Cyber Solutions: Modernizing Workloads during a Pandemic


For over two decades, CTAC has supported various agencies and groups within the United States Department of Health and Human Services (HHS). Among its clients is a group responsible for independently reviewing disputed decisions under statutory provisions. This group includes Administrative Law Judges (ALJs) and the Medicare Appeals Council, which handles appeals under more than 60 statutory provisions governing HHS programs. Many of these cases require final decisions within 90 days. CTAC provides comprehensive support for these cases through a customized case management system (CMS) and web-based e-filing solutions. This system includes 260+ custom reports, multiple workflows, and numerous federal and non-federal users. It features advanced search capabilities, document indexing, reminders, custom dashboards, automatic legal document generation, and email alerts. Additionally, it generates individual productivity reports and responds to external requests for caseload and workload information from Congressional, HHS Executive, and other stakeholders.

CTAC was tasked with modernizing the existing case management system to automate tasks, reduce backlog, and eliminate reliance on paper and postal services. The new system also needed to align with NIST 800-53 Moderate controls to ensure the security of PII and PHI data. Obtaining the Authority to Operate (ATO) for the modernized system posed challenges, mainly due to the significant increase in caseload resulting from the global COVID-19 pandemic. This required efficient testing, documentation, and approval processes to meet the timeline.

Illustration of a digital lock with multiple security layers


CTAC successfully modernized our client’s case management system and obtained an accelerated ATO by integrating AWS cloud technologies. AWS provided scalable infrastructure for new e-file modules, document storage, and search capabilities, ensuring flexibility to accommodate increased workloads and meet tight appeal adjudication deadlines.

  • Proactive ATO Process: Rather than delaying the ATO process until the work was complete, CTAC’s proactive approach included updating Security Plan documentation, vulnerability testing during development, and rigorous module testing prior to third-party scanning. CTAC maintained clear communication with the Security Team and ensured compliance with HHS policies, HIPAA, FedRAMP, and NIST 800-53 security controls. Leveraging AWS’s FedRAMP-approved services enhanced built-in security and accelerated the process.
  • Efficiency Through CI/CD and Jenkins: Continuous Integration/Continuous Development (CI/CD) tools, such as Jenkins, played a pivotal role in achieving a higher level of productivity and code quality. Jenkins pipelines were customized for each application, supporting multiple environments (e.g., prod/stage/dev) for rapid and consistent deployments.
  • Adapting to COVID-19 Challenges: In response to COVID-19 and the resulting increase in caseload, CTAC developed a module for secure, large file uploads and transmission of audio files via the portal, replacing paper-based processes. Amazon S3 efficiently managed the storage and retrieval of these documents, reducing maintenance overhead and costs through lifecycle policies.
  • Leveraging AWS Services: CTAC utilized AWS Lambda for serverless tasks, including asynchronous zip-file creation for case documents. AWS Textract and OpenSearch were proposed and implemented to enhance OCR and document search capabilities, ensuring secure data access for authorized users.
  • Enhancing Database Security: The adoption of AWS RDS over dedicated database server instances with Oracle substantially improved security by automating maintenance tasks, applying patches, and simplifying backups, thereby addressing security concerns and data retention needs.
Illustration of a digital lock with multiple security layers


CTAC’s strategic use of AWS cloud technologies, proactive security measures, and efficient tools like Jenkins and AWS services not only modernized their case management system but also streamlined the ATO process, allowing for secure and compliant operations in a challenging environment influenced by COVID-19.