Specifications include, but are not limited to:. The State of Nevada Purchasing Division, on behalf of the Silver State Health Insurance Exchange (Exchange), is seeking proposals from qualified and experienced respondents (“Respondents”) to develop an Administering Entity Security and Privacy Assessment Plan (“SAP”); conduct a MARS-E Independent Security Assessment (“ISA”); and complete an accompanying Administering Entity Security and Privacy Assessment Report (“SAR”) and Administering Entity Security and Privacy Assessment Workbook (“SAW”), as defined in the Framework for the Independent Assessment of Security and Privacy Controls issued by the U.S. Department of Health and Human Services’ Centers for Medicare and Medicaid Services (“CMS”). The approved vendor shall be referred to as the “ISA Vendor.” Vendors that respond to this proposal shall have extensive experience in the assessment of MARS-E security and privacy controls to ensure SSHIX’s continued compliance with CMS’ annual requirements. Care should be taken in the Respondent’s proposal to provide definitive guidance on the roles and responsibilities of the stakeholders and agencies defined herein. The proposal shall also highlight any perceived omissions or deficiencies—relative to applicable federal requirements—that the respondent identifies in this RFP, referencing the respondent’s experience when possible. The vendor proposal shall also include a detailed description of the Respondent’s previous experience conducting a MARS-E v2.0 Independent Security Assessment for an ACA Administering Entity (“AE”), including for state government, AE function (e.g., State Exchange or Medicaid Administrator), Date Range of the activities performed (approximate start and end dates), and the Scope of Services provided. Explicitly indicate any services performed by a sub-contractor, including the name of the applicable sub-contractor.
