Sign In

An official website of the United States government

U.S. Department of Health & Human Services

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cautionary Note

Health Care and Public Health Sector Cybersecurity Framework Implementation Guide


This publication is not intended to replace or subsume other cybersecurity-related activities, programs, processes, or approaches that Health Care and Public Health (HPH) Sector organizations have implemented or intend to implement, including any cybersecurity activities associated with legislation, regulations, policies, programmatic initiatives, or mission and business requirements. Additionally, this publication uses the words “adopt," “use," and “implement" interchangeably. These words are not intended to imply compliance or mandatory requirements.

This document was developed in part based on feedback provided by public and private sector organizations under the Critical Infrastructure Partnership Advisory Council (CIPAC)[1] framework. The U.S. Government has made no representation with respect to the sufficiency of this document in complying with any Federal requirement, nor does the U.S. Government endorse the use of this document or any products or services referenced within, over the use of any other products, services, frameworks, tools, or standards. This document is also considered a “living" document and subject to update, as needed, to best serve the health care industry.

<< Back                                                                                                                                                                              Next >>

1 Cybersecurity & Infrastructure Security Agency, CISA (2021a). Critical Infrastructure Partnership Advisory Council.