NIST CSF Risk Assessment: Not Reaonable or Appropriate
Identifying Safeguards that ate Not Reasonable or Appropriate for your organization can Jumpstart the NIST CSF Risk Assessment process.
Posted February 12, 2019 by Jack Anderson
NIST Safeguard For HIPAA Compliance
Example of NIST CSF Safeguard: AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES The group writes a security awareness and training policy. The policy will be given to all affected personnel and will be reviewed and updated several times a year. The security awareness and training policy states the purpose for the training, who will carry it out, and what their jobs will entail. The group writes procedures that state how the policy will be carried out. The security awareness and training policy and procedures comply with all laws and rules applicable to the group.
Posted February 5, 2019 by Jack Anderson
NIST Safeguard Definition
SAFEGUARDS Definition(s): The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Source(s): CNSSI 4009-2015
Posted January 29, 2019 by Jack Anderson
What is a NIST HIPAA Policy?
A NIST HIPAA policy is a policy written specifically to meet the requirements of a NIST Safeguard. Adopting and implementing the policy results in a higher score on the NIST CSF risk assessment, the new standard for HIPAA compliance.
Posted January 16, 2019 by Jack Anderson
Athenahealth Accepts Our Client as HIPAA Compliant
Athenahealth approved HIPAA Risk Advisor's report stating that Patient Education Genius is HIPAA compliant. Patient Education Genius achieved this in 20 days at a cost of less than $1,000 using the Jumpstart program from Compliance Helper and ACR2 Solutions.
Posted September 25, 2018 by Jack Anderson
Who is Causing your HIPAA Pain?
Someone is causing you HIPAA pain. It might be a client, business partner, new CISO, regulator or board of directors, but someone is demanding proof of HIPAA compliance. The challenge is finding some acceptable proof and we suggest that a HIPAA NIST CSF Risk Assessment is the answer.
Posted September 6, 2018 by Jack Anderson
NIST CSF Industry Standard for HIPAA
We still don't have a certification process for HIPAA but with the NIST CSF we have a standard that is accepted by HHS. Upgrading to the NIST CSF brings your HIPAA compliance program up to the standards in 2018. This is needed in addition to saving your previous compliance efforts such as policies, staff training and risk assessments done in a non-standard format.
Posted September 5, 2018 by Jack Anderson
Why HITRUST CSF needs NIST CSF
Why do you need NIST CSF even if you already have HITRUST CSF? Management and the board of directors may require NIST CSF.
Posted August 16, 2018 by Jack Anderson
Simple HIPAA Checklist
The simplest HIPAA checklist is a quarterly NIST CSF risk assessment. It reflects that you have edited and implemented NIST policies, documented staff training and updated your NIST CSF risk assessment.
Posted July 31, 2018 by Jack Anderson
NIST Policies
Trying to do an official certified NIST risk assessment from HIPAA policies written in the past is like translating hieroglyphics into English. The pathway to a Certified NIST Risk Assessment is having NIST policies in place. A NIST policy is one written to address a specific safeguard on the NIST CyberSecurity Framework (CSF).
Posted April 24, 2018 by Jack Anderson