• Skip to primary navigation
  • Skip to main content
  • Skip to footer
ControlCase No Tag LOGO md

ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

  • Company
    • About Us
    • Careers
    • Locations
    • Team
  • Industries
    • Business Process Outsourcing
    • Cloud Service Providers
    • Retail
    • Telecom | Entertainment
    • Managed Service Providers
  • Certifications
    • PCI DSS Certification
    • CSA STAR Certification
    • GDPR Assessment
    • HIPAA Assessment
    • HITRUST Certification
    • ISO 27001 Certification
    • FedRAMP 3PAO Services and NIST 800-53
    • CMMC Certification
    • MARS-E Assessment
    • PCI SSF
    • P2PE Certification
    • SOC2 Report
  • Solutions
    • Continuous Compliance Solution
    • One Audit
    • Card Data Discovery Software
    • Data Security Rating
  • Testing
    • Application Reviews
    • Application Security Training
    • Code Reviews
    • Card Data Discovery
    • External Vulnerability Scans
    • Firewall Security Reviews
    • Internal Vulnerability Scans
    • Log Monitoring
    • Penetration Testing
  • Resources
    • Events
    • News
    • Webinars
    • Courses
    • Blog
    • Tools
    • Become a Partner
  • Contact Us
  • English

MARS-E Assessment

Request DatasheetRequest QuoteRequest Demo
You are here: Home / Certifications / MARS-E Assessment

MARS-E Assessment – Minimum Acceptable Risk Standards for Exchanges

The enactment of the Patient Protection and Affordable Care Act (ACA) of 2010 gave way to the creation of the federal and state Health Insurance Exchanges (HIXs or marketplaces) which facilitate the purchase of health insurance by consumers and small businesses.

The Exchanges handle Personally Identifiable Information (PII), Protected Health Information (PHI), and Federal Tax Information (FTI) and the functions of the Exchanges require data from various federal agencies, including the Department of Health and Human Services (HHS), Internal Revenue Service (IRS), Social Security Administration (SSA), and Department of Homeland Security (DHS).

The federal government is required by law to protect the security and privacy of its IT systems, the information contained within those systems and with whom data is shared. For enrollees of Administering Entities(AEs), MARS-E defines a minimum set of standards for acceptable security risk that the Exchanges must address and aims to facilitate compliance with the myriad of potentially applicable federal requirements under FISMA, HIPAA, HITECH, ACA, Tax Information Safeguarding Requirements, and state requirements.

If your organization is defined as an ACA Administering Entity (AE) under MARS-E, you are required to implement policies and procedures necessary to protect the security and privacy of information as mandated by the ACA.

Policy Development and Management

We will assist you in developing the policies and procedures needed for assessment and then help with the ongoing management of these policies and adherence to them across your organization.

ControlCase Attestation Services

We will assist you by performing an attestation engagement to determine your organization’s compliance with the MARS-E requirements.

We can also assist you in getting prepared for the attestation of compliance by performing a readiness assessment that will identify any gaps in your compliance with respect to MARS-E and also provide you with recommendation to remediate the identified gaps.

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

Footer

Connect

Corporate Headquarters
3975 FAIR RIDGE DR STE T25S-D
FAIRFAX, VA 22033

Send us a message

Call Us

Search

About Us

ControlCase is a United States based company, headquartered in Fairfax, Virginia with locations in North America, Europe, Latin America, Asia/Pacific, Australia and the Middle East to serve our clients globally.

Quick Links

  • Company
  • Careers
  • Locations
  • Covid-19 Notice

Certifications, Assessments and Reports

  • PCI DSS Certification
  • CSA STAR Certification
  • GDPR Assessment
  • HIPAA Assessment
  • HITRUST Certification
  • ISO 27001 Certification
  • FedRAMP and 3PAO Services
  • MARS-E Assessment
  • PCI SSF
  • P2PE Certification
  • SOC2 Report

© ControlCase LLC 2025 | Privacy Policy | Impartiality Statement | Legal Notices

  • English
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}