Application Security

Submitted by mburgess on
Short Description

Information about the programs and tools that support information and system security in the development of applications at CMS

Topics
Application Security
Contact Email
CISO@cms.hhs.gov
Contact Name
ISPG Policy Team
Slack Channel(s)
#security-community
Top Resources
Resource Title
SaaS Governance (SaaSG)
Resource Title
Threat Modeling
Resource Title
CMS Threat Modeling Handbook
Link Description
Your internal CMS resource for the latest in cloud-based tools and programs, with support to help you find what you need
Link Title
CMS Cloud
Link URL
https://cloud.cms.gov
Resource Title
Software Bill of Materials (SBOM)
Resource Title
GitHub Secret Scanning: Enhancing security, ARS compliance, and Zero Trust
Resource Title
Increase Zero Trust Maturity within the Devices Pillar
Page Content
Text

Application Security at CMS is focused on proactively mitigating risk in the development lifecycle – building securely from the start. With rapidly evolving cyber threats, system teams become the first line of defense to ensure that tools and products are developed with a strong emphasis on security and privacy.

The resources provided below give teams access to the latest APIs, tools, apps, programs, and services that empower you to ship software securely, continuously, and with confidence. They are a starting point to help you plug into trusted tools and code used at CMS for modern security best practices. Together, we'll continue our mission to reduce risk across CMS systems and build trust with the people we serve.

Call-out Information
Header
CMS Cloud Services
Call-out Text

Platform-As-A-Service with tools, security, and support services designed specifically for CMS. (Requires CMS login)

Call-out Link
https://www.cloud.cms.gov
Call-out Link Text
See cloud service offerings