Each week, the CMS Cloud program provides a list of upcoming changes, maintenance windows, and updates to help customers build awareness and plan effectively and summarizes changes from the previous week.
This newsletter includes:
Completed change summary for the week of 12/11/2025
- 12/17/2025 - Azure Update Manager Patching - DEV/TEST/IMPL
- 12/17/2025 - Marketplace SSM Patching - DEV/TEST
- 12/17/2025 - Non-Marketplace SSM Patching - DEV/TEST/IMPL
- 12/17/2025 - Restart Production, Non-Prod and GovCloud HEC Servers
To learn details about previous changes please go to the News and Updates section on cloud.cms.gov. (Secure Access required)
For Patching and Gold Image release schedule please view: Patching and Gold Image Release Calendar - 2025
Reminder - December Patching for end of December has been moved up 1 day for the Holiday in Marketplace IMPL and Non-Marketplace Production environments.
12/20/2025 - Enterprise Testing Services Maintenance
Summary:
In order to keep up to date with the latest versions and security advisories, the CMS Hybrid Cloud team will be performing maintenance updates on Enterprise Testing tools.
Actions we are taking:
- Update Selenium Box Hub and Executors with the latest Amazon Linux 2023 Gold Image for CMS Cloud
- Enabling Secured Docker using TLS
When is this happening?
Start time: Saturday, 12/20/2025 at 9:00 a.m. ET
End time: Saturday, 12/20/2025 at 11:59 a.m. ET
Who will be impacted?
All AWS Commercial and GovCloud customers of Selenium Box.
What is the impact?
Customers should expect downtime for the service as instances are restarted within the maintenance window.
12/21/2025 - Upgrade Enterprise (OIT) Jira to version 10.3.15 in PROD
Summary:
The CMS Enterprise Agile Tools team will upgrade Enterprise Jira, which will be unavailable during the maintenance window outlined below.
Actions we are taking:
- Enterprise Jira will be upgraded from 10.3.12 to 10.3.15 version.
When is this happening?
Start Time: Sunday, Dec 21, 2025, at 5:00 a.m. ET
End Time: Sunday, Dec 21, 2025, at 12:00 p.m. ET
Who will be impacted?
All Enterprise Jira Users
What is the impact?
Enterprise Jira (https://jiraent.cms.gov/ will be unavailable.
Questions:
For general questions about the tool and this upgrade, please email CMS Agile Tools Support at AGILETOOLS@cms.hhs.gov
12/23/2025 - Azure Update Manager Patching - PROD
Summary:
As part of our normal patching, the CMS Hybrid Cloud team will apply the latest Windows and Linux patches on Tuesday, 12/23/2025 at 9:00 p.m. ET. The week's patches will impact the PROD environment for the affected MAG applications noted below.
Actions we are taking:
- MAG PROD
- MAG Linux & Windows Vulnerability Patching
When is this happening?
Start Time: Tuesday, 12/23/2025 at 9:00 p.m. ET
End Time: Wednesday, 12/24/2025 at 2:00 a.m. ET
Who will be impacted?
Subscription:
CMS.VDC-CCS.IUSG.SharedServices.001.AG
ScopeInfoTech-CM-HEDIS PLD-005
Resource Group with Reboot:
RG-SS-LDAP-PROXY-PROD
rg-splunk-prod
No Reboot:
RG-AZE-HEDISPLD-PROD
What is the impact?
Patches will be transmitted to the affected areas. For some customers, reboots may occur depending upon the tags applied.
12/23/2025 - Marketplace SSM Patching - IMPL
Summary:
As part of our normal patching, the CMS Hybrid Cloud team will apply the latest Windows and Linux patches on Tuesday, 12/23/2025 at 9:00 p.m. ET. The week's patches will impact the IMPL environment for the affected Marketplace applications noted below.
Actions we are taking:
- Marketplace IMPL
- SSM Linux & Windows Vulnerability Patching
When is this happening?
Start Time: Tuesday, 12/23/2025 at 9:00 p.m. ET
End Time: Wednesday, 12/24/2025 at 2:00 a.m. ET
Who will be impacted?
FFM_Opera, XES - CyberArk, VAMS, TWS, XES - XOC Tools, SERVIS, FFM_Shared_Services, FFM MLMS, XES - MSI Tech Lab, FFM_FM, FFM_TWS, XES - Service Virtualization
DSRS, FFM, FFM DSH, FFM EDI, FFM EFT, FFM ESDCU, MCR, FLH, OC Base- FLH, OC Base PET, FFM_MNPS, CMS Cloud - Advanced Monitoring
What is the impact?
Patches will be transmitted to the affected areas. For some customers, reboots may occur depending upon the tags applied.
