><strong>Security Automation Framework (SAF)</strong></h4>
<p>The CMS Security Automation Framework (SAF) unites applications, techniques, libraries, and tools from the CMS Information Security and Privacy Group (ISPG) and the security community. It streamlines security automation for systems and DevOps pipelines, and the benefits of using this framework include:</p>
<ul>
<li>
<p>Providing security data to the ACT (Adaptive Capabilities Testing) team. </p>
</li>
</ul>
<p>See the <a href="https://saf.cms.gov/#/faq">SAF FAQs</a> for more on the ACT program.</p>
<ul>
<li>
<p>Helping developers minimize security defects by running validation security test early and often. It allows them to use orchestration, functional, and unit testing systems in their environments. </p>
</li>
</ul>
<p>For more information about SAF visit <a href="https://saf.cms.gov/#/">https://saf.cms.gov/#/</a>. </p>
<h4 id="cloud"><strong>CMS Cloud Services <br /></strong></h4>
<p>CMS Cloud Services provide your team with the tools, support, and services to let you focus on your mission, power our healthcare system, and serve our providers and beneficiaries.</p>
<p>With CMS Cloud, you get access to a powerful combination of offerings, including: </p>
<ul>
<li>Platform choice</li>
<li>Cloud services</li>
<li>Security</li>
<li>Support</li>
</ul>
<p>For more information about CMS Cloud visit <a href="https://cloud.cms.gov/about-cms-cloud">https://cloud.cms.gov/</a>.</p>
<h4 id="bat"><strong>BatCave</strong></h4>
<p>When compliance is painful, it disincentivizes innovation and modernization. By removing redundant, burdensome tasks, the CMS BatCave initiative aims to make security and compliance easier and more accessible for end users. </p>
<p>Modeled after the Air Force’s Platform One initiative, BatCave incorporates enterprise kubernetes and continuous integration to take software from ideation to production faster. By decreasing the time dedicated to audits and the fears associated with updating production code, BatCave will incentivize faster innovation at CMS.</p>
<p>BatCave is determined to flip the script on security—measure positive security activities instead of negative security outcomes—to incentivize people to do more positive activities that ultimately result in better security outcomes at CMS.</p>
<p><strong>Key aspects of the BatCave initiative:</strong></p>
<ul>
<li>Reduce burden and obligations to users </li>
<li>Give users the knowledge they need make better security decisions</li>
<li>Incentivize behavior that strengthens the security posture of applications and CMS as a whole</li>
<li>Increase transparency and empower distributed decision-making</li>
<li>Measure, report and champion the positive behavior rather than punish negative actions</li>
</ul>
<p><strong>Video Resources</strong></p>
<ul>
<li><a href="https://www.youtube.com/watch?v=qBVReqX-p1k">Adaptive Capabilities Testing (ACT)</a></li>
<li><a href="https://www.youtube.com/watch?v=6wBXVANtSPY">Information System Security Officer (ISSO) Reports</a></li>
<li><a href="https://www.youtube.com/watch?v=O5-W-hecCLI">Privacy Impact Assessment (PIA)</a></li>
<li><a href="https://www.youtube.com/watch?v=DN0Z5whOvyY">Plan of Actions and Milestones (POA&M)</a></li>
<li><a href="https://www.youtube.com/watch?v=kyeLJBokIBU">Security Impact Analysis (SIA)</a></li>
<li><a href="https://www.youtube.com/watch?v=3nag-SUCLr0">System of Records Notice (SORN)</a></li>
</ul>
</main>
</div>
</div>
</div>
</main>
<footer class="usa-footer usa-footer--slim">
<div class="grid-container usa-footer__return-to-top">
<!--- <a href="#">Return to top</a>-->
</div>
<div class="usa-footer__primary-section">
<div class="usa-footer__primary-container grid-row">
<div class="mobile-lg:grid-col-8">
<!-- <nav class="usa-footer__nav" aria-label="Footer navigation">
<ul class="grid-row grid-gap">
<li class="mobile-lg:grid-col-6 desktop:grid-col-auto usa-footer__primary-content">
<a class="usa-footer__primary-link" href="javascript:void(0);">Primary link</a>
</li>
<li class="mobile-lg:grid-col-6 desktop:grid-col-auto usa-footer__primary-content">
<a class="usa-footer__primary-link" href="javascript:void(0);">Primary link</a>
</li>
<li class="mobile-lg:grid-col-6 desktop:grid-col-auto usa-footer__primary-content">
<a class="usa-footer__primary-link" href="javascript:void(0);">Primary link</a>
</li>
<li class="mobile-lg:grid-col-6 desktop:grid-col-auto usa-footer__primary-content">
<a class="usa-footer__primary-link" href="javascript:void(0);">Primary link</a>
</li>
</ul>
</nav>-->
</div>
<div class="mobile-lg:grid-col-4">
<address class="usa-footer__address">
<div class="grid-row grid-gap">
<div class="grid-col-auto mobile-lg:grid-col-12 desktop:grid-col-auto">
<div class="usa-footer__contact-info">
<a href="tel:1-800-555-5555"></a>
</div>
</div>
<div class="grid-col-auto mobile-lg:grid-col-12 desktop:grid-col-auto">
<div class="usa-footer__contact-info">
<a href="mailto:[email protected]"></a>
</div>
</div>
</div>
</address>
</div>
</div>
</div>
<div class="usa-footer__secondary-section">
<div class="grid-container">
<div class="usa-footer__logo grid-row grid-gap-2">
<div class="grid-col-auto">
<img class="usa-footer__logo-img" src="assets/img/uswds-2.11.1/logo-img.png" alt="">
</div>
<div class="grid-col-auto">
</div>
</div>
</div>
</div>
</footer>
</body>
</html>