Skip to content

Judicial Watch • 2453_Resp Recs 1 (pg.9)

2453_Resp Recs 1 (pg.9)

2453_Resp Recs 1 (pg.9)

Page 1: 2453_Resp Recs 1 (pg.9)

Category:FOIA Response

Number of Pages:1

Date Created:September 11, 2014

Date Uploaded to the Library:September 11, 2014, 2453, obamacare, HHS, FOIA

File Scanned for Malware

Donate now to keep these documents public!

See Generated Text   ∨

Autogenerated text from PDF

Data Sei'!rices Hub (DSH) 
II. Authorization Actions 
Failure meet the assigned due dates without prior approval invalidates this authorization 
operate. The following specific actions are completed the date(s) indicated: 

Finding Finding Description 

Findings not There are findings entered ACTS for the ACTS. FYl Security Control 
Assessment (SCA) for the recent penetration testing. 
Security DSH indicates that Category has Moderate listed security level; 
Corrective Action 

Ensure that ACTS updated account for all the findings 
from the SCA and 
the penetration 
Use the CMS Risk Management Handbook Vol. Procedure 6.2 POAM Management develop and document the corrective action plans necessary for closing the identified weaknesses. 
Use the Risk Management Handbook Volume 

"Undefined" 	however, this listed ...... Procedure 2.3 CFACTS. "Undefined" determine the correct ACTS. With security level and "Undefined" security properly define the   categorization, DSH system ACTS. may not have the correct set controls loaded ACTS. 
Risk Due Date 

CMS policy November requires 15, 2013 approved POAMsfor resolving system weaknesses. Undocumented plans for resolving weaknesses could allow known system risks remain. (CA5) 
W.ith October incorrect 15,2013 security categorization, the system may not implementing the minimum level security required and may not adequately protecting the confidentiality, integrity and availability data. (PL-2)