Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod.
An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The use of the NIST Cybersecurity Framework’s Informative References along with other tools and approaches discussed previously is an important step that the HPH Sector organizations can take to align their cybersecurity programs with existing sector-level goals and guidelines. The approaches below can also be used to increase knowledge and enhance cybersecurity practices. Inclusion of non-federal resources should not imply endorsement by HHS. Use of any of these resources is neither required by, nor guarantees compliance with, federal, state, or local laws. Please note that the information presented may not be applicable or appropriate for all health care providers and organizations.
55 CIS (2020). CIS Controls®. 56 US-CERT (2020a). Assessments: Cyber Resilience Review (CRR). 57 Health IT (2020). Security Risk Assessment Tool. 58 HPH Risk Identification and Site Criticality (RISC) Toolkit 1.0. 59 405(d) (2022). HHS 405(d) Aligning Health Care Industry Security Approaches. 60 HHS (2022b). Health Sector Cybersecurity Coordination Center (HC3). 61 ISO (2016). Health informatics – Information security management in health using ISO/IEC 27002 (ISO 27799: 2016) 62 HSCC CWG (2019, Jan). Medical Device and Health IT Joint Security Plan. 63 HSCC CWG (2020, Sep).