Application Security
Overview
Application Security at CMS is focused on proactively mitigating risk in the development lifecycle – building securely from the start. With rapidly evolving cyber threats, system and application teams are the first line of defense to ensure products are developed with security and privacy in mind.
The resources provided below can point you to tools and programs that help you work efficiently and securely on the applications that power CMS' mission.
All resources in Application Security
General Information
Policies and Handbooks
Latest articles and updates
- 12/4/2025UpdatesFrom Policy
CISO Memo 25-02: Mandatory enrollment of all cloud resources into CNAPP
All CMS cloud resources must be enrolled in the enterprise Cloud-Native Application Protection Platform (CNAPP) by June 30, 2026
- 12/3/2025ArticlesFrom Zero Trust
Linking encryption to power Zero Trust
Linking network and data encryption with programmatic Key Management Service (KMS) alerts is essential for CMS to achieve advanced Zero Trust maturity
- 12/1/2025ArticlesFrom Zero Trust
Protecting CMS systems: Zero Trust security monitoring with Terraform Cloud
Learn how your team can level-up Zero Trust maturity and cloud security by implementing eleven essential CloudWatch compliance alarms