SW
Command center
Private runner setup
CMS EDErun builderaudit-readiness onlyprivate-runtime boundaryconfiguredWeek of 2026-04-27

Configure MarketLink CMS EDE runs

Configure MarketLink access, validate CMS-native mappings, launch browser/API collectors from the approved runtime boundary, review generated artifacts, and package only after auditor gates are clear. This is the operator workspace for real CMS EDE evidence collection.

Control plane plus private runner

ControlFrame should not be the public SaaS reaching into internal apps. The web app plans and reviews; the private runner executes inside the organization or trusted operator workstation where URLs, credentials, browser state, CMS UAT, and API endpoints are available.

Audit state
Collection is blocked before export

61% preflight readiness, 2 blocked package gates, 2 review gates, and 24 credential/runtime blockers.

Preflight
61%
blocked
Ready tests
3
30 scenarios total
Blocked
24
credentials/runtime/data
Source rows
13%
148/1155 mapped
Evidence
1
87 artifacts latest
Review launch blockersEvidence Vault
Preflight score
61%

3 blocked / 2 review checks

Runnable scenarios
3

30 total CMS EDE scenarios

Credential blockers
24

CMS UAT, IDM, Okta, API, or manual dependencies

Placeholders
3

Visible scope, not evidence yet

Native IDs
201

292 capture mappings

Evidence runs
1

87 artifacts in latest run

Package gate
blocked

2 blocked / 2 review

CMS EDE run builder

Configure the target, bind access, choose the test scope, and run it.

1
ready
1
selected
65%
score
Target
https://uat-marketlink.helpline.com
Access
0/1 roles
Scope
MarketLink 3.C
Launch
ready for dry-run
CMS EDE run workbench
one-click suite executionclient workspace scoped

Run all, rerun one suite, or collect auditor evidence only for the test that needs it.

The dashboard separates source coverage from executable automation so assessors can see UI, eligibility, API, and package lanes without confusing current runnable tests with rows that still need generated collectors, credentials, or manual evidence.

1155
source rows
148
covered
3
ready
24
blocked

Entire CMS EDE program

partial

All registered CMS EDE source-backed browser, API, document, configuration, and manual evidence lanes.

browser-flowapimanual-uploadconfigurationdocument
13%148/1155
1007 unmapped
3
ready
24
blocked
3
future
6 failing
87 artifact(s) in latest run

Eligibility Results Toolkit / MarketLink 3.C field-level script

ready

Phase 3 PY2026 Eligibility Results Toolkit Test Case 3.C against /admin/application-preview.

browser-flowapi
100%38/38
0 unmapped
1
ready
0
blocked
0
future
6 failing
87 artifact(s) in latest run

Application UI Toolkit

partial

Application UI Toolkit UI Questions Item #1-#302, including conditional branches, required text, disclosures, inputs, dropdowns, and applicationAnswers mappings.

browser-flowapi
19%73/380
307 unmapped
3
ready
1
blocked
0
future
6 failing
87 artifact(s) in latest run

Eligibility Results Toolkit

partial

Eligibility Results Toolkit Phase 3 test case IDs, determination payloads, plan eligibility, APTC/CSR, Medicaid/CHIP, and SEP outcomes.

browser-flowapi
13%3/23
20 unmapped
0
ready
11
blocked
0
future
6 failing
87 artifact(s) in latest run

Partner Test Case Suite

partial

CMS EDE Partner Test Case Suite IDs and Test Case Suite User Guide execution evidence.

browser-flowapimanual-upload
4%9/241
232 unmapped
0
ready
7
blocked
0
future
6 failing
87 artifact(s) in latest run

API Functional Integration Toolkit

partial

API Functional Integration Toolkit IDs, EDE API Companion Guide operations, and FFM Hub integration controls.

apiconfigurationdocument
15%33/214
181 unmapped
0
ready
1
blocked
0
future
6 failing
87 artifact(s) in latest run

Communications Toolkit

partial

Communications Toolkit requirement numbers, standardized disclaimers, legal notices, language assistance, and consumer-facing content.

browser-flowdocument
24%12/49
37 unmapped
0
ready
2
blocked
0
future
6 failing
87 artifact(s) in latest run

