search menu icon-carat-right cmu-wordmark

Cyber Resilience Review-HIPAA Mapping; Arming the Analyst

This April 4, 2018 SEI Bulletin talks about a recent collaboration between SEI and CMU on a mapping of the HIPAA Security Rule to the SEI Cyber Resilience Review (CRR).

Software Engineering Institute


Matthew Trevors and Robert Vrtis, CERT Cybersecurity Assurance team, and Greg Porter, Carnegie Mellon University Heinz College, worked together to map the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to the practice questions found in the CERT® Cyber Resilience Review (CRR). This mapping grants public heath organizations the additional ability to use CRR results to examine their current baseline with respect to the HIPAA Security Rule and the NIST Cybersecurity Framework (CSF). The bulletin contains links to the full mapping as well as an article that provides more general details behind the purpose of this mapping and what it can do.