Excellence in cybersecurity and risk management underpins everything we do

As one of the largest providers of government health data services in the world, we are no strangers to keeping personal information and secure data safe. Our commitment to excellence in cybersecurity and cyber resilience spans four decades. Our people, teams, and technology are relentless in the pursuit of supporting your mission and keeping your operations secure.

We understand that competent cybersecurity goes way beyond preventing a data breach

From helping our clients define their cybersecurity policies to supporting efforts to establish governance, Maximus supports complex cybersecurity projects across federal IT. From providing FedRAMP tools and technologies that support the monitoring and management of security functions to developing compliant systems, policies, and guidelines – we work across the full spectrum of cloud environments.

  • We understand and can support multiple aspects of the cybersecurity function, drawing on our team of experts who have spent decades focused on maintaining the security of large and complex programs.
  • We work in cleared spaces, handling cleared data, including in Sensitive Compartmented Information Facility (SCIF) facilities. 
  • We offer three FedRAMP solutions – the Maximus Intelligent Assistant (MIA), the Maximus Cloud, and the Maximus Engagement Platform – all of which enable us to provide secure, state-of-the-art technology to our clients.
We understand that competent cybersecurity goes way beyond preventing a data breach

Maximus has decades of experience protecting sensitive data

Data storage carries serious risks – no matter what infrastructure or processes serve to protect it. Maximus has been managing and reducing that risk across government for decades. We have comprehensive, 360-degree measures in place to protect sensitive information – including PHI and PII. The best practices we have developed and implemented span online data collection and use, data transmittal, phone, and other person-to-person scenarios.

Best Practices

We have an embedded security function in our DevSecOps methodology of delivering solutions to customers. We have also developed best practices around edge security and on penetration testing at customer sites that we host and support.


We work on FedRAMP information security-related projects with customers at the Office of Personnel Management (OPM), Consumer Financial Protection Bureau (CFPB), the Office of Federal Student Aid (FSA), the United States Citizenship and Immigration Services Bureau (USCIS), and the Center for Medicaid Services (CMS) to name a few. 


Maximus has several cybersecurity certifications. We follow the NIST cybersecurity framework, utilizing FISMA for on-prem deployments, and we are FedRAMP certified for the cloud. We have achieved ISO 27001, which is entirely focused on information security.


We have a dedicated cybersecurity team with decades of experience supporting government program operations and securing sensitive data. This group works closely with the Maximus CISO and elite subject matter experts to ensure that cybersecurity efforts stay aligned across projects and enterprisewide.

Case Studies

Internal Revenue Service

Maximus has been the IRS’ chosen partner for the development of its cybersecurity strategy. Working on the IRS-ITC-2 contract, we support the agency’s Office of Cybersecurity -- responsible for ensuring the confidentiality, integrity, and availability of IRS electronic systems, services, and data. Our team developed the IRS Cybersecurity Strategy, which is mapped to the IRS’s Modernization Plan and will receive Congressional oversight. Already, our innovative cybersecurity strategies have significantly enhanced the IRS cybersecurity posture.

State Medical Benefit Reviews

Maximus conducts independent medical reviews and benefit reviews for several state programs. This work involves accessing and assessing sensitive information – including data with personal health information (PHI) and personally identifiable information (PII) and, in some cases, compiling and transmitting reports to the appropriate state agencies or their designated intermediaries. Our team is consistently called to conduct this type of work due to our ability to secure information and proactively protect it from a variety of cyber threats.

Center for Medicare and Medicaid Services

The Maximus cybersecurity team recently supported CMS during an agency-wide cybersecurity compliance audit. Our contributions included helping the agency to develop and conduct edge security assessments, perform penetration testing, and helping it manage and maintain its proactive and reactive cybersecurity game plans. We continue to support the agency on a variety of programs with information security components.