Sign In

An official website of the United States government

U.S. Department of Health & Human Services

Official websites use .gov

A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Version History

Health Care and Public Health Sector Cybersecurity Framework Implementation Guide


Version
Date
Drafted By
Description
1.0

31 Dec 2015
HPH Joint Cybersecurity WG, 
Risk Management SG

Final document consolidating content from multiple documents/resources to support intent of broader implementation guidance for the HPH sector and incorporating comments from the Risk Mgmt. Sub-working Group, the Public, and a final review by HHS. Contains placeholders for additional content being developed by the Risk Mgmt. Sub-Working Group for the next version of the Guide.

1.1
15 May 2016
HPH Joint Cybersecurity WG, 
Risk Management SG 


Incorporates OCR’s NIST Cybersecurity Framework-to-HIPAA crosswalk, updates CNSSI No. 4009 definitions to reflect its 2015 release; and makes other minor corrections. 

2.0
20 Apr 2022
HSCC CWG TG-1A and HHS CWG Generalizes the implementation approach to reflect how tailored overlays of one or more NIST Cybersecurity Framework Informative References can be leveraged to create an organization or industry sector-specific control overlay. Expands on the framework-based approach to risk analysis. Removes/adds various appendices to accommodate work performed elsewhere in the JCWG. Includes additional updates stemming from the release of v1.1 of the NIST Cybersecurity Framework.

<< Back                                                                                                                                                                              Next >>