Software Engineering Institute

Matthew Trevors and Robert Vrtis, CERT Cybersecurity Assurance team, and Greg Porter, Carnegie Mellon University Heinz College, worked together to map the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the practice questions found in the CERT® Cyber Resilience Review (CRR). This mapping grants public heath organizations the additional ability to use CRR results to examine their current baseline with respect to the HIPAA Security Rule and the NIST Cybersecurity Framework (CSF). The bulletin contains links to the full mapping as well as an article that provides more general details behind the purpose of this mapping and what it can do.