MARS-E Focused Audit and Assessments; we are ready when you are!

If your organization is defined as an ACA Administering Entity (AE) under MARS-E, you are required to implement policies and procedures necessary to protect the security and privacy of information as mandated by the ACA.

MARS-E requires annual risk assessments for ongoing compliance. Leveraging the NIST risk assessment framework, we can help you identify new vulnerabilities, evaluate their potential impact, and develop a mitigation plan.

Lazarus Alliance Proactive Cyber Security® services minimize performance and operational risks with our industry-leading, innovative, and cost-effective MARS-E-focused services.

Just the facts ...

The Minimum Acceptable Risk Standards for Exchanges (MARS-E) is a set of privacy and security standards for Affordable Care Act (ACA) administering entities, as well as their contractors and sub-contractors. Developed by the Centers for Medicare and Medicaid Services (CMS), the standards are based on the National Institute of Standards and Technology (NIST) Special Publication 800-53. This framework establishes the security and privacy requirements required for compliance under MARS-E, ensuring the availability, confidentiality, and integrity of protected health information (PHI), personally identifiable information (PII), and federal tax information (FTI).

Lazarus Alliance specializes in the implementation and ongoing support of MARS-E programs that align with the requirements. We apply a risk-based, top-down approach that drives both efficiency and effectiveness into the programs.

After the assessment, Lazarus Alliance will issue an independent, third-party Security Assessment Report (SAR). This report will include a detailed explanation of your controls, as well as testing procedures and results. This report can be submitted to the CMS when applying for an Authorization to Operate (ATO); it can also be shared with key stakeholders as they work to evaluate your information security program. Lazarus Alliance will also provide an engagement affidavit that you can use for sales, marketing, and customer relations.

Frequently Asked Questions

What is MARS-E?

MARS-E (Minimum Acceptable Risk Standards for Exchanges) is a set of security and privacy standards established by the Centers for Medicare & Medicaid Services (CMS) to protect sensitive data, such as Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Tax Information (FTI), within Affordable Care Act (ACA) health insurance exchanges. It aligns with NIST SP 800-53.

Who conducts MARS-E audits?

Accredited Third-Party Assessment Organizations (3PAOs), such as Lazarus Alliance, conduct MARS-E audits, ensuring unbiased evaluations.

What is the MARS-E compliance process?

The process includes:

Conduct a gap analysis.
Implement NIST 800-53-based controls.
Develop a System Security Plan (SSP) and Plan of Action and Milestones (POA&M).
Undergo a 3PAO assessment.
Submit an annual SAR to CMS.

How often are MARS-E audits required?

Annual audits are required, with SARs submitted to CMS. Continuous monitoring, including quarterly vulnerability scans, is also mandatory.

How does MARS-E align with NIST 800-53?

MARS-E uses NIST 800-53 as its baseline, tailoring over 1,000 controls across 17 families to address HIX-specific risks, such as real-time data transfers and identity verification.

What is the role of a 3PAO in MARS-E audits?

A 3PAO conducts independent assessments, validates controls, performs penetration testing, and produces SARs to confirm MARS-E compliance.

Find out more by calling +1 (888) 896-7580 today.

Name *

First

Last

Email *

Confirm Email

Name service interested

Phone

Company *

Which service categories are you interested in? *

IT Audit & Compliance
Risk Assessment & Management
Vulnerability & Penetration Testing
Governance & Policy Analysis
Privacy Audit
Cybervisor Security Advisory Services
Lazarus Alliance Laboratory Testing

Which services are you interested in? *

StateRAMP
FedRAMP
SOC 1-2-3
CMMC, NIST 800-171 & 800-172
NIST 800-53, SCA-V
PCI DSS QSA & SAQ
PCI SSF S3
ISO 27001, 27017, 27018, 27701, 22301
ISO 9001, 90003
ISO 42001
HIPAA NIST 800-66
CJIS
IRS 1075 & 4812
ACAB LA DMF
NVLAP NIAP Common Criteria
FDA 21 CFR Part 11 GxP
MARS-E
NIST CSF
CBFP. FFIEC, SEC, NFA & FINRA
EUCS
C5
ENS
Privacy, CCPA, CPRA, GDPR, PIPEDA, DPIA, LGPD
Risk Management
Privacy DPIA, CPRA, CCPA
COSO SOX
NERC CIP
FTC SafeGuards
Something not listed

How may we assist you? *

Download our company brochure.

I agree to receiving additional marketing communications.

Detailed Approach to the MARS-E Requirements

Lazarus Alliance’s dedicated IT and operational audit professionals have experience working with a wide variety of industries of all sizes. We partner with you to assist your company in complying with the MARS-E requirements.

Cybervisor™ Consultations

A significant differentiator you will immediately appreciate is our Proactive Cyber Security™ MARS-E compliance audit methodology, which takes a continuous audit approach rather than the end-of-reporting period Audit Anarchy approach by other firms.

Lazarus Alliance Cybervisors™ assist with the MARS-E documentation development, including the System Security Plan, Policies, Procedures, and more.

Start to Finish in Record Time

Our proven MARS-E assessment approach and technology dramatically improve the completion process. We average a huge 46% reduction in the traditional assessment time due to the dedicated Continuum GRC SaaS portal you have 24/7 access to, allowing everyone to get out quickly.

Start working smarter, not harder, today ...

The MARS-E assessment professionals at Lazarus Alliance are completely committed to your and your company's MARS-E compliance success. We stand ready to partner with your organization.