Related Posts
Subscribe via Email
Subscribe to our blog to get insights sent directly to your inbox.
The new Minimum Acceptable Risk Standards for Exchanges (MARS-E) 2.0 framework is out and effective as of September 30, 2015. The new MARS-E 2.0 standard includes significant updates to security and privacy controls of in-scope systems. These updates also impact security governance mechanisms, which include but are not limited to the System Security Plan (SSP).
Updates to the MARS-E 2.0 standard include:
MARS-E 2.0 is already here and in some cases requires immediate compliance for any submission made after September 30, 2015. Key dates you should know:
There are many changes to the new MARS-E 2.0 standard, including the new privacy controls which must be included within the System Security Plan (SSP). The changes also impact Medicaid/CHIP, which must also conduct a Privacy Impact Assessment (PIA) to conform with new privacy controls. Additionally, the new security continuous monitoring controls need an annual attestation to MARS-E compliance and administering entities must report planned system changes, including changes in data use. Any legal agreements in place should be revisited to ensure compliance with MARS-E 2.0.
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.
Subscribe to our blog to get insights sent directly to your inbox.