Upload
love
View
185
Download
0
Embed Size (px)
DESCRIPTION
CSF Roadmap 2015 and Beyond. Presented By Bryan S. Cline, Ph.D. Presented For HITRUST. Introduction. Information Security Implementation Manual. Standards and Materials Leveraged. U.S. Healthcare Industry Implementation Standards. NIST 800 Series. HIPAA/HITECH. Control Objectives - PowerPoint PPT Presentation
Citation preview
CSF Roadmap2015 and Beyond
Presented ByBryan S. Cline, Ph.D.
Presented ForHITRUST
Page 2
Introduction
Information Security Implementation Manual
Compliance Reporting System
U.S. Healthcare Industry Implementation Standards
Control ObjectivesPrimary Ref: ISO/IEC 27002:2005
& ISO/IEC 27001:2005
Self Assessment Process
Certification Process
Standards and Regulations Cross Reference Matrix
HITRUST NIST COBIT HIPAA
Control 1 X X
Control 2 X X
Control 3 X
Standards and Materials Leveraged
HIPAA/HITECH
HITRUST member experience
NIST 800 Series
CMS
The Joint Commission
Others
FTC Red Flags
Mass. 201 CMR 17.00
Page 3
Outline
Page 3
Page 4
2014 CSF v6
Page 4
• NIST SP 800-53 r4 (Apr 2013 FPD)• CMS IS ARS v1.5 (2012)• NIST-CMS Harmonization (Publication Updates)• Title 1 TX Admin. Code 390.2 (TX Standards),
– Privacy requirements to support TX certification of the HIPAA Privacy Rule
– Dozens of other federal and state legislation and regulations related to the protection of health information
Page 5
Something new – 2014 CSF v6.1
Page 5
• PCI-DSS v3.0 (2013)• HIPAA Omnibus Rule (2013)• ISO/IEC 27001:2013 (2013)• ISO/IEC 27002:2013 (2013)• NIST Cybersecurity Framework v1 (2014)
Page 6
Something new – 2014 CSF v6.2
Page 6
• Minimum Acceptable Risk Safeguards–Exchanges (MARS-E) (2012)– Catalog of Minimum Acceptable Risk Controls for
Exchanges v1 (2012)– Includes references to IRS Pub 1075 requirements for FTI,
which also supports TX Covered Entity Privacy & Security Certification requirements
• NIST HSR Toolkit v1 (2011)– Unknown if NIST plans to update the tool
• OCR Audit Protocol v2 (2014)– When released– May also impact CSF Assurance Program
Page 7
• Considering COBIT 5, but …
2015 CSF v7 and beyond …
Page 8
See you in 2015!
Page 8
Dr. Bryan S. Cline, CISSP-ISSEP, CISM, CISA, CCSFP, HCISPPHITRUST Advisor