Security Awareness Training (SAT) - The HCQIS program utilizes the DoD Cyber Exchange, a publicly accessible training library with course offerings to allow contractors to meet the CMS SAT requirements. SAT Training is broken into two (2) separate trainings focusing on Security and Privacy. These trainings include:

• Cyber Awareness Challenge and Identifying

• Safeguarding Personal Identifiable Information (PII).

Records Management Training - Additional to Security Awareness training, the HHS Records Management Training is a mandatory requirement outlined in the HHS Policy for Records Management and the Office of Management and Budget (OMB)/National Archives and Records Administration (NARA) joint Directive M-19-21, Transition to Electronic Records.  The records management training is to provide an overview of user responsibilities for records handling, help users tell the difference between records and non-records, and assist them in learning how to manage the federal records lifecycle.  

Note: The HHS Office of Human Capital manages records management training and requirements for CMS. Therefore, updated instructions may be issued by HHS to include new training requirements, content or links. Please check with your COR for any changes to the information provided by HHS.

Back to Top

Image Removed

Image Added

Step 1 - Complete the required online training by selecting the corresponding modules listed below.

Step 2 - Enter your name in the Certification of Completion’s online display, which is provided at the successful conclusion of the training.

Step 3 - Take a screen capture (shot) or save a copy of the certificate locally then provide a copy of your completed certification to your organization’s assigned Security Point of Contact (SPOC) who will maintain a copy for record retention.

Recently transitioned from a previous contract?

New users take training during onboarding and before initial access then annually thereafter. Some contracts and organizations require all users to complete training by a specific time each year. There also may be times where a user has transferred from another contract and has taken required training.  Therefore, if a user has started or transferred from a previous HCQIS contract and has taken all required trainings within the last 90 days, that user is except from taking any training again until the following calendar year or deliverable period; whichever schedule is followed. Please contact your COR for any questions regarding requirements. 

Back to Top

SPOC Certification/Attestation

The SPOC should adhere to the following guidelines related to certification and attestation of training results:

1. Only one memo is required for all sites under each prime contract region/area/site.
2. The Certification Memo must be signed (digitally if preferred) by any designated SPOC and the organization’s designated Program Lead. 
3. You may apply a naming convention that best suits your organization, Contract or deliverable, but that is easy to understand by other readers.
4. Submit the completed certification memo electronically to you’re COR using the specified vehicle outlined in the contract as directed by the CMS COR.

Organizational SPOCs may leverage the provided template to fulfill the requirement. 

QNet Security Awareness Certification Template.docx

Back to Top