Skip to content

Judicial Watch • 2453_Resp Recs 1 (pg.14)

2453_Resp Recs 1 (pg.14)

2453_Resp Recs 1 (pg.14)

Page 1: 2453_Resp Recs 1 (pg.14)

Category:FOIA Response

Number of Pages:1

Date Created:September 11, 2014

Date Uploaded to the Library:September 11, 2014

Tags:Healthcare.gov, Recs, 2453, obamacare, HHS, FOIA


File Scanned for Malware

Donate now to keep these documents public!

  • demand_answers

See Generated Text   ˅

Autogenerated text from PDF

CMS SENSITIVE INFORMATION -REQUIRES SPECIAL HANDLING Attachment 
Federally Facilitated Marketplaces (FFM) System 
II. Authorization Actions 
Failure meet the assigned due dates without prior approval invalidates this authorization 
operate. The following specific actions are completed the date(s 

indicated: 
Finding  Finding Description  Recommended Corrective Action  Risk  Due Date  
FFM has excel file with  Implement method  The presence  May 31,  
open high  macro which  for scanning uploaded  high ris} findings  2014  
finding:  executes when the  documents for system  
Macros  spreadsheet opened  malicious macros.  represents  
enabled  was uploaded for  increased risk  
uploaded files  review another  Ensure that the  the CMS  
allow code  user.  The macro only  existing equivalent  enterprise.  
execute  opened  compensating controls  Lifecycle  
automatically.  command prompt  remain place:  management  
window the local  the system  
user's machine;   The file upload  requires initial  
however, the threat  function only  testing for FISMA  
and risk potential  available for  authorization and  
limitless.  Keeping  limited period each  continuous  
macros enabled relies  year.  monitoring.  Non- the local machine   The file upload  compliance with the user who  function not  the CMS  
downloads detect  available all  Information  
and stop malicious  users, only plan  Security (IS)  
activity.  users.  4cceptable Risk  
 Files types able uploaded are  Safeguards ARS), CMS Minimum  
'  whitelisted.  Security  
Requirements  
(CMSR) without  continuous  
monitoring  
presents  
unacceptable risk.  

(CA-2). 

CMS SENSITIVE INFORMATION -REQUIRES SPECIAL HANDLING