Aquia to Develop SaaS Governance Program Under Noblis CMS Deal

Noblis has awarded a subcontract to Aquia to support an existing four-year deal with the Centers for Medicare and Medicaid Services by developing a software-as-a-service governance program. The service-disabled, veteran-owned small business based in Millsboro, Delaware, will also apply a review process to evaluate the security risks of SaaS applications.

Specific tasks include the automation of SaaS inventory and usage tracking and the implementation of a framework for business owners to request software assessments.

Chris Hughes, co-founder and chief information security officer of Aquia, said that a software bill of materials ingestion application programming interface will be used for continuous monitoring of software components. He added that such efforts could aid CMS in complying with a cybersecurity directive issued by the Biden administration, Aquia said.

The company is also a subcontractor under a one-year, $4 million CMS deal held by Coforma for a complaint submission portal meant to resolve disputes between patients and health care providers. Aquia is responsible for enhancing the platform’s data protection capabilities.

In January, the company joined forces with RevaComm to improve cyber capabilities and handle authorization for CMS’ Continuous Authorization and Verification Engine. Also known as batCAVE, the agency intends for the platform to speed up systems development and go-to-market time.