Sector(s)
We worked alongside ISPG customers and stakeholders to design and build a searchable, user-friendly portal for cybersecurity information – making it easier for security personnel to keep CMS data and systems safe.
The CMS Information Security and Privacy Group (ISPG) is in charge of the policies and programs that ensure the security and privacy of data that is handled by CMS information systems. ISPG staff and contractors work to maintain policies, distribute guidance, communicate with customers, support security programs, and promote new initiatives.
While doing this important work over the years, they amassed a large collection of documents and resources that were spread across various locations and formats. This led to issues with version control and made it hard for people to find the information needed to do their security-related tasks.
Without a single, trusted location for cybersecurity information – and with many of the documents being in static PDFs that were full of jargon and hard to understand – finding essential information from ISPG could be onerous, negatively impacting CMS’ overall security posture.
Client goal
To improve their customer service and promote better security across CMS systems, ISPG engaged our team to develop a user-friendly website (informally known as “CyberGeek”) at security.cms.gov that is recognized as the authoritative home for CMS security and privacy information. With this project, ISPG aims to:
- Improve customer service through modern information delivery
- Support CMS security personnel with the resources needed for their critical work
- Make security topics and policies more approachable and human-centered
- Build user-friendly processes to help ISPG staff maintain their content
- Establish a platform where customers can find news and updates from ISPG
Together with our partner Affix Digital, we worked closely with ISPG stakeholders and customers to understand the cybersecurity ecosystem at CMS. We built relationships across ISPG and partnered with their leadership and program teams to streamline their content into a single, trusted platform that makes cybersecurity information approachable and human-centered.
We started by interviewing ISPG customers to make sure we built the site’s information architecture in a way that made sense to the people using it. Card sorting – a process that involves users in the design of the site navigation – helped solidify the menus and categories that would be the foundation of a user’s journey through the site.
We built a decoupled site using Drupal and React to give the client flexibility for technology changes in the future. Utilizing the U.S. Web Design System (USWDS), we created a component library that ensures the site meets government requirements for things like accessibility and mobile responsiveness. We used Storybook to build components in isolation before deployment to the site, catching errors in real-time so they could be fixed on the spot.
One of the main problems ISPG wanted to solve for their customers was the headache of searching for security documents, templates, and program information – which had been difficult to find in various internal repositories. We implemented a powerful search feature using Algolia, with filter options to help people find information specific to their needs. Improvements to search are ongoing as we learn more about how people use it.
ISPG staff can access the pages they are responsible for managing through a user-friendly content management interface in Drupal. The workflows are designed to support busy staff and reduce content publishing bottlenecks.
Technical Specifications
Drupal version:
