The page could not be loaded. The CMS.gov Web site currently does not fully support browsers with “JavaScript” disabled. Please enable “JavaScript” and revisit this page or proceed with browsing CMS.gov with “JavaScript” disabled. Instructions for enabling “JavaScript” can be found here. Please note that if you choose to continue without enabling “JavaScript” certain functionalities on this website may not be available.

Skip to Main Content

CIO Directives List

A list of the approved CIO Directives.

Directive #	Title	Issue Date	Type
07-03	Mandatory Encryption on all Removable Storage Devices	08/13/2007	Action
07-04	CMS Information Security Incident Handling and Breach Analysis/Notification Procedure	08/21/2007	Action
07-05 FY 2008	FY 2008 Annual Security Controls Testing	12/10/2007	Action
07-02	CMS Chief Iinformation Security Officer (CISO) Forum for Information System Security Officers (ISSO)	07/12/2007	Informational
07-05 Attachment A	CMS FISMA Systems	12/10/2007	Informational
07-01	Transporting Sensitive Information: Encryption Requirements for Data Leaving CMS Data Centers	07/12/2007	Action
08-02	Utilization of Webinar Technology at CMS	07/23/2008	Informational
09-01	Use of Personally Owned Equipment with CMS Laptops	05/27/2009	Informational
07-05 Attachment C	Attestation of Annual Security Controls Testing	12/10/2007	Action
07-05 Attachment B	Instructions for Security Control Testing	12/10/2007	Action
07-05 Attachment D	ST&E Testing Plan	12/10/2007	Action
12-03	Annual Role-Based Information Security Training Requirements	2012-07-12	Action
11-01	CMS Continuous Monitoring Program Implementation	10/27/2011	Action
12-01	CMS Vulnerability Assessment and Penetration Testing	3/29/2012	Action

Page last Modified: 03/10/2012 12:24 PM
Help with File Formats and Plug-Ins

A federal government website managed by the Centers for Medicare & Medicaid Services
7500 Security Boulevard, Baltimore, MD 21244

Centers for Medicare & Medicaid Services

7500 Security Boulevard

Baltimore, MD21244

USA