Hello, Guest!

Digital Modernization

CMS Implements New Program to Better Manage SaaS Applications

Software as a service

CMS Implements New Program to Better Manage SaaS Applications

The Centers for Medicare and Medicaid Services is implementing a new software-as-a-service governance program that aims to better manage the transfer of systems and applications to the cloud and monitor and evaluate the risks of SaaS products. 

Shawnte Singletary, the deputy director of the Division of Security and Privacy Compliance in the Office of Information Security and Privacy Group at CMS, said the agency has identified a tool that will help manage the discovery of SaaS solutions being used in its network. 

Speaking at a recent event sponsored by the Digital Government Institute, Singletary shared that the tool will help pinpoint stale and stagnant SaaS licenses and software purchased by an employee that is being accessed from the government network, Federal News Network reported.

Over the past years, CMS has implemented FedRAMP-certified SaaS applications but Singletary noted that the agency now intends to evaluate the risks of non-FedRAMP solutions to allow CMS customers to adopt cloud services employing security controls. 

The agency is also sponsoring the FedRAMP approval process of such services to fast-track their implementation within the CMS. It also tapped private companies to speed up the migration of enterprise systems to the cloud.

In August, CMS awarded General Dynamics Information Technology a potential five-year, $65 million contract to provide data integration and cloud migration services in support of the CMS Integrated Data Repository, a data warehouse that integrates beneficiary, claims and provider data sources to support Medicare and Medicaid programs. Work includes delivering Agile development and transformation services and providing operations and maintenance to the agency’s cloud and on-premise platforms.