“The Centers for Medicare and Medicaid Services is in the midst of an “all-out assault” to streamline how it approves the security of software and applications, and the agency is modeling its approach after the Air Force’s “Platform One,” according to its chief information security officer.”
“CMS CISO Robert Wood said the agency is taking on the “burdensome friction” of slow authority-to-operate processes and other security policies from multiple angles.”
“’We are not going to solve all of our problems with one big project,’ Wood said during a Feb. 18 webinar hosted by the ACT-IAC Cybersecurity Community of Interest. ‘Rather we are going to attack it on multiple sides and sort of swarm around it.'”
“Wood said the initiative has taken on increased urgency as CMS is at the center of national initiatives to respond to COVID-19, the opioid epidemic and other healthcare crises.”
“’We need to be able to change as an institution in the healthcare arena faster, and more stably, more than ever,’ he said.”
“The agency’s first big effort, he said, is centered on a “rapid ATO” process to help application development teams build their system security plans faster. CMS is using reusable control descriptions and pre-written control statements for vetted technologies, like identify management, so teams don’t have to start their ATO with a blank slate every time…” Read the full article here.
Source: CMS takes a page from the Air Force on streamlining software development – By Justin Doubleday, February 18, 2022. Federal News Network.
