The Centers for Medicare & Medicaid Services (CMS), a component within the Department of Health and Human Services (HHS), is responsible for overseeing the Medicare and Medicaid programs--the nation's largest health insurance programs--which benefit about one in every four Americans. CMS relies on a contractor-owned and operated network to facilitate communication and data transmission among CMS business related entities. Effective information security controls are essential to protecting the confidentiality, integrity, and availability of this sensitive information. At Congress's request, GAO assessed the effectiveness of information security controls over the communication network used by CMS by conducting a technical assessment of the information security controls that are currently in place.
Recommendations for Executive Action
|Centers for Medicare and Medicaid Services||To help strengthen information security controls over the CMS communication network, the CMS Administrator should direct the Chief Information Officer to take steps to ensure that information security policies and standards are fully implemented.|