12/23/2025 - Non-Marketplace PROD SSM Patching
Summary:
As part of our normal patching, the CMS Hybrid Cloud team will apply the latest Windows and Linux patches on Tuesday, 12/23/2025 at 9:00 p.m. ET. The week's patches will impact the PROD environment for the affected Non-Marketplace applications noted below.
Actions we are taking
- Non-Marketplace PROD
- SSM Linux & Windows Vulnerability Patching
When is this happening?
Start Time: Tuesday, 12/23/2025 at 9:00 p.m. ET
End Time: Wednesday, 12/24/2025 at 2:00 a.m ET
Who will be impacted?
DAR, FFSDCS, RASS, OC Base- eLDAP, SC CLIA, NTP LMS, Spott MACBIS, MDP, OC Base- WNMG, NEIL/HRES, OC Base- EWST, MacFin, eAPD Hi-C, OC Base- CMS Cloud Legacy, OC Base- DevSecOps SecDevOps, iServ, MDP, PECOS2.0, SEI, OC Base- PWSS, TRA, CMS ARTS, MCIM, RAD Analysis Tools, MCIM, Perm, CMS Cloud - CRE, CMS Cloud - Enterprise Agile Tools, CMS Cloud tamer, CMS Cloud - CARD, CMS Cloud - ECS Fargate, CMS Cloud - Direct Connect, CMS Cloud - Jfrog SonarCube, CMS Cloud - DNS Prod, CMS Cloud - SRE, CMS Cloud - Governance 2.0, MEOWx, CMS Cloud - CloudBees Jenkins, CMS Cloud - CET, CMS Cloud - DevSecOps, CMS Cloud - Utilities, CMS Cloud - Testrail, CMS Cloud - CircleCI, CMS Cloud - Sam GSS Security GovCloud, SWIFT, AWS HEIDI, MDX, MSPSC
Reboot - CENo reboot - MEPBS, EACMS, MacPro, PS&R, RDS, OC Base- APIM GEO, 1115 PMDA, CMS Cloud - Governance 2.0, CMS Cloud - QuickDNS, CMS Cloud - CMSNet, CMS Cloud - CCG Web Content, CMS Cloud - Network Arch, CMS Cloud - VPC Automation, CMS Cloud - Security Team, CMS Cloud - CCG Web Content, CMS Cloud Temporal, CMS Cloud - Splunk, CMS Cloud - CET, AWS GSS Security GC, occonfluence, ocjira, miniorange, ocsonarqube, MTF-PM, NDW, MacFin, MTF-DM
What is the impact?
Patches will be transmitted to the affected areas. For some customers, reboots may occur depending upon the tags applied.
Need help? We are here to support you.
If you have any questions, don't hesitate to reach out to your assigned Hosting Coordinator. CMS IT Support can be reached via cloudsupport@cms.hhs.gov, or call (800) 562-1963, and is documented here at Support Page on cloud.cms.gov.
Reminder - Open Enrollment (OE13) - Moratorium
Summary:
To help ensure that we maintain good system performance and stability during CMS Healthcare Open Enrollment, an annual Moratorium period has been established to shift the scheduling of production changes into designated weekly maintenance windows which occurs on most Sundays.
Key Dates: (click to download the OE13 schedule and key dates file)
Start time: Wednesday, October 1st 2025 at 12:00 AM
End time: Friday, January 16th 2026 at 5:00 AM
November 1 – First Day of Open Enrollment (Saturday)
December 21, 28 – Available Maintenance Window (Sunday 12:00 AM – 12:00 PM)
January 4 – Available Maintenance Window (Sunday 12:00 AM – 12:00 PM)
- Production patching for the December (Echo) cycle applies to zero-downtime components of Marketplace systems under the moratorium, and to all Marketplace systems not subject to the moratorium.
- Production components that do not support zero-downtime patching must not be patched during this window
January 10 - 16 – High Volume/Maintenance Period – No Maintenance (Before the deadline for 2/1/2026 coverage which ends on 1/16/2026, 5:00 AM when OE Ends for the FFE due to Alaska/Hawaii Extension)
- No planned down-time – all Marketplace systems should be available
- No infrastructure changes should be implemented
- All the Security Scans should be paused 1/13/2026, 8:00 PM – 1/16/2026, 8:00 PM.
Who will be impacted:
Any Hybrid Cloud IT Operations team planning to make a change to a system supporting the CMS Healthcare Marketplace either directly or indirectly.
All Marketplace systems not subject to this moratorium guidance should continue to deploy Operating Systems patches during Open Enrollment. This includes:
- All patching cycles during Open Enrollment.
- Utilizing the CMS Hybrid Cloud managed patching service through AWS Systems Manager (SSM).
- If not subject to patching, the ADO will have to untag the instance as automation is not disabled.
|