Application Security
Overview
Application Security at CMS is focused on proactively mitigating risk in the development lifecycle – building securely from the start. With rapidly evolving cyber threats, system and application teams are the first line of defense to ensure products are developed with security and privacy in mind.
The resources provided below can point you to tools and programs that help you work efficiently and securely on the applications that power CMS' mission.
All resources in Application Security
General Information
Policies and Handbooks
Latest articles and updates
- 12/4/2025UpdatesFrom Policy
CISO Memo 25-02: Mandatory enrollment of all cloud resources into CNAPP
All CMS cloud resources must be enrolled in the enterprise Cloud-Native Application Protection Platform (CNAPP) by June 30, 2026
- 12/3/2025ArticlesFrom Zero Trust
Linking encryption to power Zero Trust
Linking network and data encryption with programmatic Key Management Service (KMS) alerts is essential for CMS to achieve advanced Zero Trust maturity
- 8/7/2025ArticlesFrom SCRM
Understanding and avoiding Single Points of Failure (SPOF)
Learn about SPOFs and practical ways to avoid them through improved Supply Chain Risk Management (SCRM)