Eligibility Determination Notices

partial

Eligibility Determination Notice generation, content, language, distribution, archive, and metadata evidence.

browser-flowapidocument
24%12/49
37 unmapped
0
ready
1
blocked
0
future
6 failing
87 artifact(s) in latest run

Identity Proofing

blocked

Year 9 RIDP-RBA / GetRecord requirements, NIST SP 800-63-3 identity assurance, and acceptable documentation paths.

browser-flowapiconfigurationdocument
0%0/182
182 unmapped
0
ready
1
blocked
0
future
6 failing
87 artifact(s) in latest run

Registration and Onboarding

partial

Agent/broker registration, onboarding, pending approval, MFA setup, authorization gates, and role-specific access.

browser-flowconfiguration
100%1/1
0 unmapped
0
ready
0
blocked
1
future
6 failing
87 artifact(s) in latest run

Security Controls - ARC-AMPE / MARS-E

partial

ARC-AMPE, MARS-E 2.2, NIST SP 800-53 Rev. 5, SSPP, SAR, POA&M, ISA, and privacy/security controls.

documentconfigurationapimanual-upload
27%18/66
48 unmapped
0
ready
0
blocked
2
future
6 failing
87 artifact(s) in latest run
Source matrix gap stays visible

Current full matrix coverage is 148 of 1155 source rows. One-click execution can run every runnable collector today, but full auditor coverage requires generating the remaining toolkit-specific collectors and binding CMS UAT/API access.

Assessor workflow
run tests
dry-run or validation
fix failures
targeted reruns
evidence
strict collection
Toolkit test matrix
UI and eligibility visibleindividual test control

See every registered CMS EDE test by toolkit, then dry-run one test or collect evidence for the whole suite.

This is the operator view for Application UI, Eligibility Results, API FIT, Partner, Communications, EDN, identity, registration, and security lanes. Rows marked blocked stay visible so assessors can see what is missing without silently losing scope.

