1 / 9

CSF Roadmap 2015 and Beyond

This presentation by Dr. Bryan S. Cline explores the roadmap for HITRUST CSF implementation standards in the US healthcare industry, including NIST 800 series, HIPAA/HITECH, ISO/IEC 27001:2005, and ISO/IEC 27002:2005. It also covers the certification process, self-assessment, and other relevant regulations. Updates for 2014 CSF v6.1 and v6.2 are discussed, along with new developments for 2015 CSF v7 and beyond.

letendre
Download Presentation

CSF Roadmap 2015 and Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSF Roadmap2015 and Beyond Presented By Bryan S. Cline, Ph.D. Presented For HITRUST

  2. Introduction Information Security Implementation Manual Standards and Materials Leveraged U.S. Healthcare Industry Implementation Standards NIST 800 Series HIPAA/HITECH Control Objectives Primary Ref: ISO/IEC 27002:2005 & ISO/IEC 27001:2005 HITRUST member experience CMS FTC Red Flags Compliance Reporting System Mass. 201 CMR 17.00 Standards and Regulations Cross Reference Matrix Self Assessment Process The Joint Commission Others Certification Process

  3. Outline

  4. 2014 CSF v6 • NIST SP 800-53 r4 (Apr 2013 FPD) • CMS IS ARS v1.5 (2012) • NIST-CMS Harmonization (Publication Updates) • Title 1 TX Admin. Code 390.2 (TX Standards), • Privacy requirements to support TX certification of the HIPAA Privacy Rule • Dozens of other federal and state legislation and regulations related to the protection of health information

  5. Something new – 2014 CSF v6.1 • PCI-DSS v3.0 (2013) • HIPAA Omnibus Rule (2013) • ISO/IEC 27001:2013 (2013) • ISO/IEC 27002:2013 (2013) • NIST Cybersecurity Framework v1 (2014)

  6. Something new – 2014 CSF v6.2 • Minimum Acceptable Risk Safeguards–Exchanges (MARS-E) (2012) • Catalog of Minimum Acceptable Risk Controls for Exchanges v1 (2012) • Includes references to IRS Pub 1075 requirements for FTI, which also supports TX Covered Entity Privacy & Security Certification requirements • NIST HSR Toolkit v1 (2011) • Unknown if NIST plans to update the tool • OCR Audit Protocol v2 (2014) • When released • May also impact CSF Assurance Program

  7. 2015 CSF v7 and beyond … • Considering COBIT 5, but …

  8. See you in 2015!

  9. Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPP HITRUST Advisor Bryan.Cline@HITRUSTalliance.net

More Related