Additional Resources to Support Framework Use Goals

Health Care and Public Health Sector Cybersecurity Framework Implementation Guide 

The use of the NIST Cybersecurity Framework's Informative References along with other tools and approaches discussed previously is an important step that the HPH Sector organizations can take to align their cybersecurity programs with existing sector-level goals and guidelines. The approaches below can also be used to increase knowledge and enhance cybersecurity practices. Inclusion of non-federal resources should not imply endorsement by HHS. Use of any of these resources is neither required by, nor guarantees compliance with, federal, state, or local laws. Please note that the information presented may not be applicable or appropriate for all health care providers and organizations.

⁵⁵ CIS (2020). CIS Controls‌®.
⁵⁶ US-CERT (2020a). Assessments: Cyber Resilience Review (CRR).
⁵⁷ Security Risk Assessment Tool.
⁵⁸ HPH Risk Identification and Site Criticality (RISC) Toolkit 1.0.
⁵⁹ HHS 405(d) Aligning Health Care Industry Security Approaches.
⁶⁰ Health Sector Cybersecurity Coordination Center (HC3).
⁶¹ Health informatics – Information security management in health using ISO/IEC 27002 (ISO 27799: 2016)
⁶² Medical Device and Health IT Joint Security Plan.
⁶³ HSCC CWG (2020, Sep).