How many controls does MARS-E have?

MARS-E contains 21 controls organized across 2 domains.

Where does MARS-E apply?

MARS-E is applicable in United States (CMS). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does MARS-E map to?

MARS-E has control-to-control mappings with 650 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with MARS-E compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

MARS-E — Minimum Acceptable Risk Standards for Exchanges

The Minimum Acceptable Risk Standards for Exchanges (MARS-E) Version 2.2 establishes security and privacy requirements for state and federal Health Insurance Exchanges (Marketplaces) created under the Affordable Care Act. Based on NIST SP 800-53 with exchange-specific overlays, it provides a risk-based framework for protecting personally identifiable information (PII) and Federal Tax Information (FTI) in the health insurance marketplace ecosystem..

Domains

Compliance and Reporting

Security Controls

Frequently Asked Questions

Map MARS-E — Minimum Acceptable Risk Standards for Exchanges to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform