Each week, the CMS Cloud program provides a list of upcoming changes, maintenance windows, and updates to help customers build awareness and plan effectively and summarizes changes from the previous week.
This newsletter includes:
Completed change summary for the week of 10/2/2025
- Completed change summary for the week of 10/2/2025
- 10/04/2025 - Enterprise Testing Services Maintenance
- 10/05/2025 - Marketplace SSM patching - PROD
- 10/05/2025 - Restart Production, Non-Prod and GovCloud HEC Servers
- Enterprise Jira, Enterprise Confluence, and Enterprise GitHub Login Is Moving to CMS IDM (Okta
To learn details about previous changes please go to the News and Updates section on cloud.cms.gov. (Secure Access required)
For Patching and Gold Image release schedule please view: Patching and Gold Image Release Calendar - 2025
10/12/2025 - CMS Hybrid Cloud Azure Backup Policy Deployment
Summary:
The CMS Hybrid Cloud Team will deploy a new default set of backup policies and recovery vault in your Azure subscription. The new service will improve the backup and restore services to CMS Hybrid Cloud customers. The new default backup policies will be deployed automatically on Sunday, October 12, 2025. Your Technical Advisor will schedule time to deep dive and review individual application needs. These sessions will provide the necessary information to support this improvement, which includes implementing Azure Backup. This service is provided at no cost unless customers actively use it. This new service ensures all necessary resources are backed up consistently, reliably, and according to all security controls governing CMS Hybrid Cloud.
Actions we are taking:
- Implemented a new set of policies and tools for performing operational backups.
- Deploy a new default set of backup policies and recovery vault in your Azure subscription.
When is this happening?
Start Time: Sunday, 10/12/2025 at 12:00 AM ET
End Time: Sunday, 10/12/2025 at 11:58 PM. ET
Who will be impacted?
The new Azure Backup policies will impact all CMS Azure Cloud customers. We strongly encourage all customers to review the Azure Backup Default Policies page that documents backup requirements based on Acceptable Risk Safeguards (ARS) security controls. Additionally, the following governance documentation is available on cloud.cms.gov (CCG):
What is the impact?
This change affects all Azure Government accounts. No downtime is expected during this implementation, as these settings can be applied dynamically without interrupting ongoing data protection operations.
10/12/2025 - Restart Production, Non-Prod and GovCloud HEC Servers
Summary:
The CMS Hybrid Cloud Splunk team will perform a rolling restart of the HEC Splunk Services. This will be performed weekly as part of Open Enrollment activities.
Actions we are taking:
- Restarting the Prod and Non-Prod HEC Forwarders.
When is this happening?
Start Time: Sunday, 10/12/2025 at 8:00 a.m. ET
End Time: Sunday, 10/12/2025 at 11:00 a.m. ET
Who will be impacted?
MITG and MSI
What is the impact?
This change has low impact. We have 45 prod HEC services and 18 Non-Prod and we only restart 5 at a time. The majority of load balanced HEC servers will be available as the restarts progress and they have sufficient capacity to handle all ingest streams.
10/12/2025 - Implementing Splunk assessment recommendations - Cascading bundle replication on MAG
Summary:
The CMS Hybrid Cloud Splunk team will be adding the cascading bundle replication on MAG Splunk indexer cluster-manager as recommended.
Actions we are taking:
When is this happening?
Start Time: Sunday, 10/12/2025 at 8:00 AM ET
End Time: Sunday, 10/12/2025 at 10:00 AM. ET
Who will be impacted?
MITG and MSI
What is the impact?
Users will experience latency or have to re-run queries during rolling restart.
10/12/2025 - Update AWS certificates on Splunk-DC Search Head Load Balancers
Summary:
The CMS Hybrid Cloud Splunk team will be updating the SSL certificate for itsi.search-core.splunkdc.internal.cms.gov, itsi.search-draas.splunkdc.internal.cms.gov, search-core.splunkdc.internal.cms.gov, search-draas.splunkdc.internal.cms.gov.
Actions we are taking:
- Updating the SSL Certificates on our load balancers.
When is this happening?
Start Time: Sunday, 10/12/2025 at 9:00 a.m. ET
End Time: Sunday, 10/12/2025 at 12:00 p.m. ET
Who will be impacted?
MITG and MSI
What is the impact?
This change has low impact. This is a change on the backend before the current certifications expire and won't be visible to customers.
10/12/2025 - Update Web Certificate on Splunk Core, DRaaS SH, Splunk ITSI Search Head Load Balancers
Summary:
The CMS Hybrid Cloud Splunk team will be updating the SSL certificate for itsi.cloud.cms.gov, draas-itsi.cloud.cms.gov, splunk.cloud.cms.gov.
Actions we are taking:
- Updating the SSL Certificates on our load balancers.
When is this happening?
Start Time: Sunday, 10/12/2025 at 9:00 a.m. ET
End Time: Sunday, 10/12/2025 at 12:00 p.m. ET
Who will be impacted?
MITG and MSI
What is the impact?
This change has low impact. This is a change on the backend before the current certifications expire and won't be visible to customers.
Enterprise Jira, Enterprise Confluence, and Enterprise GitHub Login move to CMS IDM (Okta)
Summary:
CMS transitioned the login authentication for Enterprise Jira, Enterprise Confluence, and Enterprise GitHub from Mini Orange to the CMS Identity Management (IDM) platform, powered by Okta, on October 3rd, 2025. This transition was part of our effort to provide you with a more secure and streamlined login experience.
What To Expect:
- Same access, now with fewer login interruptions.
- Support for PIV authentication.
- No impact to your data – tickets, dashboards, filters, comments, and permissions remain unchanged.
Action:
When:
The new login experience went into effect October 3rd, 2025.
Need Help?
If you experience login issues after the switch, contact our support team via:
We look forward to providing you with an improved authentication experience.
Need help? We are here to support you.
If you have any questions, don't hesitate to reach out to your assigned Hosting Coordinator. CMS IT Support can be reached via cloudsupport@cms.hhs.gov, or call (800) 562-1963, and is documented here at Support Page on cloud.cms.gov.
Reminder - Open Enrollment (OE13) - Moratorium
Summary:
To help ensure that we maintain good system performance and stability during CMS Healthcare Open Enrollment, an annual Moratorium period has been established to shift the scheduling of production changes into designated weekly maintenance windows which occurs on most Sundays.
Key Dates: (click to download the OE13 schedule and key dates file)
Start time: Wednesday, October 1st 2025 at 12:00 AM
End time: Friday, January 16th 2026 at 5:00 AM
October 1 - Start of Moratorium
October 5, 12, 19 – Available Maintenance Window (Sunday, 12:00 AM – 12:00 PM)
- October 5 was the Production patching date for the September (Delta) patching cycle - this will be the last patching prior to OE for 2026.
- October 24 is also planned FFE Pre OE October release code deployment at midnight.
October 25, 26 – Non-Maintenance Weekend
- No planned down-time – all Marketplace systems should be available
- No infrastructure changes should be implemented
- ALL the Security Scans should be paused 10/30/2025, 8:00 PM – 11/2/2025, 8:00 PM
Who will be impacted:
Any Hybrid Cloud IT Operations team planning to make a change to a system supporting the CMS Healthcare Marketplace either directly or indirectly.
All Marketplace systems not subject to this moratorium guidance should continue to deploy Operating Systems patches during Open Enrollment. This includes:
- All patching cycles during Open Enrollment.
- Utilizing the CMS Hybrid Cloud managed patching service through AWS Systems Manager (SSM).
- If not subject to patching, the ADO will have to untag the instance as automation is not disabled.
|