NWS HIPAA Security Team High Level Objectives

1. NWS HIPAA Security TeamHigh Level Objectives • Phase 1 - Network Discovery Objective: Identify & document the DHHS technical infrastructure. Timeframe: September 2001 – December 2001 • Phase 2 - Security Assessments Objective: Perform security evaluations on network devices. Timeframe: January 2002 - TBA • Phase 3 - Implementation Objective: Implement technical solutions. Timeframe: TBA

2. HIPAA Security LAN (DHHS Location) Dial In/Out Connections WAN (State Network) Connections to External Partners Internet Router Mainframe HIPAA Security Initiative

3. How is NWS going to perform Network Discovery? • Contact the HIPAA Coordinator at each division, when we are ready to perform discovery at that respective division. • Schedule a briefing for divisional technical personnel, who will be identified by HIPAA Coordinator (optional, at coordinator’s discretion). At minimum, NWS will need an IT contact for each facility. • Utilizing “network discovery” software from a central location, NWS will identify network devices and categorize by division & facility. • Compare discovery results to all existing network inventory information. Examples would be Y2K data and Asset Insight inventory information. • Contact IT personnel (identified above) at each facility to verify collected information and collect any additional information required. This will, in some cases, require site visits.