NIST is the federal agency responsible for establishing standards and measurement criteria for various industries, including manufacturing, health and bioscience, and cybersecurity. This draft update is intended to integrate with and expand upon a previous NIST Cybersecurity Guidelines revision released in 2008.
NIST Cybersecurity Framework for Healthcare – What it is
NIST’s new draft publication, formally titled Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide supports the ongoing efforts of the healthcare industry to maintain the confidentiality, integrity, and availability of electronic protected health information (ePHI).
The proposed update aims to create a comprehensive resource guide for healthcare organizations that incorporates the NIST Cybersecurity Framework and Security and Privacy Controls. Jeff Marron, a NIST cybersecurity specialist and the author of the update, said the efforts focus on creating a more actionable document by making explicit connections to these and other NIST cybersecurity resources.
“We have mapped all the elements of the HIPAA Security Rule to the Cybersecurity Framework subcategories to controls in NIST SP 800-53’s latest version,” Marron said. “We have increased our emphasis on the guidance’s risk management component, including integrating enterprise risk management concepts.”