make a good business better
Print Divider Print Divider Branding

Performing services or processing payments for the Centers for Medicare & Medicaid Services (CMS) requires navigating a labyrinth of CMS security regulations.

The CMS Minimum Security Requirements (CMSRs) are among the most complex information security frameworks, and effectively complying with the requirements of the Federal Information Security Management Act of 2002 (FISMA) requires a detailed understanding of the organization’s risk.

LBMC brings extensive experience with over 12 years directly working with CMS contractors conducting security assessments. These assessments include Security Controls Assessments (SCAs), FISMA/ARS compliance assessments, penetration and technical assessments and even dating back to Annual Compliance Audits. We have been working with the CMS methodologies and CMS Minimum Security Requirements (CMSRs) since their inception. As a result, we are ideally positioned to bring your organization into CMS compliance with a minimum of confusion and effort.

Comprehensive Support for CMS Security Contractors

LBMC helps contractors and subcontractors meet government expectations and minimize compliance findings and issues through a full range of assessment and compliance services, including:

Compliance Reporting 

Whatever your compliance need—from FISMA Assessment to a SSAE16/SOC to a HITRUST CSF assessment report—we take a practical approach that streamlines the process while allowing your organization to qualify for additional CMS contracts.

Audit Preparedness

We can make sure your organization is ready for upcoming agency and customer audits. Drawing on our extensive compliance experience, we highlight the highest risks in areas where auditors are most likely to focus their scrutiny.

System Security Plan (SSP)

We’ll teach your staff how to create this document that describes how controls are applied and implemented to protect Medicare and Medicaid data.

Security Risk Assessment

We provide an independent, objective perspective on business and technology risks based on the stringent CMS Acceptable Risk Safeguards.

Penetration Testing and Vulnerability Assessments

We identify and prioritize weaknesses through physical, logical and social testing techniques.

Learn more about our CMS information security Services

Contact us to learn more about how we can help you comply and benefit from CMS security regulations. Call 1-844-526-2732 or fill out the form below and one of our professionals will promptly get back to you.