Skip to content

Get Judicial Watch Updates!


Judicial Watch • 2453_Resp Recs 1 (pg.49)

2453_Resp Recs 1 (pg.49)

2453_Resp Recs 1 (pg.49)

Page 1: 2453_Resp Recs 1 (pg.49)

Category:FOIA Response

Number of Pages:1

Date Created:September 11, 2014

Date Uploaded to the Library:September 11, 2014

Tags:impact,, 2453, obamacare, HHS, FOIA

File Scanned for Malware

Donate now to keep these documents public!

See Generated Text   ∨

Autogenerated text from PDF

)HGHUDO#3;'DWD#3;6HUYLFHV#3;+XE#3;#11;'6+#12;#3;6HFXULW#3;RQWUROV#3;$VVHVVPHQW#3;7HVW#3;3ODQ#3; $XJXVW#3;#21;#19;#15;#3;#21;#19;#20;#22;#3; 
Table Risk Definitions
Rating  Definition Risk Rating  
High  Exploitation the technical procedural vulnerability will cause substantial harm CMS business processes. Significant political, financial, and legal damage likely result  
Moderate  Exploitation the technical procedural vulnerability will significantly impact the confidentiality, integrity and/or availability the system data. Exploitation the vulnerability may cause moderate financial loss public embarrassment CMS  
Low  Exploitation the technical procedural vulnerability will cause minimal impact CMS operations. The confidentiality, integrity and availability sensitive information are not risk compromise. Exploitation the vulnerability may cause slight financial loss public embarrassment  

4.1.4 CMSR Security Control Family and Reference 
The CMSR security control family and control number that affected the vulnerability identified the CMSR Security Control Family and the Reference columns. 

4.1.5 Affected Systems 
The systems, URLs, addresses, etc., affected the weakness, are identified the Affected Systems column. 

4.1.6 Ease-of-Fix 
Each finding assigned Ease-of-Fix rating described Easy, Moderately Difficult, Very Difficult, Known Fix. The ease with which the Business Risk can reduced eliminated described using the guidelines Table 
Table Definition Ease-of-Fix Rating 
Rating  Definition Ease-of Fix Rating  
Easy  The corrective action(s) can completed quickly with minimal resources and without causing disruption the system data  
Moderately Difficult  Remediation efforts will likely cause noticeable service disruption:  vendor patch major configuration change may required close the vulnerability  upgrade different version the software may required address the impact severity  The system may require reconfiguration mitigate the threat exposure  Corrective action may require construction significant alterations the manner which business undertaken  
Very Difficult  The high risk substantial service disruption makes impractical complete the corrective action for mission critical systems without careful scheduling:  obscure, hard-to-find vendor patch may required close the vulnerability  Significant, time-consuming configuration changes may required address the threat exposure impact severity  Corrective action requires major construction redesign entire business process Known Fix known solution the problem currently exists. The Risk may require the Business Owner to:  Discontinue use the software protocol  Isolate the information system within the enterprise, thereby eliminating reliance the system some cases, the vulnerability due design-level flaw that cannot resolved through the application vendor patches the reconfiguration the system. the system critical and must used support on-going business functions, less than quarterly monitoring shall  

HQWHUV#3;IRU#3;0HGLFDUH#3; #3;0HGLFDLG#3;6HUYLFHV#3; 3DJH#3;#21;#27;#3;