Cybersecurity is a community practice. Different innovations and discussions about new vulnerabilities, threats and controls inevitably influence security implementations in multiple markets and industries, depending on their applicability. This is just as true for healthcare, an industry generally governed by HIPAA. HIPAA, however, is complex, and organizations working in healthcare often look outside their own industry to help them better understand cybersecurity outside just hitting compliance checklists. That’s where NIST 800-66 comes in. 

In this article, we’ll discuss HIPAA security and how it relates to NIST 800-66. This NIST document helps healthcare providers under HIPAA understand more advanced security controls that could support their compliance, privacy and cybersecurity controls. 

Read More

Risk assessment has been and continues to be, one of the more challenging cybersecurity practices that many organizations will put into place. Unlike simple security control implementation and maintenance, risk assessment calls for your organization to understand how adopting, or not adopting, particular controls, operations or processes can impact security.

As the federal government and the defense supply chain are turning more and more attention to the importance of cybersecurity (including President Biden’s Executive Order on the subject and the several bills in Congress addressing limitations in our security posture), businesses working in that area will be expected to implement risk-based compliance. This fact, in turn, means that you must understand critical government frameworks that speak about risk. 

In this article, we are discussing NIST 800-30 and how it serves as a foundation for risk assessment in government compliance. 

Read More

It makes sense that some of the more powerful and rigorous security regulations are in the federal government. As federal agencies turn to third-party IT vendors to fulfill their missions, the demand for transparent, translatable and effective security regulations is only increasing. That’s why NIST 800-53, now on its fifth revision, is so important for agencies and contractors alike. 

Here, learn more about NIST 800-53, why it is so important to government (and, increasingly, private sector) IT security and why it benefits you to consider adopting its standards. 

Read More