Sign In
Search Icon
Menu Icon

Version History

Health Care and Public Health Sector Cybersecurity Framework Implementation Guide

Drafted By

31 Dec 2015
HPH Joint Cybersecurity WG, 
Risk Management SG

Final document consolidating content from multiple documents/resources to support intent of broader implementation guidance for the HPH sector and incorporating comments from the Risk Mgmt. Sub-working Group, the Public, and a final review by HHS. Contains placeholders for additional content being developed by the Risk Mgmt. Sub-Working Group for the next version of the Guide.

15 May 2016
HPH Joint Cybersecurity WG, 
Risk Management SG 

Incorporates OCR’s NIST Cybersecurity Framework-to-HIPAA crosswalk, updates CNSSI No. 4009 definitions to reflect its 2015 release; and makes other minor corrections. 

20 Apr 2022
HSCC CWG TG-1A and HHS CWG Generalizes the implementation approach to reflect how tailored overlays of one or more NIST Cybersecurity Framework Informative References can be leveraged to create an organization or industry sector-specific control overlay. Expands on the framework-based approach to risk analysis. Removes/adds various appendices to accommodate work performed elsewhere in the JCWG. Includes additional updates stemming from the release of v1.1 of the NIST Cybersecurity Framework.

<< Back                                                                                                                                                                              Next >>

CIP Right-Nav