Skip to content

Judicial Watch • 2453_Resp Recs 1 (pg.15)

2453_Resp Recs 1 (pg.15)

2453_Resp Recs 1 (pg.15)

Page 1: 2453_Resp Recs 1 (pg.15)

Category:FOIA Response

Number of Pages:1

Date Created:September 11, 2014

Date Uploaded to the Library:September 11, 2014

Tags:Healthcare.gov, Recs, 2453, obamacare, HHS, FOIA


File Scanned for Malware

Donate now to keep these documents public!

  • demand_answers

See Generated Text   ˅

Autogenerated text from PDF

CMS SENSITIVE INFORMATION -REQUIRES SPECIAL HANDLING 
Attachment  
Facilitated  
Finding  Finding Description  Recommended Corrective Action  Risk  Due Date  
FFM has  Software being  Retest FFM each  The presence  February  
open high  deployed into  quarter and submit  high risk findings  26,2015  
finding:  implementation and  new CMS Security system  
evidence  production that  Certification Form for  represents  
functional  contains functional Authority  increased risk  
testing  errors. Untested  Operate (ATO}  the CMS  
processes and  software may  request each quarter.  enterprise.  
procedures  produce functional  Following the CMS  Lifecycle  
being  errors that cause  Security Certification  management  
adequate  unintentional Denial  Form for ATO  the system  
identify Service and  request schedule for  requires initial  
functional  information errors.  re-evaluation:  testing for FISMA  
problems  January 2014  authorization and  
resulting  April2014  continuous  
non- July 2014  monitoring.  Non 
functional  October 2014  compliance with  
code being  January 2015.  the CMS  
deployed.  Information  
The most recent  Security (IS)  
Security Control  Acceptable Risk  
Assessment (SCA}  Safeguards (ARS),  
should final and  CMS Minimum  
have Plan Action  Security  
and Milestones  Requirements  
approved.  (CMSR) without  
continuous  
monitoring  
presents  
unacceptable risk.  
(CA-2)  

CMS SENSITIVE INFORMATION -REQUIRES SPECIAL HANDLING