A for-profit research group for security professionals named the CMS the winner of the group's 2012 U.S. National Cybersecurity Innovation Award, recognizing the agency for developing a systematic method to evaluate nearly 200 data centers and the work of 38 information technology contractors for security risks.
"CMS first developed a process to assess the relative security of each data center and normalized these security scores across the variety of security tools providing the feeds," wrote the SysAdmin, Audit, Network, Security (SANS) Institute, a research and education organization based in Bethesda, Md., in a news release about the award. "The resulting product is a single, cohesive, apples-to-apples scoring solution that pinpoints critical risks, provides remediation information and creates visibility in a manner that drives rapid remediation responses. The CMS demonstrated initial success with this system in 2010 by developing a vulnerability risk score card and letter grading system to foster healthy competition among the contractors." The CMS reduced the average host risk scores at two high-risk data centers by more than 68% from July 2010 to January 2011, according to the release.