The Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) awarded Halfaker with a sole-sourced hybrid contract, called Healthcare Integrated Ledger Accounting System Security Controls Assessment (HIGLAS). HIGLAS consists of various firm fixed priced line items for technical services to perform Security Certification (Controls) Assessment (SCA) testing upon different CMS-HIGLAS and other OFM datacenters, systems, and applications (objects under test), under the control, ownership, purview and as tasked by CMS-OFM-FMSG.
Halfaker supplies support for the planning, development, and implementation of a comprehensive program to perform a Security Controls Assessment (SCA) (defined to include Security Testing & Evaluation (ST&E), and Annual FISMA Security Control testing) for CMS OFM/FMSG/DTO systems. Halfaker reviews available application documentation, including requirements documents, design documents, system security plans (SSPs), risk assessments (RAs), and contingency plans (CPs) prior to conducting the SCA. Halfaker ensures all analyses are according to the security control categories as defined in the CMS Policy for the Information Security Program (PISP), CMS Information Security (IS) Acceptable Risk Safeguards (ARS), ARS Appendix B CMSR High Impact Level Data, the CMS Information Security (IS) Assessment Procedure and the CMS Reporting Procedure for Information Security (IS) Assessments.