Resources

You are ready to onboard a contract after completing the following:

• Completed CBT Training (cms.gov/cbt): RBT & RoB Policy Updates: A Briefing for CORs

The COR training includes a review of RBT and RoB resource kits for use with CMS contractors. The training additionally covers the COR responsibilities for collecting training records demonstrating that all contractors with SSR complete specialized RBT commensurate with their roles within sixty (60) days of beginning work on a contract, annually thereafter and upon request. 

• Submitted final Acquisition Plan (AP) and Contract to OAGM
• All Contract and or AP revisions are submitted and finalized.

Checklist

1. Request Security Documentation List
2. CMS System Access (Badging)
3. Conduct Contractor Facility Site Visit
4. Contract Award Activities
5. Create Contingency Plan Guidance
6. Data Use Agreement Approval
7. Finalize Site Survey Agreement
8. Identify COR
9. Identify ISG SMEs
10. Identify Security Documentation
11. Identify Tools and Systems Used
12. Identify Transition Team
13. Initial Meeting with COR
14. Prepare Contact Lists
15. Prepare Data and Knowledge Transfer Documentation
16. Prepare Overview of CMS and ISG ISSO
17. Prepare Project Meeting Details
18. Virtual Desktop Infrastructure Requirement

The ISG Questionnaire aids in obtaining ISG approval and/or guidance for any IT data, infrastructure, and security requirements necessary to complete the contract tasks. The information obtained from the questionnaire will be used in planning the engagement timeline and deliverables.

The purpose of this document is identify the responsibilities for steps listed in Section 3 – Procedure Steps based on the required roles for completing the engagement and onboarding of New Contractors within ISG.

The ISG Engagement Activities Project Schedule Template is a tool that can be customized. It aids the Engagement Lead in creating their engagement project schedule because it includes engagement activities, durations, dependencies, and resource names to ensure that all engagement activities can be completed by the engagement end date.

This publication serves as a fundamental reference resource to support a workforce capable of meeting an organization’s cybersecurity needs. It provides organizations with a common, consistent lexicon that categorizes and describes cyber security work.

A specialized training titled RBT & RoB Policy Updates: A Briefing for CORs. All CORs are expected to take this training annually. Access the training under the RBT menu on the Manage Training Information page.

For additional guidance on RBT policy implementation, refer to the Risk Management Handbook Chapter 2 Awareness and Training, dated 02/27/2019.

The purpose of the Hospital Quality Reporting (HQR) 5.0 release is to support the existing Hospital Inpatient Quality Reporting (IQR), Inpatient Psychiatric Facility Quality Reporting (IPFQR), Hospital Outpatient Quality Reporting (OQR), Ambulatory Surgical Center Quality Reporting (ASCQR), and Prospective Payment System (PPS)-Exempt Cancer Hospital Quality Reporting (PCHQR) programs. This user guide provides the information necessary for IQR, OQR, and PCH hospitals and ASCs and IPFs to use the HQR 5.0 System Release.