The Government Accountability Office (GAO) has assessed the effectiveness of CMS controls intended to protect the security and privacy of the information and information technology (IT) systems used to support Healthcare.gov. The GAO determined that while CMS has taken steps to protect Healthcare.gov security and privacy, “weaknesses remain both in the processes used for managing information security and privacy as well as the technical implementation of IT security controls.” The GAO warns that until such weaknesses are fully addressed, risks remain with regard to unauthorized access, disclosure, or modification of the information collected and maintained by Healthcare.gov and related systems, along with potential disruption of services. The GAO made a series of recommendations to implement security and privacy management controls related to Healthcare.gov. For details, see the full report, “Healthcare.gov: Actions Needed to Address Weaknesses in Information Security and Privacy Controls.”