30
visible
3
ready
1
selected
Application UI Toolkit
application-ui-toolkit
3 ready1 blocked0 future
UI-001Broker application details and address source rowsready-to-run
cms-ede-ui-broker-application-details
broker
24 native IDs
not run
UI-001Agent application details and address source rowsready-to-run
cms-ede-ui-agent-application-details
agent
24 native IDs
not run
UI-002Broker household composition and no-home-address branchready-to-run
cms-ede-ui-broker-household-composition
broker
62 native IDs
not run
UI-241Medicaid-specific absent parent questionblocked
cms-ede-ui-absent-parent-medicaid-specific
consumer
1 native IDs
not run
Eligibility Results Toolkit
eligibility-results-toolkit
0 ready11 blocked0 future
EL-003APTC / CSR eligibility result display (rollup)blocked
cms-ede-eligibility-aptc-csr
consumer
10 native IDs
not run
EL-3.AEligibility Results Toolkit Test Case 3.Ablocked
cms-ede-eligibility-test-case-3a
consumer
1 native IDs
not run
EL-3.A.2Eligibility Results Toolkit Test Case 3.A.2blocked
cms-ede-eligibility-test-case-3a2
consumer
1 native IDs
not run
EL-3.CEligibility Results Toolkit Test Case 3.Cblocked
cms-ede-eligibility-test-case-3c
consumer
1 native IDs
not run
EL-3.DEligibility Results Toolkit Test Case 3.Dblocked
cms-ede-eligibility-test-case-3d
consumer
1 native IDs
not run
EL-3.EEligibility Results Toolkit Test Case 3.Eblocked
cms-ede-eligibility-test-case-3e
consumer
1 native IDs
not run
EL-3.FEligibility Results Toolkit Test Case 3.Fblocked
cms-ede-eligibility-test-case-3f
consumer
1 native IDs
not run
EL-3.GEligibility Results Toolkit Test Case 3.Gblocked
cms-ede-eligibility-test-case-3g
consumer
1 native IDs
not run
EL-3.HEligibility Results Toolkit Test Case 3.Hblocked
cms-ede-eligibility-test-case-3h
consumer
1 native IDs
not run
EL-3.IEligibility Results Toolkit Test Case 3.Iblocked
cms-ede-eligibility-test-case-3i
consumer
1 native IDs
not run
EL-3.JEligibility Results Toolkit Test Case 3.Jblocked
cms-ede-eligibility-test-case-3j
agent
1 native IDs
not run
Partner Test Case Suite
partner-test-case-suite
0 ready7 blocked0 future
PTCS-P3Partner Test Case Suite Phase 3 UAT core cases (rollup)blocked
cms-ede-partner-phase3-uat-core-cases
broker
6 native IDs
not run
PTCS-3.A-3.BPartner Test Case Suite Test Case 3.A/3.Bblocked
cms-ede-partner-test-case-3a-3b
broker
1 native IDs
not run
PTCS-3.CPartner Test Case Suite Test Case 3.Cblocked
cms-ede-partner-test-case-3c
broker
1 native IDs
not run
PTCS-3.EPartner Test Case Suite Test Case 3.Eblocked
cms-ede-partner-test-case-3e
broker
1 native IDs
not run
PTCS-3.FPartner Test Case Suite Test Case 3.Fblocked
cms-ede-partner-test-case-3f
broker
1 native IDs
not run
PTCS-3.GPartner Test Case Suite Test Case 3.Gblocked
cms-ede-partner-test-case-3g
broker
1 native IDs
not run
PTCS-3.HPartner Test Case Suite Test Case 3.Hblocked
cms-ede-partner-test-case-3h
broker
1 native IDs
not run
API Functional Integration Toolkit
api-functional-integration-toolkit
0 ready1 blocked0 future
FIT-F001API FIT F001 initial FA application with no SVI or DMIblocked
cms-ede-api-fit-f001-initial-fa
consumer
17 native IDs
not run
Communications Toolkit
communications-toolkit
0 ready2 blocked0 future
CMP-001Application submission, DMI, and required communicationsblocked
cms-ede-comms-application-submission-dmi
consumer
5 native IDs
not run
CMP-003Document upload, DMI/SVI, dashboard, and notice communicationsblocked
cms-ede-comms-document-upload-notices
consumer
7 native IDs
not run
Eligibility Determination Notices
edn-notices
0 ready1 blocked0 future
EDN-001EDN Notice Retrieval and Metadata Search accessblocked
cms-ede-edn-notice-retrieval-metadata-search
consumer
11 native IDs
not run
Identity Proofing
identity-proofing
0 ready1 blocked0 future
IDP-RIDP-FARSRIDP/RBA identity proofing and FARS fallbackblocked
cms-ede-identity-ridp-fars
consumer
31 native IDs
not run
Registration and Onboarding
registration-onboarding
0 ready0 blocked1 future
REG-ONBOARDINGRegistration, onboarding, and operational readiness artifactsplaceholder
cms-ede-registration-onboarding-readiness
platform-admin
15 native IDs
not run
Security Controls - ARC-AMPE / MARS-E
security-arc-ampe
0 ready0 blocked2 future
ARC-AMPE-PACKAGEARC-AMPE assessment package and security artifactsplaceholder
cms-ede-security-arc-ampe-assessment-package
platform-admin
29 native IDs
not run
MARS-E-AC-02Security account management evidence slotplaceholder
cms-ede-security-ac02-account-management
platform-admin
1 native IDs
not run
1 / target

Project and target application

Quick targets
2 / auditor script

Choose the collection adapter

3 / access

Runtime access and CMS endpoints

Broker
needed

Assisted application, plan, consent, and submission flows.

Agent
needed

Agent-assisted application and onboarding-adjacent flows.

Consumer
needed

Eligibility, notices, EDN, identity, and dashboard flows.

Agency admin
needed

Role, reporting, and agency administration evidence.

Platform admin
needed

Security, onboarding, and configuration evidence slots.

