RegScale Announces Support for the CMS MARS-E Catalog

May 13, 2022 | By J. Travis Howerton

The Center for Medicare and Medicaid Services (CMS) Minimum Acceptable Risk Safeguards for Exchanges (MARS-E) defines a structure for managing the security and privacy requirements of systems deployed to administer the provisions of the Affordable Care Act (ACA) that ensure affordable healthcare for all Americans. The centerpiece of the framework is the streamlined and tailored selection of security and privacy controls for Exchanges. The Security and Privacy controls specify applicable policies, standards, and procedures necessary for:

  • Administering Entities to manage privacy and security risks in State-Based Exchange and Medicaid/Children’s Health Insurance Program (CHIP) environments
  • Administering Entities to manage the responsibility to assure security and privacy for authorized data usage of ACA Personally Identifiable Information (PII)
  • The Centers for Medicare & Medicaid Services (CMS) to define its responsibility for compliance oversight and monitoring.


At RegScale, we provide a software platform that offers easy and free tools to get started with building a CMS MARS-E compliant program with support for tracking policies, related assessments, evidence collection, issues management/performance improvement, and other related workflows. As of May 13, 2022, RegScale has announced that we officially support MARS-E as a catalog within our platform with automated tools/wizards for building compliant inspection programs. In addition, we have published multiple machine readable formats of MARS-E including an Excel spreadsheet, raw JSON, and NIST OSCAL that are available upon request. These artifacts are freely available for others to reuse in their compliance automation programs using machine readable formats.

Schedule a free demo today to learn how RegScale can help you continuously meet your CMS MARS-E requirements. If you are ready to start automating your compliance processes for creating and managing CMS Exchange requirements, this demo will also show how you can leverage RegScale to deliver continuous compliance. In addition to offering free tools, we have experienced compliance professionals who can assist you in creating robust MARS-E compliance artifacts that will help you pass audits with ease. With RegScale, our customers get software with a service to provide a concierge like experience for achieving healthcare system security.

Ready to get started?

Choose the path that is right for you! 

Skip the line

My organization doesn’t have GRC tools yet and I am ready to start automating my compliance with continuous monitoring pipelines now. 


My organization already has legacy compliance software, but I want to automate many of the manual processes that feed it.