First deep ControlFrame module

CMS EDE evidence infrastructure, not a demo shortcut.

ControlFrame CMS EDE helps EDE entities, web-brokers, issuers, and implementation partners turn CMS source requirements, private-runner collection, security artifacts, and reviewer decisions into one audit-readiness package path.

Open MarketLink command centerConfigure another CMS EDE project
Evidence chain

CMS source row

Application UI, Eligibility Results, Partner Test Case Suite, API FIT, Communications, EDN, identity, onboarding, and security references stay native.

Private runner job

Browser, API, document, and scanner collection runs inside the customer or operator boundary with scoped target access.

Mapped artifact

Screenshots, text extracts, JSON payloads, checksums, and sidecars are attached to source IDs instead of floating in folders.

Review gate

Redaction, blocker triage, sufficiency review, and export approval happen before evidence enters an auditor package.

Private boundary

Collect regulated evidence without turning raw systems into another SaaS integration surface.

The web app remains the control plane. The runner executes inside the customer or operator environment, where target URLs, personas, CMS endpoints, MFA, certificates, and raw artifacts can be controlled.

Secrets stay local

Runner manifests describe required inputs and allowed commands without storing credentials, tokens, mTLS keys, or MFA details.

Every artifact is hashed

Screenshots, JSON, text extracts, source maps, and exports keep checksum and review metadata attached.

Durable runner jobs

Jobs are queued, claimed, heartbeated, finalized, and visible to operators before package release.

Audit-readiness language

ControlFrame organizes evidence and packages. Final audit decisions remain with the auditor and CMS process.

Implementation path

From scope to package without hiding blockers.

Step 1

Confirm entity, application, markets, environments, and EDE scope.

Step 2

Bind target URLs, personas, CMS UAT/API access, and approved collection windows.

Step 3

Run preflight against source rows, credentials, target boundaries, and blockers.

Step 4

Collect evidence through the private runner or approved manual/connector intake.

Step 5

Review, redact, approve, and package only source-mapped artifacts.