Is CMS safe?
Review CMS security risks.

The following security profile for CMS includes the basics you’ll need for a vendor risk assessment: security certifications, supply chain details, privacy policy, terms of service, GDPR compliance, and more.
All Security Profiles
HealthcareCMS
CMS Organization Details

Category

Healthcare

Organization Details

What is CMS?

CMS serves the public as a trusted partner and steward, dedicated to advancing health equity, expanding coverage, and improving health outcomes..CMS Omnibus COVID-19 Health Care Staff Vaccination Interim Final Rule FAQs.CMS careers: See how you can join our team

Headquarters

Hosting

Hosting locations

Security Program

Security Certifications

SOC2 Compliance
PCI Compliant
HIPAA Compliant
SOC2 Compliance
SOC 2 Compliant
GDPR Compliant
ISO 27001 Compliant
FedRamp Compliant
CSA Star Level 1
Compliant

Security Page

Security Portal

Bug Bounty

Vulnerability Disclosure

Terms of Service

Privacy Policy

https://cms.gov/privacy

Status Page

Authentication

Authentication / SSO

Supported Okta Features
Login with Google support
Login with Microsoft support
Supports SSO
Two-factor authentication via SMS
Two-factor authentication via E-mail
Two-factor authentication via Hardware
Two-factor authentication via Software
Two-factor authentication via TOTP
Two-factor authentication via U2F

OAuth Details

CMS Supply Chain
  • Akamai
  • Amazon Web Services (AWS)
  • GitHub
  • Salesforce Experience Cloud
  • Adobe Experience Cloud
  • Office
  • Google Workspace
  • Google Analytics
  • Webex
  • Google Tag Manager
  • Quantum Metric
  • Qualtrics
  • Chartbeat
  • New Relic
CMS Subdomains
  • beta.dev1.cms.gov
  • offcycle.cms.gov
  • test.ptaas.aws.cms.gov
  • macproval1.cms.gov
  • developer.cms.gov
  • innovation.cms.gov
  • iserv.nginx.backends.cms.gov
  • dev.openpaymentsdata.cms.gov
  • beta.dev2.cms.gov
  • portaldev-beta.cms.gov
  • prod2.openpaymentsdata.cms.gov
  • api.developer.cms.gov
  • camp.cloud.cms.gov
  • portal.cms.gov
  • tableau.bi.cms.gov
  • cerrsngtrainingimpl.cerrs.cms.gov
  • downloads.cms.gov
  • impls.hub.cms.gov
  • management.bcda.cms.gov
  • prod2.pfs.data.cms.gov
  • edit.pfs.data.cms.gov
  • hiosval.cms.gov
  • accounts.cms.gov
  • qic-edit.cms.gov
  • pecosai.portalval.cms.gov
  • test.api.developer.cms.gov
  • jira.cms.gov
  • github.cms.gov
  • confluence.cms.gov
  • imp.pfs.data.cms.gov
  • impl.api.developer.cms.gov
  • elmo.portal-beta.cms.gov
  • pecosai.portaldev.cms.gov
  • pecosai.portaldev-beta.cms.gov
  • cciio.cms.gov
  • hiosvalgateway.cms.gov
  • pecosai.portal-beta.cms.gov
  • test.cms.gov
  • provision.backends-lower.cms.gov
  • dev-edit.openpaymentsdata.cms.gov
  • sasviya.bi.cms.gov
  • dev-edit.qic.cms.gov
  • sei.cms.gov
  • imp-api.finder.backends.cms.gov
  • www.ptaas.aws.cms.gov
  • macprotest0.cms.gov
  • reg.idm.cms.gov
  • adobe-ep.cms.gov
  • beta.imp.cms.gov
  • dev2.cms.gov
  • splunk.cloud.cms.gov
  • ngd-bb.cms.gov
  • hiostest.cms.gov
  • ocean.cms.gov
  • www.qhpcertification.cms.gov
  • apssit.portalval.cms.gov
  • imp.cms.gov
  • test.hub.cms.gov
  • eap.cms.gov
  • elmo.portal.cms.gov
  • scclia.cms.gov
  • imp.qpp.cms.gov
  • apsvpt.portalval.cms.gov
  • security.cms.gov
  • imp.openpaymentsdata.cms.gov
  • openpaymentsdata.cms.gov
  • imp.cerrs-edt.cms.gov
  • imp.partnershipforpatients.cms.gov
  • portalval-beta.cms.gov
  • hiostestgateway.cms.gov
  • dev.pfs.data.cms.gov
  • assets.cms.gov
  • github.test.cms.gov
  • dev.edit.cms.gov
  • impl.grafana.backends.cms.gov
  • confluenceentimpl.cms.gov
  • imp-edit.openpaymentsdata.cms.gov
  • ahrc.cms.gov
  • cerrsd365impl.cerrs.cms.gov
  • ahrcvo.cms.gov
  • mime.hetsp-haa.cms.gov
  • aps.portaldev-beta.cms.gov
  • dev-qic.cms.gov
  • portalnextgen.cms.gov
  • macproval0.cms.gov
  • hundt-test.west.cms.gov
  • www.cms.gov
  • portal-beta.cms.gov
  • portal-theta.cms.gov
  • testoffcycle.cms.gov
  • macprotest1.cms.gov
  • qic.cms.gov
  • radtest.cms.gov
  • mearis-impl.cms.gov
  • bi.cms.gov
  • aps.portal-beta.cms.gov
  • impl.cerrs-mcr.cms.gov
  • imp-edit.qic.cms.gov
  • test.developer.cms.gov
  • dev.ptaas.aws.cms.gov
  • beta.imp2.cms.gov

Regain control of SaaS security.

Nudge Security discovers all SaaS accounts ever created by anyone in your org within minutes of starting a free trial. Get a full SaaS inventory today, along with insights and automation to improve your SaaS security posture.

Try it free
Explore demos
Try it free
Explore demos
was able to find all this and much more.
Nudge was able to find all this and much more.
Nudge Security provides detailed security profiles for thousands of SaaS apps. Sail through security assessments with our proprietary intelligence on vendors’ security, risk, and compliance programs.
Stop chasing down answers. Start a free 14-day trial of Nudge Security to learn:
Stop chasing down answers.
Start a free 14-day trial of Nudge Security today.
Who’s using CMS in your org?
What data does CMS have access to?
What is CMS’s breach history?
What apps are in CMS’s supply chain?
See what you can discover
Product
OverviewChangelogPricingStatus
Resources
FAQSecurity ProfilesSaaS Security GlossaryKnowledge BaseAPI Documentation
Company
Our ApproachOur TeamPress
Assurance
Trust & SecurityTerms & ConditionsPrivacy PolicySitemap

Use Cases

SaaS Security
SaaS Security Posture Management (SSPM)Audit & ComplianceSaaS Attack SurfaceAccount Takeover Detection
SaaS Management
Shadow ITSaaS SpendCloud GovernanceAI Security
Third-Party Risk Management
Supply Chain SecurityOAuth Risk Management
Identity Governance
User Access ReviewsEmployee OffboardingSSO Onboarding
© {year}, Nudge Security
1401 Lavaca St, Suite 40219
Austin, TX  78701