What is a NIST CSF and why should I care?

March 20, 2018

Proof of HIPAA compliance has always been a challenge, especially since HHS refuses to develop a certification process. The NIST CSF provides a set of standards and a process for cybersecurity compliance that meets and can exceed the HIPAA requirements.

An NIST risk assessment preferably done on a quarterly basis drives the process. It identifies areas where the standards have been met and where they have not been met. The areas needing work are listed by priority in the Gap Analysis and assignments to mitigate the risks along with timetables are recorded. These reports are the proof that can be provided to regulators, clients, or business partners.

The challenge with any CSF is the cost and time of implementation. Proprietary CSFs such as Hi Trust are very expensive because they require expensive on-site consultants as well as charging high fees for the use of their CSF. The NIST CSF was developed by the federal government and is free.

The Jumpstart approach developed by Compliance Helper and ACR2 Solutions uses the Internet to link consultants and clients, reducing consulting fees, and eliminating travel expense. Using this method an organization can reach initial HIPAA compliance with a few hours of editing over a few days. Initial costs can be as low as $249 with monthly maintenance of $69.50

For more information please contact Jack@compliancehelper.com

Back to News