Every year the Centers for Medicare and Medicaid Services (CMS) spends thousands of engineering hours to ensure its hundreds of applications are compliant with healthcare-specific security controls. The vast majority of this work is redundant across app teams and the complexity is magnified due to a lack of standardization amongst deployment strategies and technology decisions. This talk will highlight the effectiveness of using exclusively OSS to build, deploy and accredit a secure, standardized K8s-based platform in regulated cloud environments at CMS. The presentation will cover OSS technical implementation, how it achieves security requirements and the culture change that is necessary to utilize open source effectively. The goal of this talk is to share, collaborate, and learn how open source software enables teams to deliver secure, OSS platforms in regulated environments.