The Centers for Medicare & Medicaid Services (CMS) Hybrid Cloud Team announces the following CMS Gold Image (GI) updates for November 2025:
November 2025 GI Updates
Instance Metadata Service Version 2 (IMDSv2) Required by Default
- All Amazon Web Services (AWS) GIs are now required with IMDSv2 by default to further increase the CMS security posture.
- Instance Metadata Service is an endpoint (169.254.169.254) that allows instances to retrieve information about themselves.
- IMDSv2 adds additional protections over IMDSv1.
- For more details about IMDSv2, including how to check if you are using IMDSv1, refer to this AWS Security Blog article.
-
Please note: Instances running Splunk Universal Forwarder versions before version 9.4.2 will report the usage of IMDSv1. Please upgrade your Splunk version to ensure that your application is not using IMDSv1 in other ways.
Gold Image Accessibility
CMS GI availability is based on each team's details in the Hybrid Cloud Customer Relationship Management Database (HC CRM DB), which will replace the Customer Automation and Management Platform (CAMP). If your team wants to request a new CMS GI, please open a Hybrid Cloud support ticket and contact your assigned Hosting Coordinator.
For more information about CMS GIs, please review the available Gold Image documentation.
Questions or Concerns
For questions or concerns, please contact your assigned Hosting Coordinator or submit a Hybrid Cloud support ticket.
|
