Section 508 Testing Process

Section 508 Testing

CMS requires that all newly purchased or developed Information and Communication Technology (ICT), including new versions or releases, meet Section 508 Compliance standards. 

This includes, but is not limited to, the following: 

  • Commercial Off the Shelf (COTS) software 

  • Hardware (scanners, printers, copiers, etc.) 

  • Applications and systems developed for use by CMS 

  • Websites including Portals, Exchanges, secure websites, the CMS Intranet, and public facing websites 

Overview of the CMS Section 508 Testing Process: 

  1. Request ​a completed Accessibility Conformance Report (ACR) based on the ITI Voluntary Product Accessibility Template​ (VPAT®) from the vendor/contractor. (WCAG or 508 version is acceptable, the VPAT can be found here).​
  2. Submit a testing request to the CMS IT Service Desk via em​ail, online, or by calling (410) 786-2580 or (800) 562-1963.​
  3. Complete the CMS test plan template found here.
  4. Submit the application, test plan, and ACR to the 508 Test Team.
    Note: It is the responsibility of the requestor to provide the testing team with the software that needs to be tested in the testing lab.  In most cases, software vendors will provide a free trial version of the software that can be used for testing.

    1. The Security Team will: 

      1. ​​Review any new Commercial off-the-shelf (COTS) requests. 

      1. Provide approval/denial of the application for the CMS environment. 

    1. ​​The Section 508 Clearance Officer/Program Team will:

    • Review the submitted ACR for conformance to accessibility standards.

    • Submit any feedback from the ACR assessment to the CMS Application Owner/Requestor.

  7. The Section 508 ​Testing Team will: 

    1. Review and submit feedback to submitted test plans.

    2. Schedule a validation test based on the testing calendar. Not​e: Testing requests are processed in the order they are received. A test date will not be scheduled until the application has been received, installed, and/or successfully accessed (logged in). 

    3. Conduct internal validation review of the application based on the submitted use case scenarios in the test plan. 

    4. Generate 508 test results and circulate to the CMS Application Owner, Section 508 Program Team, and CMS Technical Lead. 

    5. If the ICT passes validation testing, notify the CMS Application Owner they can proceed through the implementation process. 

    6.  If the ICT does not pass, notify the CMS Application Owner to complete a remediation plan.
       

  8. The Section 508 Program Team will review and approve the submitted remediation plan.
  9. The CMS Application Owner will implement ICT after receiving validation approval. Or (in the case of required remediation), complete modifications or enhancements and return to Step 1.
  10. In rare circumstances, an exception may be granted for certain commercial off-the-shelf (COTS) products which are not compliant with Section 508 requirements; consult with the Section 508 program manager for more information.

To review previously tested software, you can access the CMS Tested Software List.

For additional information about Section 508 at CMS, please visit Section 508 and CMS.​

Questions? Email the 508 Test Team​.

Page Last Modified:
12/19/2025 03:09 PM
Help with File Formats and Plug-Ins