4 / scope

Select tests, suites, or full CMS EDE

Test Case 3.C full application-preview wizard

This adapter executes one source-anchored auditor script end to end: it logs in as the platform-admin demo account, starts from a blank answer state, fills the 3.C workbook inputs in forward order, traverses all 41 steps, and fails any mapped workbook field that is missing from the UI or final answer state.

strict field-level evidence
3.C
script
41
steps
38
trace rows
real UI
mode
Source workbook: docs/CMS-docs/Additional-docs/EDE_Eligibility_Results_Toolkit_Phase 3_PY2026_V3.xlsx
5 / launch

Launch validation, dry-run, or evidence collection

MarketLink 3.C application preview
https://uat-marketlink.helpline.com
65% ready
1
runnable
0
blocked
0/1
roles
0
endpoints
Run monitor ready
waiting

Choose validate, dry-run, or collect evidence. The monitor will show the active phase, progress, and the latest runner events while the request is executing.

--
no active run
Request accepted
pending
Preflight
pending
Source mapping
pending
Collector execution
pending
Ledger write
pending
Review handoff
pending
Live event feed

Events will appear here immediately after a run starts.

real application architecture

Run the CMS EDE module where the target can actually be reached

ControlFrame does not need source-code access for the normal evidence run. It needs authorized runtime access: target URLs, browser login personas, approved MFA/session handling, CMS UAT or toolkit endpoints, and API routes that the collector can observe or call from inside the customer boundary.

external URL alone is rarely enough
External URL
Smoke tests and hosted QA

Works only when the target app, auth, and CMS test endpoints are reachable from the runner boundary.

Desktop / field runner
Consultant-led CMS EDE runs

Operator-led Playwright/API collection on a trusted workstation with local evidence review before export.

On-prem or private cloud
Production audit readiness

A customer-controlled VM/container runner reaches internal URLs, vaults, IDM, Okta, CMS UAT, and APIs.

Air-gapped package transfer
High-control evidence rooms

Raw evidence remains local; reviewed, hashed, redacted packages move through a signed export path.

CMS source contract

Every run starts with CMS-native authority, not ControlFrame IDs

The collector validates the Year 9 source contract before collection. Evidence must map back to CMS toolkit documents, native framework identifiers, source rows, and prescribed evidence shapes.

0 errors / 0 warnings
Contract
2026-04-25

cms-ede-year9-source-native-evidence-contract

Authorities
9

CMS toolkit/source authorities

Source refs
41

scenario source references

Capture maps
292

explicit native ID mappings

Source currentness

Official CMS page
2026-04-14 01:51 PM
Local source files
101 current / 4 superseded
Workbook-native IDs
1155 candidates across 9 workbooks
CMS zONE / auditor package
Restricted templates and baseline toolkit versions must be verified before final export
Reference evidence
format-example-only

Existing reference evidence remains format-reference only. Fresh ControlFrame collector runs must create audit-readiness evidence.

auditor reconciliation ledger

Show CMS identifiers first, then ControlFrame orchestration IDs

CMS reviewers and third-party auditors should be able to reconcile every artifact back to toolkit, row, case, step, and security control references. Internal IDs like UI-006 or scenario slugs help operators run the module, but the package has to lead with the CMS-native reference.

source-row evidence map required
Application UI Toolkit
native control / row reference
UI Questions Item #1, #6, row-level source IDs
evidence shape

Full-page screenshots, DOM/text extract, route, persona, timestamp, source-row sidecar.

API Functional Integration Toolkit
native control / row reference
FIT case ID, step, response field / Column H expectations
evidence shape

Redacted request/response JSON, status, endpoint, checksum, source-row evidence index.

Eligibility Results Toolkit
native control / row reference
Eligibility scenario, source row, household/application state
evidence shape

Eligibility result screenshot, API payload evidence, reviewer notes for CMS UAT dependencies.

Partner Test Case Suite
native control / row reference
Partner case ID and step
evidence shape

Scenario trace, screenshots, JSON captures, blocker notes for CMS-controlled paths.

Communications / EDN / Notice
native control / row reference
Toolkit row ID, notice retrieval / DSRS / metadata references
evidence shape

Message artifact, delivery proof, notice payload, redaction manifest, manual/connector evidence slot.

Privacy & Security
native control / row reference
ARC-AMPE, MARS-E, NIST control identifiers
evidence shape

SSPP, SAP, SAR, POA&M, IAM/IDM/Okta evidence, scanner reports, reviewer approval state.

