Migration from EDE to ARC-AMPE CA Controls

This white paper serves as a guide for Direct Enrollment Entities (DEEs) to transition their Enhanced Direct Enrollment (EDE) System Security and Privacy Plans (SSPPs) to the Acceptable Risk Controls for ACA, Medicaid, and Provider Entities (ARC-AMPE). The document outlines the purpose of this migration, emphasizing the need for compliance with new CMS requirements. It details the structure of the ARC-AMPE, which consists of various control families, including Assessment, Authorization, and Monitoring (CA) controls, which are the focus of this paper. The white paper also discusses the oversight role of the Centers for Medicare & Medicaid Services (CMS) in ensuring DEEs adhere to security and privacy standards. Furthermore, it highlights the significant increase in the number of controls required for compliance with ARC-AMPE compared to the previous EDE guidelines, indicating a shift in the format of the SSPP template from Microsoft Word to Excel. The document aims to facilitate understanding and implementation of these new requirements for DEEs.