Minimum Acceptable Risk Standards for Exchanges
The Minimum Acceptable Risk Standards for Exchanges (MARS-E) is a set of security guidance that Exchanges must use in implementing and operating their IR systems in support of the Patient Protection and Affordable Care Act of 2010 (ACA). MARS-E compliance is designed to ensure secure handing of Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Tax Information (FTI) of US Citizens. MARS-E is based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53. Entities that provide information systems to agencies must prove they meet MARS-E through an annual assessment.