The current NIST Cybersecurity Resource Guide is designed to educate readers and amplify their awareness of resources relevant to the Security Rule. The fourth reason for why NIST is seeking public comment, to “provide detailed implementation guidance for covered entities and business associates,” is of particular importance.
Many organizations find themselves in a bind when it comes to understanding what is required of them under the HIPAA Security Rule. The HIPAA Security Rule was deliberately written as a high-level set of requirements and safeguards. Current NIST guidance was written in the opposite manner, providing extensive, even minute, cybersecurity guidance.