Application Security
Information about the programs and tools that support information and system security in the development of applications at CMS
Application Security at CMS is focused on proactively mitigating risk in the development lifecycle – building securely from the start. With rapidly evolving cyber threats, system teams become the first line of defense to ensure that tools and products are developed with a strong emphasis on security and privacy.
The resources provided below give teams access to the latest APIs, tools, apps, programs, and services that empower you to ship software securely, continuously, and with confidence. They are a starting point to help you plug into trusted tools and code used at CMS for modern security best practices. Together, we'll continue our mission to reduce risk across CMS systems and build trust with the people we serve.
CMS Slack Channel- #security-community
CMS Cloud Services
Platform-As-A-Service with tools, security, and support services designed specifically for CMS. (Requires CMS login)
Top documents and resources
Considerations and guidelines for CMS business units wanting to use SaaS applications
Design practices that facilitate secure software development through organization and collaboration
Information and resources for teams to help them initiate and complete their system threat model
Your internal CMS resource for the latest in cloud-based tools and programs, with support to help you find what you need
A structured list of the components and modules that make up a piece of software, and the supply chain relationships between them
Explore how GitHub Secret Scanning boosts security, supports ARS compliance, and reinforces Zero Trust principles in application development.
Increasing Zero Trust maturity using device threat protection capabilities with CMS provided tools.
Filtered view of related content using CyberGeek Search
