Migration from EDE to ARC-AMPE Media Protection Controls

This white paper serves as a guide for Direct Enrollment Entities (DEEs) to transition their Enhanced Direct Enrollment (EDE) System Security and Privacy Plans (SSPPs) to the Acceptable Risk Controls for ACA, Medicaid, and Provider Entities (ARC-AMPE). It outlines the purpose of the migration, which is to enhance security and privacy measures in compliance with the Affordable Care Act (ACA). The document details the structure of ARC-AMPE, including its control families, and emphasizes the importance of compliance with federal regulations. It also discusses the oversight role of the Centers for Medicare & Medicaid Services (CMS) in ensuring DEEs adhere to security and privacy standards. The white paper specifically addresses the Media Protection controls, detailing the requirements for protecting IT system media and ensuring that access is limited to authorized users. The document includes a comparison of controls between EDE and ARC-AMPE, highlighting significant changes and the increased number of controls required for compliance.