Each week, the CMS Cloud program provides a list of upcoming changes, maintenance windows, and updates to help customers build awareness and plan effectively and summarizes changes from the previous week.
This newsletter includes:
Completed change summary for the week of 10/16/2025
- 10/19/2025 - Restart Production, Non-Prod and GovCloud HEC Servers
- 10/19/2025 - Splunk Manual OS Patching
- 10/19/2025 - AWS GovCloud OIT Backups Policy and Backup Plan Deployment
- 10/19/2025 - Upgrade Enterprise (OIT) Jira to version 10.3.12 in PROD
- 10/19/2025 - Update the AWS Application Load Balancer (ALB) idle connection timeout setting.
- 10/19/2025 - Update Web Certificate on Splunk Non Prod HEC, DRaaS SH Load Balancers
- 10/22/2025 - Azure Update Manager Patching - DEV/TEST/IMPL
- 10/22/2025 - Non-Marketplace SSM Patching - DEV/TEST/IMPL
- 10/22/2025 - Marketplace SSM Patching - DEV/TEST
To learn details about previous changes please go to the News and Updates section on cloud.cms.gov. (Secure Access required)
For Patching and Gold Image release schedule please view: Patching and Gold Image Release Calendar - 2025
10/23/2025 - Restart Production, Non-Prod and GovCloud HEC Servers
Summary:
The CMS Hybrid Cloud Splunk team will perform a rolling restart of the HEC Splunk Services. This will be performed weekly as part of Open Enrollment activities.
Actions we are taking:
- Restarting the Prod and Non-Prod HEC Forwarders
When is this happening?
Start Time: Thursday, 10/23/2025 at 8:00 p.m. ET
End Time: Thursday, 10/23/2025 at 11:00 p.m. ET
Who will be impacted?
MITG and MSI
What is the impact?
This change has low impact. We have 45 prod HEC services and 18 Non-Prod and we only restart 5 at a time. The majority of load balanced HEC servers will be available as the restarts progress and they have sufficient capacity to handle all ingest streams.
10/29/2025 - Azure Update Manager Patching - PROD
Summary:
As part of our normal patching, the CMS Hybrid Cloud team will apply the latest Windows and Linux patches on Wednesday, 10/29/2025 at 9:00 p.m. ET. The week's patches will impact the PROD environment for the affected MAG applications noted below.
Actions we are taking:
- MAG PROD
- MAG Linux & Windows Vulnerability Patching
When is this happening?
Start Time: Wednesday, 10/29/2025 at 9:00 p.m. ET
End Time: Thursday, 10/30/2025 at 2:00 a.m. ET
Who will be impacted?
RG-SS-LDAP-PROXY-PROD, rg-splunk-prod
What is the impact?
Patches will be transmitted to the affected areas. For some customers, reboots may occur depending upon the tags applied.
10/29/2025 - Marketplace SSM Patching - IMPL
Summary:
As part of our normal patching, the CMS Hybrid Cloud team will apply the latest Windows and Linux patches on Wednesday, 10/29/2025 at 9:00 p.m. ET. The week's patches will impact the IMPL environment for the affected Marketplace applications noted below.
Actions we are taking:
- Marketplace IMPL
- SSM Linux & Windows Vulnerability Patching
When is this happening?
Start Time: Wednesday, 10/29/2025 at 9:00 p.m. ET
End Time: Thursday, 10/30/2025 at 2:00 a.m. ET
Who will be impacted?
FFM_Opera, XES - CyberArk, OCEAN, VAMS, TWS, XES - XOC Tools, SERVIS, FFM_Shared_Services, FFM MLMS, XES - MSI Tech Lab, FFM_FM, FFM_TWS, FFM_PM, XES - Service Virtualization
DSRS, FFM, FFM DSH, FFM EDI, FFM EFT, FFM ESDCU, MCR, FLH, OC Base- FLH, OC Base PET, FFM_MNPS, CMS Cloud - Advanced Monitoring
What is the impact?
Patches will be transmitted to the affected areas. For some customers, reboots may occur depending upon the tags applied.
|
10/29/2025 - Non-Marketplace PROD SSM Patching
Summary:
As part of our normal patching, the CMS Hybrid Cloud team will apply the latest Windows and Linux patches on Wednesday, 10/29/2025 at 9:00 p.m. ET. The week's patches will impact the PROD environment for the affected Non-Marketplace applications noted below.
