From: Brattleboro Reformer
By Erin Mansfield
***
“CMS has not fully documented procedures that define its oversight responsibilities,” the study says. “Further, while CMS has set requirements for annual testing of a subset of security controls implemented within the state-based marketplaces, it does not require continuous monitoring or annual comprehensive testing.”
“Until CMS documents its oversight procedures and requires continuous monitoring of security controls, it does not have reasonable assurance that the states are promptly identifying and remediating weaknesses and therefore faces a higher risk that attackers could compromise the confidentiality, integrity, and availability of the data contained in state-based marketplaces,” the report said.
Leave a Reply