Specifications include, but are not limited to: Project #1: Assistance with completing pertinent regulatory compliance tasks utilizing the baseline of NIST 800- 53, CMS MARS-E 2.0 and IRS Publication 1075. 1. Assist with updating and maintaining the following CMS document artifacts, which are required, on a predetermined schedule from CMS: • Safeguard Security Plan (SSP) - Annually • Information Security Risk Assessment (ISRA) – Every 3 Years • Privacy Impact Assessment (PIA) – Annually • Plan of Action and Milestones (POA&M) – Quarterly • Interconnection Security Agreement (ISA) – Every 3 years • Information Exchange Agreement (IEA) – Every 3 years • Computer Matching Agreement (CMA) – Every 18 Months 2. Conduct an annual attestation of the required subset of CMS MARS-E controls for a given year in a three-year cycle and prepare a Security Assessment Report (SAR). 3. Assist with creating and organizing a repository of Security and Compliance related documentation to allow for a more structured and centralized archive of all related cross-departmental documents. 4. Create or make use of existing retrieval tools used in managing and accessing documentation required by the IRS and HHS/CMS. 5. Assist in the analysis and remediation recommendations of Nessus Scan results for the following Department of Social Services (DSS)-hosted and Exchange on-premise platforms: • Windows Server 2016 • Windows 10 Workstations • Linux Servers