HITRUST, a health industry stakeholder consortium, has issued guidance on how best to use its Common Security Framework of best practices to assess an organization’s cybersecurity preparedness.

“Having access to cyber threat intelligence and sharing information regarding threats, attacks and incidents is extremely important; however, a prerequisite is ensuring organizations have the appropriate safeguards in place,” according to the guidance. “Organizations must have the means by which to review their current level of preparedness, which is contingent upon the identification of an appropriate subset of controls most directly related to detecting and thwarting cyber-related breaches.”

Consequently, the guidance identifies a specific set of Common Security Framework controls related to cybersecurity, and includes a new feature to simplify data collection and reporting processes. The guidance includes charts that separate the 135 CSF controls into three categories for assessing cybersecurity: most relevant, relevant but requiring further analysis, and least relevant.

The controls are grouped into the following functions: Access control, technical compliance checking, controls against mobile code, electronic messaging, electronic commerce services, on-line transactions, administrator and operation logs, fault logging, security requirements analysis and specification, and reporting security weaknesses.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access