CMS EDE prescribed components

Break the run exactly where CMS breaks the audit

The console separates CMS Year 9 business requirement toolkits, API functional testing, identity proofing, onboarding, and security/privacy audit package evidence. ControlFrame orchestration IDs stay internal; auditor-facing rows preserve CMS source files, native references, required evidence, and blocked dependencies.

Source catalogWorkbook IDs
1
collection-ready
1
dry-run-ready
4
credential gated
4
manual / connector

Application UI Toolkit

ready
CMS source
Application_UI_Toolkit_02-03-2026.xlsx
Native reference
Application UI Toolkit UI Questions Item #

The applicable phase Application UI Toolkit is reviewed in full; auditors need a methodology that evaluates each UI element, not only test-case-covered questions.

Gate: Target URL and approved broker/agent/consumer personas must be configured before live collection.
Prescribed evidence
  • Full-page screenshots for each applicable UI element and conditional branch
  • Source-row mapping keyed to UI Questions Item #
  • Application answers / extracted text where emitted by the application
ControlFrame output slot
  • screenshots/application-ui-toolkit/*.png + *.meta.json
  • source-row-evidence-index.json
  • text-extracts/application-ui-toolkit/*.txt

Eligibility Results Toolkit

credential gated
CMS source
EDE_Eligibility_Results_Toolkit_Phase 3_PY2026_V3.xlsx
Native reference
Phase-specific Eligibility Results Toolkit scenario / row

Phase-specific required test cases must be completed according to the User Guide tab, with screenshots through eligibility results and consistency between the results page and EDN.

Gate: Requires final CMS UAT/API access, approved toolkit cases, and target application personas.
Prescribed evidence
  • Entire application-flow screenshots from the required starting point through eligibility results
  • Eligibility results page screenshot with correct EDN
  • Raw Get App API response JSON for the application version depicted
ControlFrame output slot
  • screenshots/eligibility-results-toolkit/*.png + *.meta.json
  • json-responses/eligibility-results-toolkit/*.json
  • reports/source-row-evidence-map.csv

EDE Partner Test Case Suite

credential gated
CMS source
2026 EDE _CMS - EDE - Partner Test Case Suite - V11.0 - Final - 2026.03.31.xlsx
Native reference
Partner Test Case Suite case ID and step

Supplemental partner test cases increase approval readiness and should not replace required toolkit cases.

Gate: Requires final CMS UAT credentials, certificates, and test data.
Prescribed evidence
  • CMS UAT test case ID, step, and execution result
  • Per-step screenshot or API request/response evidence
  • Exception log for unresolved UAT cases
ControlFrame output slot
  • reports/latest-report.html
  • screenshots/partner-test-case-suite/*.png
  • open-blockers.json

API Functional Integration Toolkit

credential gated
CMS source
API_Functional_Integration_Toolkit_04042025.xlsx
Native reference
FIT case ID and step / Required Evidence Column H

Each required API test case needs correct results and complete required evidence, including complete request/response headers and body where required; raw JSON/XML must remain unmodified.

Gate: Requires API base URLs, mTLS/certificates, CMS test accounts, and vault-backed private runner execution.
Prescribed evidence
  • Complete header and body for required API request and response
  • Raw JSON/XML captured before redaction copy is produced
  • Separate evidence for Agent/Broker and Consumer pathways when both are in scope
ControlFrame output slot
  • json-responses/api-functional-integration-toolkit/*.json
  • artifact-manifest.json
  • redaction-manifest.json

EDE Communications Toolkit

dry-run
CMS source
EDE_Communications_Toolkit_Year 9_02112026.xlsx
Native reference
Communications Toolkit requirement / disclaimer row

Required consumer communications, notices, disclaimers, language access, and associated critical communications must be evidenced in the applicable pathway.

Gate: Generated notices and non-English critical communications may require CMS/API access or manual evidence registration.
Prescribed evidence
  • Screenshots of required communication and notice surfaces
  • Extracted text next to screenshot metadata
  • Non-English-language application UI and associated communications where applicable
ControlFrame output slot
  • screenshots/communications-toolkit/*.png + *.meta.json
  • text-extracts/communications-toolkit/*.txt
  • source-row-evidence-index.json

Eligibility Determination Notices / Notice Retrieval

credential gated
CMS source
EDE-Notice-Retrieval-20250911.HTML / EDE_Metadata_Search_20250428.html
Native reference
EDN / Notice Retrieval / Metadata Search requirement

The consumer must be able to access the most recent EDN; EDN and raw Get App API JSON requirements apply across required toolkit cases.