Actions we are taking:
- Non-Marketplace PROD
- SSM Linux & Windows Vulnerability Patching
When is this happening?
Start Time: Wednesday, 10/29/2025 at 9:00 p.m. ET
End Time: Thursday, 10/30/2025 at 2:00 a.m ET
Who will be impacted?
Reboot - CEDAR, FFSDCS, RASS, OC Base- eLDAP, SC CLIA, NTP LMS, Spott MACBIS, MDP, OC Base- WNMG, NEIL/HRES, OC Base- EWST, MacFin, eAPD Hi-C, OC Base- CMS Cloud Legacy, OC Base- DevSecOps SecDevOps, iServ, MDP, PECOS2.0, SEI, OC Base- PWSS, TRA, CMS ARTS, MCIM, RAD Analysis Tools, MCIM, Perm, CMS Cloud - CRE, CMS Cloud - Enterprise Agile Tools, CMS Cloud tamer, CMS Cloud - CARD, CMS Cloud - ECS Fargate, CMS Cloud - Direct Connect, CMS Cloud - Jfrog SonarCube, CMS Cloud - DNS Prod, CMS Cloud - SRE, CMS Cloud - Governance 2.0, MEOWx, CMS Cloud - CloudBees Jenkins, CMS Cloud - CET, CMS Cloud - DevSecOps, CMS Cloud - Utilities, CMS Cloud - Testrail, CMS Cloud - CircleCI, CMS Cloud - Sam GSS Security GovCloud, SWIFT, AWS HEIDI, MDX, MSPSC
No reboot - MEPBS, EACMS, MacPro, PS&R, RDS, OC Base- APIM GEO, 1115 PMDA, CMS Cloud - Governance 2.0, CMS Cloud - QuickDNS, CMS Cloud - CMSNet, CMS Cloud - CCG Web Content, CMS Cloud - Network Arch, CMS Cloud - VPC Automation, CMS Cloud - Security Team, CMS Cloud - CCG Web Content, CMS Cloud Temporal, CMS Cloud - Splunk, CMS Cloud - CET, AWS GSS Security GC, occonfluence, ocjira, miniorange, ocsonarqube, MTF-PM, NDW, MacFin, MTF-DM
What is the impact?
Patches will be transmitted to the affected areas. For some customers, reboots may occur depending upon the tags applied
Need help? We are here to support you.
If you have any questions, don't hesitate to reach out to your assigned Hosting Coordinator. CMS IT Support can be reached via cloudsupport@cms.hhs.gov, or call (800) 562-1963, and is documented here at Support Page on cloud.cms.gov.
Reminder - Open Enrollment (OE13) - Moratorium
Summary:
To help ensure that we maintain good system performance and stability during CMS Healthcare Open Enrollment, an annual Moratorium period has been established to shift the scheduling of production changes into designated weekly maintenance windows which occurs on most Sundays.
Key Dates: (click to download the OE13 schedule and key dates file)
Start time: Wednesday, October 1st 2025 at 12:00 AM
End time: Friday, January 16th 2026 at 5:00 AM
October 1 - Start of Moratorium
October 5, 12, 19 – Available Maintenance Window (Sunday, 12:00 AM – 12:00 PM)
- October 5 was the Production patching date for the September (Delta) patching cycle - this will be the last patching prior to OE for 2026.
- October 24 is also planned FFE Pre OE October release code deployment at midnight.
October 25, 26 – Non-Maintenance Weekend
- No planned down-time – all Marketplace systems should be available
- No infrastructure changes should be implemented
- ALL the Security Scans should be paused 10/30/2025, 8:00 PM – 11/2/2025, 8:00 PM
Who will be impacted:
Any Hybrid Cloud IT Operations team planning to make a change to a system supporting the CMS Healthcare Marketplace either directly or indirectly.
All Marketplace systems not subject to this moratorium guidance should continue to deploy Operating Systems patches during Open Enrollment. This includes:
- All patching cycles during Open Enrollment.
- Utilizing the CMS Hybrid Cloud managed patching service through AWS Systems Manager (SSM).
- If not subject to patching, the ADO will have to untag the instance as automation is not disabled.
|