Version History
Health Care and Public Health Sector Cybersecurity Framework Implementation Guide
| Version | Date | Drafted By | Description |
|---|---|---|---|
| 1.0 | 31 Dec 2015 | HPH Joint Cybersecurity WG, Risk Management SG | Final document consolidating content from multiple documents/resources to support intent of broader implementation guidance for the HPH sector and incorporating comments from the Risk Mgmt. Sub-working Group, the Public, and a final review by HHS. Contains placeholders for additional content being developed by the Risk Mgmt. Sub-Working Group for the next version of the Guide. |
| 1.1 | 15 May 2016 | HPH Joint Cybersecurity WG, Risk Management SG | Incorporates OCR's NIST Cybersecurity Framework-to-HIPAA crosswalk, updates CNSSI No. 4009 definitions to reflect its 2015 release; and makes other minor corrections. |
| 2.0 | 20 Apr 2022 | HSCC CWG TG-1A and HHS CWG | Generalizes the implementation approach to reflect how tailored overlays of one or more NIST Cybersecurity Framework Informative References can be leveraged to create an organization or industry sector-specific control overlay. Expands on the framework-based approach to risk analysis. Removes/adds various appendices to accommodate work performed elsewhere in the JCWG. Includes additional updates stemming from the release of v1.1 of the NIST Cybersecurity Framework. |