What Products, Services and Other Cybersecurity Issues Affect Our Industry?

February 21, 2017
1599 Views

HITRUST often receives questions regarding our products, services and other cybersecurity issues that affect our industry. Our Ask a HITRUST Expert feature with Dr. Bryan Cline briefly addresses some of these common questions and provides helpful links and references to clarify:

Why can’t I just adopt the NIST CsF?

The NIST Cybersecurity Framework (CsF) provides overarching guidance for an organization’s information protection program but lacks the prescription of underlying control-based risk management frameworks such as that provided by ISO, NIST or HITRUST.  Information on how the HITRUST RMF, including the HITRUST CSF and CSF Assurance Program, provides a model implementation of the NIST CsF for the healthcare industry can be found in the Joint Healthcare and Public Health Cybersecurity Working Group’sHealthcare Sector Cybersecurity Framework Implementation Guide.”  The criteria for selecting a control-based risk management framework by healthcare organizations are addressed in a joint HCSC and Children’s Health presentation entitled, “Selecting a Healthcare Information Security Risk Management Framework in a Cyber World.”

Are the CIS CSC controls integrated into the HITRUST CSF?

The CIS CSC requirements are fully integrated into the 2016 HITRUST CSF v8 release, available in late June 2016.  More information on the HITRUST CSF is available from the HITRUST CSF Webpage, and a copy of the HITRUST CSF along with supporting documentation such as an authoritative sources cross-reference is available at no cost to qualifying organizations is available for download by accepting the HITRUST CSF v8 License Agreement.  Organizations can evaluate how they’re information protection program against the CIS CSC requirements by conducting a CSF assessment and requesting a CIS CSC scorecard.  For more information, refer to the CSF Assurance Program Webpage and the CSF Assurance Program brochure.

Dr. Bryan Cline is Vice President of Standards and Analytics at HITRUST. Twitter: @IA_Doctor

Share this with your friends...Share on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone

You may be interested

“Using Work of Others” Initiative from HITRUST Streamlines IT Security Control Assessments to Promote a Culture of Risk Management Collaboration
Compliance & Risk Management
shares135 views
Compliance & Risk Management
shares135 views

“Using Work of Others” Initiative from HITRUST Streamlines IT Security Control Assessments to Promote a Culture of Risk Management Collaboration

Lacy Deatrich - Sep 11, 2019

By Jeremy Huval, Vice President, Compliance & Internal Audit Completing HITRUST CSF Assessments will now require less time and fewer…

HITRUST® Submits Application to be an Accountability Agent for APEC Certification
Privacy
shares265 views
Privacy
shares265 views

HITRUST® Submits Application to be an Accountability Agent for APEC Certification

Lacy Deatrich - Aug 14, 2019

By Anne Kimbol, Chief Privacy Officer, HITRUST HITRUST has submitted its application to be recognized as an Accountability Agent under…

HITRUST Shared Responsibility Program Helps Organizations and Cloud Service Providers Collaborate to Protect Data in the Cloud
Compliance & Risk Management
shares116 views
Compliance & Risk Management
shares116 views

HITRUST Shared Responsibility Program Helps Organizations and Cloud Service Providers Collaborate to Protect Data in the Cloud

Lacy Deatrich - Jul 08, 2019

By Becky Swain, Director, Standards Development Your cloud provider is certified to comply with all the major regulations for protecting…