Gate: Requires generated EDNs, CMS API access, and approved notice retrieval path.
Prescribed evidence
  • EDN download/view screenshot
  • Notice Retrieval or Metadata Search API request/response capture
  • EDN consistency check against eligibility results page
ControlFrame output slot
  • screenshots/edn-notices/*.png
  • json-responses/edn-notices/*.json
  • source-row-evidence-index.json

Identity Proofing / RIDP-RBA / FARS

manual / connector
CMS source
H139_RIDP Test Harness Data.xlsx / H140_FARS Test Harness Data.xlsx
Native reference
RIDP/RBA/FARS test harness case or fallback path

Identity proofing, RBA outcomes, acceptable documentation, IDM, Okta, and MFA gates must be evidenced or explicitly blocked until authorized access exists.

Gate: Requires RIDP/FARS, IDM, Okta, MFA, and production/test credential access.
Prescribed evidence
  • RIDP/RBA UI outcome screenshot or auditor-observed result
  • Redacted response metadata where available
  • IDM/Okta/configuration evidence by reference
ControlFrame output slot
  • manual-evidence-registry.json
  • screenshots/identity-proofing/*.png
  • open-blockers.json

Business Audit Instructions / DE Entity Documentation

manual / connector
CMS source
EDE Business Audit Instructions and Report Template_Year 9_final.docx
Native reference
Business requirement / review standard / DE Entity Documentation Package item

Auditors must provide complete descriptions of each requirement and must not exclude required review-standard criteria; the DE Entity Documentation Package must be complete at submission.

Gate: Requires GRC/document repository access or manually registered approved documentation.
Prescribed evidence
  • Completed business audit instructions/report template sections
  • DE Entity Documentation Package references
  • Evidence resolving CMS feedback by toolkit or related risk
ControlFrame output slot
  • 08-manual-evidence/manual-evidence-registry.json
  • 06-auditor-packages/<package-id>/business-audit/
  • open-blockers.json

Registration, Onboarding, and Mini-Audit Access

manual / connector
CMS source
Year 9 auditor guidelines / Web-broker ORR guidance
Native reference
Onboarding requirement / testing credential / EICR or readiness item

Testing credentials must be valid and all APIs/components accessible during CMS mini audit; post-submission changes must follow the applicable change process.

Gate: Requires CMS Enterprise Portal, registration, and auditor/CMS access paths.
Prescribed evidence
  • Registration and onboarding status evidence
  • Valid testing credential proof by persona/pathway
  • Change/EICR and approval-gate documentation where applicable
ControlFrame output slot
  • manual-evidence-registry.json
  • open-blockers.json
  • reports/latest-report.html

Security and Privacy Audit - ARC-AMPE / MARS-E

manual / connector
CMS source
ARC-AMPE Volume 2 SSPP / SAP / SAR / POA&M templates
Native reference
ARC-AMPE, MARS-E, NIST, SAP, SSPP, SAR, POA&M identifier

The security/privacy audit package needs SAP, ARC-AMPE SSPP, SAR, and POA&M completeness; SAR findings include documentation review, control testing, scanning, penetration testing, and interviews.

Gate: Requires security package repository, scanner/pen-test output, GRC evidence, and reviewer acceptance.
Prescribed evidence
  • SAP scope and methodology before SCA
  • ARC-AMPE Volume 2 SSPP control implementation details
  • SAR all findings and POA&M open finding traceability
ControlFrame output slot
  • 08-manual-evidence/manual-evidence-registry.json
  • security-evidence/scans-and-pentest/
  • 06-auditor-packages/<package-id>/security-privacy/
View CMS-native scenario mappings and collector registry
Auditor-visible run path

A collection run behaves like a flight recorder, not a black box

Operators can explain each stage to CMS assessors: the target configuration, source validation, dry-run, artifact capture, reviewer gate, and export decision.

