NIST Small Business Cybersecurity Corner has a good description of how to adopt the NIST Cybersecurity Framework as a do it your self project, or you can engage us to Jumpstart the process. https://www.nist.gov/itl/smallbuisinesscyber ###
Posted March 5, 2019 by Jack Anderson
HITRUST announces a pre conference topic "Implementation of the NIST Cybersecurity Framework with the HITRUST Approach". Why is HITRUST marketing the NIST CSF and what is their "HITRUST approach"?
Posted February 26, 2019 by Jack Anderson
Editing, adopting, and implementing NIST poilicies creates quarterly NIST CSF risk assessments in the Jumpstart program.
Posted February 21, 2019 by Jack Anderson
Identifying Safeguards that ate Not Reasonable or Appropriate for your organization can Jumpstart the NIST CSF Risk Assessment process.
Posted February 12, 2019 by Jack Anderson
Example of NIST CSF Safeguard: AT-1 SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES The group writes a security awareness and training policy. The policy will be given to all affected personnel and will be reviewed and updated several times a year. The security awareness and training policy states the purpose for the training, who will carry it out, and what their jobs will entail. The group writes procedures that state how the policy will be carried out. The security awareness and training policy and procedures comply with all laws and rules applicable to the group.
Posted February 5, 2019 by Jack Anderson
SAFEGUARDS Definition(s): The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information. Source(s): CNSSI 4009-2015
Posted January 29, 2019 by Jack Anderson
A NIST HIPAA policy is a policy written specifically to meet the requirements of a NIST Safeguard. Adopting and implementing the policy results in a higher score on the NIST CSF risk assessment, the new standard for HIPAA compliance.
Posted January 16, 2019 by Jack Anderson
Athenahealth approved HIPAA Risk Advisor's report stating that Patient Education Genius is HIPAA compliant. Patient Education Genius achieved this in 20 days at a cost of less than $1,000 using the Jumpstart program from Compliance Helper and ACR2 Solutions.
Posted September 25, 2018 by Jack Anderson
Someone is causing you HIPAA pain. It might be a client, business partner, new CISO, regulator or board of directors, but someone is demanding proof of HIPAA compliance. The challenge is finding some acceptable proof and we suggest that a HIPAA NIST CSF Risk Assessment is the answer.
Posted September 6, 2018 by Jack Anderson
We still don't have a certification process for HIPAA but with the NIST CSF we have a standard that is accepted by HHS. Upgrading to the NIST CSF brings your HIPAA compliance program up to the standards in 2018. This is needed in addition to saving your previous compliance efforts such as policies, staff training and risk assessments done in a non-standard format.
Posted September 5, 2018 by Jack Anderson