so that's not stored within the ffm. the only thing that's stored in the ffm itself separate from the hub is the ability to work appeals of cases for people who say i didn't get a tax credit, i should have gotten a tax credit. we keep it minimal. >> is that tax information in there? >> no. there's not tax information. there can be sometimes people can state their income, but there's not tax information. >> okay. all right. my time has expired. thank you for your indulgence, mr. chairman. >> thank you. thanks for a good round of questioning. we go to mr. meadows. >> thank you, mr. chairman. i'm over here. i want to go ahead -- i will speed through some of these questions. miss tavenner, can you confirm that cms will not change their open enrollment dates? we had so many different dates that changed before. can you confirm to the american people and really to the providers that those open enrollment dates will not move? >> the open enrollment date for this year is november 15 through february 15. >> those will stay firm? >

. >> briefly, item 4 from the gao says perform a comprehensive security assessment of the ffm, including the infrastructure platform and software elements. initially that was one you said no to. are you saying you will perform that full systemwide test and have it done by november 15th? because that's sort of the one that gao couldn't -- we can't know what we don't know until you do that, right? >> the mic, please. >> we get into a discussion of style here. it is our intention, and we will complete a full end-to-end security assessment prior to open enrollment, yes, sir. that's scheduled for later this month, or october. i think where we got into a different kind of construction, it had to do with infrastructure and platform and our definitions. but i think our intentions are the same. >> why don't we let, greg, give us the rest of it. >> as long as the tests that they perform includes how the applications enter the phase of what the operating platforms and infrastructure, to look at it in totality is going to be critical. because certain vulnerabilities on certain layers of the security

. >> briefly, item four from the gao says perform a comprehensive security assessment of the ffm, includingnfrastructure platform and deployed software elements. now, initially, that was one that you said no to. are you saying you will perform that full system-wide test and have it done by november 15th, 'cause that's sort of the -- that's sort of the one that gao couldn't -- we can't know what we don't know until you do that, is that right? the mic, please. >> we get into a discussion of style here. it is our intention, and we will complete a full end-to-end assessment, security assessment prior to open enrollment, yes, sir. that's scheduled for later this month or october. i think where we got into a different kind of structure had to do with infrastructure and platform and our definitions, but i think our intentions are the same. >> why don't we let, greg, if would you give us the rest. >> as long as the tests that they perform includes how the applications interface with the operating platforms and the infrastructure to look at it in totality is going to be critical, because certain vol