The Centers for Medicare & Medicaid Services (CMS) Information Security and Privacy Acceptable Risk Safeguards (ARS) provides direction and guidance to CMS and its contractors as the minimum level of acceptable security controls known as the CMS Minimum Security Requirement [CMSR] baselines.
CimTrak aligns with ARS by providing the necessary check and balances of security functionality and security assurance of over a quarter of all the ARS controls.
Of the 26 ARS control families and 489 total controls, CimTrak aligns with 15 families and 134 controls by providing an automated scan or enabling a process, procedure, or policy to assist with the evidence collection to meet the objective of a defined control family. CimTrak refers to this as a crosswalk.
In the example shown, CimTrak provides the meta-level information associated to a pass or failed compliance scan including description, rationale, impact CIS reference, and the expected value. In the event of a failed scan, CimTrak also provides the steps to remediate to a passing status.