Non-Exchange Entity System Security Plan (“NEE SSP”). The Web-broker must implement the controls documented in the Security and Privacy Controls for Web-brokers Supplement, though, CMS strongly recommends Web-brokers participating in Classic DE implement all the NEE SSP controls. 11 The Web-broker’s Auditor(s) must verify and document the Web-broker’s implementation and compliance with at least the controls listed in the Security and Privacy Controls for Web-brokers Supplement. The Security Privacy Assessment Report (SAR) will be accepted by CMS as documentation of compliance with those controls so long as the assessment has been conducted within 365 Days of the completion date of the previous assessment.
Appears in 2 contracts
Sources: Web Broker Agreement, Web Broker Agreement