Aquia Inc. Awarded Subcontract from Noblis on Centers for Medicare and Medicaid Services (CMS) SaaS Governance Initiative
The veteran-owned small business will help develop and manage CMS's first-ever SaaS Governance Program
MILLSBORO, Del., Dec. 6, 2022 -- Aquia Inc., a Service-Disabled Veteran-Owned Small Business specializing in cloud and cybersecurity professional services, today announced that it has been awarded a subcontract from Noblis to support its four-year contract with the Centers for Medicare and Medicaid Services for the Office of Information Technology Program Project Management Support. Under the contract, Noblis will provide program and contract oversight as well as technical and programmatic support.
As a subcontractor, Aquia will work alongside Noblis to help create CMS's first-ever software-as-a-service (SaaS) governance program and assess third-party SaaS applications' security risks using a federated review process.
"By leveraging our innovative industry-leading Software Bill of Materials ingestion Application Programming Interface, we can continuously monitor relevant components of CMS' evolving third-party SaaS applications," said Chris Hughes, chief information security officer and co-founder at Aquia Inc. "We can also evaluate the applications against CMS's risk tolerance and bolster the agency's software supply chain security efforts to align with the Cybersecurity Executive Order."
Under this agreement, Noblis and Aquia will:
Automate the ability to inventory and track SaaS application usage across the CMS enterprise, and support the effort to obtain a comprehensive SaaS inventory and expose unknown SaaS usage.
Develop and implement policies and procedures that establish a framework for business owners to request SaaS services for use and for the Office of Information Technology (OIT) to evaluate them. Aquia and Noblis will also help business owners within CMS and the OIT partner to evaluate the risks posed by new SaaS consumption.
Identify and manage mechanisms to continuously monitor the SaaS applications in the environment and ensure compliance with agency and government guidelines. In addition, the company will work to help prevent misconfigurations or vulnerabilities that could place data and systems at risk.
This award builds on Aquia's cybersecurity and application security support for CMS through its Noblis subcontract announced in December 2021.
CMS is the largest agency in the federal government by expenditure and is responsible for the personally identifiable and personal health information of more than 177 million people in the United States.
About Aquia Inc.
Aquia Inc. is a Service-Disabled Veteran-Owned Small Business committed to Securing the Digital Transformation. Aquia is a developer-centric company founded in 2021 by military veterans with a passion for the intersection of security/velocity and decades of experience driving transformational change across public sector, enterprise, and top-tier technology companies. At Aquia, we value trust, accountability, transparency, and diversity; and we've built these tenants into the DNA of our company. For more information, visit www.aquia.us.
Press contact:
Ashling Knight
ashling.knight@aquia.us
###