Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP-800-37, NIST SP 800-53 Security.

Published byAshley May Modified over 8 years ago

Similar presentations

Presentation on theme: "Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP-800-37, NIST SP 800-53 Security."— Presentation transcript:

1 Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP-800-37, NIST SP 800-53 Security Guidelines (TBR), ISO 17799, etc. Lisa A. Gallagher, Senior Vice President URAC I&T Accreditations March 2003

2 Background NIST URAC VA Standards and Tools NIST/URAC Health Care Security Certification & Accreditation Workgroup

3 NIST and Information Security Raising awareness of IT risks, vulnerabilities and protection requirements, particularly for new and emerging technologies; Researching, studying, and advising agencies of IT vulnerabilities and devising techniques for the cost- effective security and privacy of sensitive Federal systems; Developing standards, metrics, tests and validation programs: –to promote, measure, and validate security in systems and services, –to educate consumers, and –to establish minimum security requirements for Federal systems Developing guidance to increase secure IT planning, implementation, management and operation. The mission of NIST's Computer Security Division is to improve information systems security by:

4 URAC URAC is a nonprofit, charitable organization founded in 1990 by various stakeholders in the health care community. URAC's mission is to promote greater consistency and uniformity in health care operations through accreditation programs, educational workshops, research and publications. Recent Work in Security –NIST/URAC HC Security C&A Workgroup –(Draft) HIPAA Security Accreditation for CEs and BAs

5 NIST/URAC Health Care Security Certification & Accreditation WG Mission Bring together key stakeholders from the public and private sectors to facilitate communication and consensus on best practices for information security in healthcare. Promote the implementation of a uniform approach to security practices and assessments by developing white papers and crosswalks, and provide educational programs, as appropriate. Goals Review NIST Special Publications 800-37 and 800-53 for possible use in the healthcare sector. Review other security standards such as the HIPAA Security Rule, ISO 17799, CMS' CAST requirements, Systems Security Engineering Capability Maturity Model (SSECMM), CMS Internet Security Requirements, among other possible requirements or standards. Develop a common set of health care security standards that will cover security policies, procedures, controls and auditing practices.

6 ISO The International Organization for Standardization (ISO) is a worldwide federation of national standards bodies from more than 140 countries. ISO's work results in international agreements which are published as International Standards. Similarly, the International Electrotechnical Commission (IEC) prepares and publishes international standards for all electrical, electronic and related technologies.

7 VA VA Office of Cyber Security, Center for Healthcare Information Security VA consolidated Cyber Security staff Responsible for cyber security initiatives to protect VA's IT assets Internal Directives and Policies Federal Government Regulations, Standards and Guidelines

8 Panel of Speakers Dr. Ron Ross, Ph.D., Director, Computer Security Division, NIST Topic: Assessing the Security of Federal Information Systems: The development of Standardized Certification and Accreditation Guidelines and Provider Organizations Arnold Johnson, Manager, Security Certification & Accreditation Assessment Program, Computer Security Division, NIST Topic: ISO/IEC 17799, Code of Practice for Information Security Management Dennis M. Seymour, CISSP, Director, Center for Healthcare Information Security, VA Office of Cyber Security Topic: VA Security Standards and Tools for Healthcare Security

Download ppt "Seeking a National Standard for Security: Developing a Systematic Crosswalk of the Final HIPAA Security Rule, the NIST SP-800-37, NIST SP 800-53 Security."

Similar presentations

Health Information Technology and Privacy: Is There a Path to Consensus? February 29, 2008 Jodi. G. Daniel, J.D., M.P.H. Director, Office of Policy and.

Health Information Technology and Privacy: Is There a Path to Consensus? February 29, 2008 Jodi. G. Daniel, J.D., M.P.H. Director, Office of Policy and.
PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM

PRINCIPLES OF A CALIBRATION MANAGEMENT SYSTEM
Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.

Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March 11, 2015.
Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.

Federal Risk and Authorization Management Program (FedRAMP) Lisa Carnahan, Computer Scientist National Institute of Standards & Technology Standards Coordination.
Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.

Health IT Privacy and Security Policy Jodi Daniel, J.D., M.P.H. Director, Office of Policy and Research, Office of the National Coordinator for Health.
Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.

Prepared for: DISA September 17, 2003 Establishing a Government Information Security System Presented to the IT AND COMMUNICATIONS SYSTEMS SECURITY CONFERENCE.
Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.

Interoperability Roadmap Comments Package Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair February 24, 2015.
NCI Enterprise Security Program

NCI Enterprise Security Program
CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D.

CSF Roadmap 2015 and Beyond Presented By Bryan S. Cline, Ph.D.
National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.

National Institute of Standards and Technology 1 NIST Guidance and Standards on System Level Information Security Management Dr. Alicia Clay Deputy Chief.
FORMS FOR THE FUTURE CTBCP Annual Meeting March 20, 2014 Maryland Department of Health and Mental Hygiene Prevention and Health Promotion Administration.

FORMS FOR THE FUTURE CTBCP Annual Meeting March 20, 2014 Maryland Department of Health and Mental Hygiene Prevention and Health Promotion Administration.
Security Controls – What Works

Security Controls – What Works
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.

Update on Interoperability Roadmap Comments Sections E, F, and G Transport & Security Standards Workgroup Dixie Baker, chair Lisa Gallagher, co-chair March.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Consumer Work Group Presentation Federal Health IT Strategic Plan 2015-2020 January 9, 2015 Gretchen Wyatt Office of Planning, Evaluation, and Analysis.

Consumer Work Group Presentation Federal Health IT Strategic Plan January 9, 2015 Gretchen Wyatt Office of Planning, Evaluation, and Analysis.
Alabama GIS Executive Council November 17, 2009. Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.

Alabama GIS Executive Council November 17, Alabama GIS Executive Council Governor Bob Riley signs Executive Order No. 38 on November 27 th, 2007.
Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.

Affiliated Information Security Collaborative An Affiliated Enterprise Approach to Information Security Deans and Vice Presidents Meeting April 17, 2014.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”
Management of the Internet

Management of the Internet

Similar presentations

Ads by Google