Watch ControlFrame run the audit workflow before credentials exist.
This is the sanitized walkthrough for a CMS EDE reference tenant: validate CMS-native requirements, choose a test set, run a dry-run or authorized collector, review evidence, then export only after source, redaction, and blocker gates clear.
Runnable scenarios must map to CMS toolkit rows and native IDs before collection.
9 parsed workbooks, with CMS zONE remaining the restricted source authority.
Every artifact lands with source-row mapping, manifest, checksum, and review status.
Seven steps from CMS source contract to auditor package.
This autoplay walkthrough shows the operating path without claiming final CMS evidence has been collected. The action links open the real product surfaces when the team is ready to configure access.
Open the HPS CMS EDE project
The auditor sees this as a project instance of the generic ControlFrame platform, not a one-off MarketLink evidence folder.
Open the HPS / MarketLink CMS EDE workspace and confirm the framework template, lanes, source coverage, blockers, and audit-readiness status.
Loads the CMS EDE Year 9 template, HPS project configuration, source-native scenario registry, manual evidence gates, and prior run ledger.
Project command center, CMS EDE lane readiness, blocked external dependencies, and source-native drilldowns.
One click should tell you what can run and what is gated.
CMS EDE is prescriptive. These lanes stay mapped to toolkit names, native requirement references, expected evidence, and blockers.
Application UI Toolkit
Navigate consumer, broker, and agent application flows and capture prescribed UI screenshots mapped to UI Questions Item numbers.
Eligibility Results Toolkit
Verify eligibility outcomes, APTC/CSR, Medicaid/CHIP, SEP, and determination displays against toolkit scenarios.
Partner Test Case Suite
Execute CMS partner test cases with per-step screenshots, request/response captures, and exception tracking.
API Functional Integration Toolkit
Run FIT cases and collect redacted request/response JSON, payload handling evidence, mTLS/certificate status, and source-row mappings.
Communications Toolkit
Capture required communications, disclosure surfaces, language support, and Section 508 evidence where application-side surfaces are reachable.
Eligibility Determination Notices / Notice Retrieval
Validate EDN access, notice retrieval, metadata search, and consistency between the EDN, eligibility results screen, and raw Get App response.
Identity Proofing
Track RIDP/RBA, FARS, fallback documentation, IDM, Okta, MFA, and credential-gated proofing paths.
Business Audit Instructions / DE Entity Documentation
Track the CMS business audit instructions/report template, DE Entity Documentation Package, CMS feedback resolution, and other manual evidence that must be attached by source-native slot.
Registration, Onboarding, and Mini-Audit Access
Track CMS Enterprise Portal, testing credentials, API/component availability, mini-audit access, and change/EICR approval evidence that must be ready before auditor execution.
Security / ARC-AMPE / NIST Controls
Register SSPP, SAR, POA&M, ISA, MARS-E, ARC-AMPE, NIST, configuration exports, and security control evidence by native control ID.
The output is a reviewed evidence package, not a screenshot dump.
cms-ede-reference-demo/02-evidence-runs/<run-id>Run ID, timestamp, target boundary, scenario counts, and command metadata.
Top-level index of collected screenshots, JSON, text, reports, and blockers.
Artifact-level lookup for pages, captures, and generated evidence records.
CMS-native row-to-artifact mapping, including native IDs and row statuses.
File inventory, artifact paths, checksums, labels, and evidence classes.
PII/secret review status and redaction decisions for screenshots and JSON.