[ISN] Fixing HealthCare.gov security

http://www.csoonline.com/article/2685234/data-protection/fixing-healthcare-gov-security.html By Antone Gonsalves CSO Sep 17, 2014 While the security weaknesses found in HealthCare.gov by a U.S. government watchdog need to be addressed, they are not unusual for sites as complex as the federal insurance exchange, experts say. In a report released Tuesday, the Government Accountability Office found problems in the “technical controls protecting the confidentiality, integrity and availability” of the federally facilitated marketplace (FFM), which is the area of the site to buy health insurance. Specifically, the GAO faulted the site’s operator for failing to require and enforce strong passwords, to adequately restrict access to the Internet by systems supporting the FFM, to consistently implement software patches, and to properly configure the administrative network for the FFM. The Centers for Medicare & Medicaid Services (CMS), an agency of the Department of Health and Human Services (HHS), is responsible for HealthCare.gov. […]