CMS continues advancing enterprise cybersecurity capabilities through the rollout of the CrowdStrike Endpoint Detection and Response (EDR) and the transition to Tenable One for vulnerability management. These initiatives strengthen threat detection, improve visibility across cloud and on-prem systems, and align with federal cybersecurity requirements and CDM program goals.  
 

CrowdStrike EDR: Expanding Enterprise Endpoint Protection 

CrowdStrike, a CISA-approved EDR solution that aligns with the OMB M-22-01 requirements, is being expanded to achieve full endpoint coverage across the enterprise. To better understand the existing EDR landscape, a comprehensive EDR data call survey was released on May 2, 2025. The survey received over 160 responses identifying EDR solutions across CMS, which provided valuable insight into current coverage levels. The goal is to achieve 100% endpoint coverage under the HHS get well plan. 

As part of the Enterprise License Agreement (ELA), ISPG will assume funding for existing licenses with potential cost savings to be returned to customers who have purchased CrowdStrike licenses. 
 

What’s Included in the Enterprise Offering? 

• Workstation and server endpoint protection 
• Cloud security capabilities, including container coverage 
• Limited training and certification opportunities 
• Implementation and configuration support 

Operational configurations, scanning policies, and deployment standards are being developed collaboratively with IUSG. 
 

Onboarding and Migration Timeline 

Formal onboarding communications were distributed on January 15th, outlining enrollment guidance and migration processes. To begin enrollment, submit a service request located here: CrowdStrike Onboarding Request. Note that the link is accessible only with CMS credentials.

The enterprise migration timeline establishes June 30, 2026, as the deadline for completing EDR migration activities. Early engagement is encouraged for onboarding in a timely manner. 

To learn more about the CrowdStrike migration, join the Town Halls, which will occur from February through June on the third Thursday of each month from 12:00 PM EST to 1:00 PM EST. These sessions provide updates and cover topics such as: 

• CrowdStrike capabilities and features 
• Training availability 
• User access and permissions 
• Implementation considerations 
• Open Q&A 

Contact CRTM@cms.hhs.gov for more information about onboarding. 

Tenable One: Vulnerability Management Updates 

CMS is transitioning from Tenable.sc to Tenable One due to changes in the product line. Licenses have been obtained through the CDM program to cover cloud and on-prem devices. Tenable One is a FedRAMP SaaS solution with an IOT and OT product offering, web application scanning, and a cloud security solution for asset discovery and analysis. 

No operational impact or network performance degradation is expected, and current Tenable functionality and infrastructure will be maintained. The transition will primarily introduce enhanced agent and scanning capabilities tailored to support both cloud and on-prem environments. 

Implementation Roadmap and Milestones 

The Tenable One rollout follows a phased approach with milestones that include stakeholder engagement, repository and vulnerability data migration, scanning migration, and enterprise datacenter adoption. 

Planning and Preparation (January-February) 

Initial efforts will focus on stakeholder engagement, communication planning, and teams interested in adopting Tenable One through the CDM program. 

Repository and Vulnerability Data Migration (February-September) 

During this phase, existing repositories and vulnerability data will be migrated into Tenable One. Maintaining data continuity and accuracy will be a key priority throughout this transition 

Managed Scanning Migration (April-August) 

Operational scan schedules, policies, and reporting structures will be migrated. A minimum viable product (MVP) for CDM scanning operations will be developed, ensuring teams have a baseline for requirements. 

Enterprise Datacenter Adoption (August-December) 

Communications and onboarding for data centers across the enterprise. 

Contact VAT@cms.hhs.gov if interested in onboarding.

 

Next Steps and How to Get Involved 

Systems that have not yet begun onboarding are encouraged to review the available guidance and engage with support teams to begin the process. Participation in upcoming town halls and communications will provide updates, training opportunities, and implementation guidance as these initiatives move forward.