Who: ISPG, CFACTS
What: Develop and deliver InSpec profile of the DISA STIG baseline and develop CMS ARS 3.1 overlay profiles for low, moderate, high systems.
Why: This profile enables ISPG and any other CMS team to continuously validate their systems against a standard DISA STIG baseline for compliance and CDM reporting. Also, supports data requests from external ACT, CDM, and other audit requests.
Compare the controls and scope out the LOE
Context
Who: ISPG, CFACTS What: Develop and deliver InSpec profile of the DISA STIG baseline and develop CMS ARS 3.1 overlay profiles for low, moderate, high systems. Why: This profile enables ISPG and any other CMS team to continuously validate their systems against a standard DISA STIG baseline for compliance and CDM reporting. Also, supports data requests from external ACT, CDM, and other audit requests.