01
01
Configure

Target URL, persona credentials, MFA path, and approved audit window.

02
292
Validate

Prove every runnable scenario maps to CMS source documents and native IDs.

03
03
Dry run

Exercise scope, routes, selectors, and blockers before writing evidence.

04
87
Collect

Capture screenshots, text extracts, API JSON, and framework mappings.

05
05
Review

Inspect redaction, evidence status, source rows, and open blockers.

2 review gates
06
blocked
Package

Export only after source, manual, freshness, and redaction gates clear.

not-ready-blockers-open
framework lanes

CMS EDE toolkit coverage

Each lane keeps the CMS toolkit language and native source references. Blocked lanes stay visible so the auditor can see what requires CMS UAT APIs, IDM, Okta, production credentials, or manual external evidence.

Scenario registry

Application UI Toolkit

not-run

Application UI Toolkit UI Questions Item #1-#302, including conditional branches, required text, disclosures, inputs, dropdowns, and applicationAnswers mappings.

Readiness55%
4
scenarios
3
ready
1
blocked
0
future

Eligibility Results Toolkit

not-run

Eligibility Results Toolkit Phase 3 test case IDs, determination payloads, plan eligibility, APTC/CSR, Medicaid/CHIP, and SEP outcomes.

Readiness55%
11
scenarios
0
ready
11
blocked
0
future

Partner Test Case Suite

blocked

CMS EDE Partner Test Case Suite IDs and Test Case Suite User Guide execution evidence.

Readiness35%
7
scenarios
0
ready
7
blocked
0
future

API Functional Integration Toolkit

blocked

API Functional Integration Toolkit IDs, EDE API Companion Guide operations, and FFM Hub integration controls.

Readiness35%
1
scenarios
0
ready
1
blocked
0
future

Communications Toolkit

not-run

Communications Toolkit requirement numbers, standardized disclaimers, legal notices, language assistance, and consumer-facing content.

Readiness55%
2
scenarios
0
ready
2
blocked
0
future

Eligibility Determination Notices

not-run

Eligibility Determination Notice generation, content, language, distribution, archive, and metadata evidence.

Readiness55%
1
scenarios
0
ready
1
blocked
0
future

Identity Proofing

blocked

Year 9 RIDP-RBA / GetRecord requirements, NIST SP 800-63-3 identity assurance, and acceptable documentation paths.

Readiness35%
1
scenarios
0
ready
1
blocked
0
future

Registration and Onboarding

not-run

Agent/broker registration, onboarding, pending approval, MFA setup, authorization gates, and role-specific access.

Readiness55%
1
scenarios
0
ready
0
blocked
1
future

Security Controls - ARC-AMPE / MARS-E

not-run

ARC-AMPE, MARS-E 2.2, NIST SP 800-53 Rev. 5, SSPP, SAR, POA&M, ISA, and privacy/security controls.

Readiness55%
2
scenarios
0
ready
0
blocked
2
future
auditor package gate

Package readiness before anything leaves ControlFrame

not-ready-blockers-open
Source-native contract
pass

0 errors / 0 warnings

Source reconciliation
pass

1155 workbook-native IDs extracted; 0 pending sourceRefs

Full source-native test matrix
pass

1155 source-native row(s), 1121 unique native ID(s), 1007 row(s) outside the original scenario registry

Business Audit package checklist
pass

15 package checklist item(s), 0 without source paragraph matches

Source provenance manifest
pass

123 source file(s), 118 current local candidate(s), CMS zONE confirmation: not-confirmed-in-this-session

Fresh ControlFrame evidence
needs-review

1 run(s), latest cms-ede-marketlink-application-preview-3c-2026-04-30T13-47-48-116Z, 87 artifacts

Manual / external evidence
blocked

0 approved / 0 needs review / 27 missing manual evidence slot(s).

Open CMS access blockers
blocked

24 blocked scenario(s), 3 placeholder scenario(s); 27 missing and 0 needs-review external slot(s)

PII and sensitive-data review
needs-review

Review screenshot sidecars, text extracts, API JSON, and redaction manifest before export.

Run CMS EDE | ControlFrame