Guiding Principles

To align with the CMS Enterprise Portal Strategy, stakeholders responsible for each CMS portal and for CMS portal content must adhere to the following Guiding Principles in their tactical planning and designs or provide adequate justification for exceptions.

Principle 1

All CMS portals on a given network—public internet, CMS Core Network, CMS Private Network (CMSNet), CMS extranet, public telephone system, etc.—must be accessible to users via a single point of access on that network.

Rationale:

One URL, phone number, or other network address will be sufficient for a user on a given network to access all CMS production portals available on that network. An exception may be for portals dedicated to highly sensitive content and services.

Principle 2

Each user will have a single identity for all CMS production portals.

Rationale:

Supporting a single user identity for access to all CMS production portals generates important benefits for security, user administration, user productivity, and user empowerment through communication and collaboration tools, social media, and other emerging portal-based technologies.

Principle 3

Public content on a CMS portal should be available to anonymous portal users.

Rationale:

Users only seeking public information should not have to identify themselves. Public information should be freely accessible. Likewise, users should be able to ask general questions or use public services without having to authenticate their identity when that is not necessary. Without authenticating, users may even provide a name, telephone number, email address, or postal address to receive responses to general questions.

Users will not be required to authenticate themselves (i.e., log in) to gain access to a CMS portal’s public content and services. A CMS portal will require authentication only when users request to retrieve content or access services requiring their personal identity or role information. This includes disclosure or modification of personal or sensitive information as well as identity and contact information associated with a userID.

Principle 4

All CMS Production Portals serving the public, beneficiaries, or healthcare providers will be chartered and defined according to purpose, content scope, and user community. These definitions will be updated annually and reviewed by CMS division representatives and all CMS organizations responsible for operating such portals.

Rationale:

CMS Production Portals are the most visible face of CMS. They should deliver consistent, authoritative content and services that avoid duplication. These same portals need to be recognized as Agency resources with great potential for delivering new content and services across CMS business domains. The annual review described in this principle provides a governance process for working toward these objectives as part of an enterprise-wide Portal Strategy.

Principle 5

All CMS portals and WCM implementations must address existing federal and CMS policies for protection of sensitive information, CMS disclosure and public release requirements, and data retention requirements.

Rationale:

Each business owner is responsible for managing the content that they publish.

Principle 6

For any given collection of content, all CMS portals will use the same original CMS source to ensure consistency of that content on all portals where it appears.

Principle 7

All CMS public portals and content must adhere to CMS branding standards.

Principle 8

CMS portals, web services, and portlets must adhere to CMS and industry standards.