Services Framework - Concept
The CMS Services Framework provides a standardized template for implementing systems at CMS. This template or pattern details security and interoperability requirements. The goal of the framework is to maintain the integrity of CMS applications and data.
CMS Services Framework - Principles
CMS utilizes a Defense-in-Depth (DID) and a least privilege strategy to protect its assets. Defense-in-depth is a security strategy that uses a series of layered, redundant defensive measures to protect sensitive data, personally identifiable information (PII) and information technology assets. If one security control fails, the next security layer thwarts the potential cyber attack. Least privilege is the concept of restricting access rights of users to only those resources that are required for performing their legitimate functions. CMS’ services framework provides a structure for implementing security challenges to ensure CMS resources are protected.
The goal is to protect CMS assets and reputation. CMS data must be protected from unauthorized access. To minimize the impact of any breach, the egress of data from CMS must also be protected. Too many security implementations concentrate on protecting from unauthorized access but do very little in protecting the egress of data if a breach was to occur. The implementor must address the complete security picture, prohibiting unauthorized access to the data, as well as minimizing the ability to obtain (download) data when a breach has occurred. Security implementations are always a trade-off between risk and cost. The implementor should work with their ISSO (Information System Security Officer) to validate appropriateness of security controls for any implementation.
A key guidance to protect CMS data is to ensure that the overall architectural design is consistently putting CMS’ valuable data at least three independent legitimacy tests away from the open Internet. A legitimacy test is defined as the challenge, filtering or transformation of the data to obfuscate the technical details regarding the sensitive data. For more information regarding challenges, see the information on Mediation Principles. Within the CMS network, services may interface with any other available service, given that the proper authorization is in place.
The following topics will define the CMS services framework from a services perspective to detail the zoned architecture and the security obligations required to protect CMS assets. The TRA Multi-Zone architecture will be depicted as a services framework defined by requirements and risks rather than network routers, and will consider the role of each service, its interfaces, its parent services, and its dependent services in supporting TRA compliance.