2453_Resp Recs 1 (pg.14)
Category:FOIA Response
Number of Pages:1
Date Created:September 11, 2014
Date Uploaded to the Library:September 11, 2014
Donate now to keep these documents public!
See Generated Text ∨
Autogenerated text from PDF
CMS SENSITIVE INFORMATION -REQUIRES SPECIAL HANDLING Attachment Federally Facilitated Marketplaces (FFM) System II. Authorization Actions Failure meet the assigned due dates without prior approval invalidates this authorization operate. The following specific actions are completed the date(s indicated: Finding Finding Description Recommended Corrective Action Risk Due Date FFM has excel file with Implement method The presence May 31, open high macro which for scanning uploaded high ris} findings 2014 finding: executes when the documents for system Macros spreadsheet opened malicious macros. represents enabled was uploaded for increased risk uploaded files review another Ensure that the the CMS allow code user. The macro only existing equivalent enterprise. execute opened compensating controls Lifecycle automatically. command prompt remain place: management window the local the system user's machine; The file upload requires initial however, the threat function only testing for FISMA and risk potential available for authorization and limitless. Keeping limited period each continuous macros enabled relies year. monitoring. Non- the local machine The file upload compliance with the user who function not the CMS downloads detect available all Information and stop malicious users, only plan Security (IS) activity. users. 4cceptable Risk Files types able uploaded are Safeguards ARS), CMS Minimum ' whitelisted. Security Requirements (CMSR) without continuous monitoring presents unacceptable risk. (CA-2). CMS SENSITIVE INFORMATION -REQUIRES SPECIAL HANDLING