PROJECT
IRIS Health Solutions is currently providing security control assessment services and subject matter expertise to The Centers for Medicare and Medicaid Services (CMS) under the CMS Security Assessment and Authorization Program, within the Information Security and Privacy Group (ISPG). As CMS transitions systems from the previous Security Controls Assessment (SCA) framework to the new Adaptive Capabilities Testing (ACT) framework, IRIS is performing Adaptive Capabilities Testing to ensure CMS systems meet all industry standards to obtain Authorization to Operate. IRIS assists CMS in validating appropriate controls on their information systems, identifies risks to assessed systems, and helps CMS understand the risks that the assessed systems and its environment pose to the CMS enterprise.