Skip to main content

HPH Sector Cybersecurity Framework Implementation Guide

HPH Sector Cybersecurity Framework Implementation Guide

Version 2
March 2023

Download the PDF

Table of Contents

Overview
Executive Orders and Mandates
Potential Benefits of Health Care's Implementation of the NIST Cybersecurity Framework
Key Elements of a Cybersecurity Program
Ability to Incorporate Cyber-Physical Aspects of Cybersecurity

Overview
Implementation Process
Implementation Conclusion

Cybersecurity - An Increasing Risk
Standing Up a Cybersecurity Program to Reduce Risk
Leveraging the NIST Cybersecurity Framework
Summary

Purpose
Scope
Objectives
Roles and Responsibilities
Audience
Communication Phases of Implementation
Core Messages and Vehicles
Calendar of Events

Appendix K: Frequently Asked Questions

Tables and Figures

Table 1. Step 1: Prioritize and Scope Inputs, Activities, and Outputs
Table 2. Step 2: Orient Inputs, Activities, and Outputs
Table 3. Step 3: Target Profile Inputs, Activities, and Outputs
Table 4. Step 4: Risk Assessment Inputs, Activities, and Outputs
Table 5. Step 5: Current Profile Inputs, Activities, and Outputs
Table 6. Step 6: Gap Analysis Inputs, Activities, and Outputs
Table 7. NIST Maturity Levels
Table 8. Achievement Scales
Table 9. Step 7: Implement Action Plan Inputs, Activities, and Outputs
Table 10. Health Care Implementation Activities by Step
Table 11. Relationship of Cyber Implementation and HHS Risk Analysis Elements
Table 12. NIST Cybersecurity Framework Core Functions
Table 13. Roles and Responsibilities
Table 14. Phased Communication Goals
Table 15. Vehicle Selection
Table 16. Communication Vehicles

Figure 1. Notional Information and Decision Flows within an Organization
Figure 2. Health Care Implementation Process
Figure 3. NIST Risk Management Framework
Figure 4. Relating Cybersecurity Risk to Other Forms of Business Risk
Figure 5. Example NIST Cybersecurity Framework Scorecard
Figure 6. Generic Implementation Process
Figure 7. Relationship between NIST Cybersecurity Framework and Informative References