Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/CMSgov/ars-machine-readable

Publish a machine readable version of the ARS standards to facilitate compliance as code efforts.
https://github.com/CMSgov/ars-machine-readable

Last synced: 5 days ago
JSON representation

Publish a machine readable version of the ARS standards to facilitate compliance as code efforts.

Host: GitHub
URL: https://github.com/CMSgov/ars-machine-readable
Owner: CMSgov
Created: 2021-03-12T16:53:09.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2024-02-26T21:38:29.000Z (9 months ago)
Last Synced: 2024-08-01T18:25:13.569Z (3 months ago)
Language: XSLT
Size: 5.61 MB
Stars: 22
Watchers: 16
Forks: 4
Open Issues: 14
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-oscal - CMS Acceptable Risk Safeguards - 53 controls used by the Centers for Medicare and Medicaid Services in OSCAL format. Perhaps the first OSCAL content released by a US government agency other than NIST, separate of collaboration with FedRAMP. (Content)

README

# Acceptable Risk Safeguards #

## About ##

This is the Centers for Medicare & Medicaid Services repository that provides the Acceptable Risk Safeguards (ARS) in machine-readable format to support compliance as code initiatives.

We believe compliance activity at the scale of CMS requires automation to be successful and repeatable. Compliance as Code standards like OSCAL allow teams to bridge between the "Governance" layer and operational tools. With this repository, CMS aims to support innovative teams in leveraging automation to improve the CMS security posture and reduce the burden of compliance.

## What are ARS? ##
ARS are the Acceptable Risk Safeguards used to define a baseline of minimum information security and privacy assurance controls at CMS. These controls are based on both internal CMS governance documents and laws, regulations, and other authorities created by institutions external to CMS. Protecting and ensuring the confidentiality, integrity, and availability for all of CMS’ information and information systems is the primary purpose of the information security and privacy assurance program. The ARS complies with the CMS guidelines by providing a defense-in-depth security structure along with a least-privilege, need-to-know basis for all information access. CMS updates ARS to keep up with the latest risk safeguards and these come in the form or

## ARS Versions ##
As ARS are updated, are numbered, with the highest number being the latest release. We provide formats
CMS has adopted NIST's OSCAL standard for Compliance as Code.

## Using this ##
If you're looking to ship software to production at CMS, your system will need to comply with ARS controls. Product teams looking to automate compliance (including but not limited to automatically generating their System Security Plans) can use these machine-readable ARS controls to support their efforts.

## Contribution ##
This repository is updated in an automated fashion. CMS is not actively monitoring this repository for pull requests or issues at this time. For inquiries, please refer to the contact section of this document.

## Contact ##
[email protected]