The National Institute of Science and Technology has published what it's calling a draft update to its cybersecurity framework, which guides healthcare organizations and other industries in ways to reduce their exposure to cybercriminals.
The initial NIST framework was published in 2014 and was intended to help manage risk in the nation's infrastructure, such as bridges and the electric power grid. It has since been labeled a gold standard for security.
“We wrote this update to refine and enhance the original document and to make it easier to use,” said Matt Barrett, program manager for the Cybersecurity Framework at NIST, in a statement. “This update is fully compatible with the original framework, and the framework remains voluntary and flexible to adaptation.”
In November, the Healthcare Information and Management Systems Society issued a call for HHS to appoint a national chief information security officer specifically for the healthcare cybersecurity framework and spearhead an effort to address a workforce shortage in cybersecurity personnel.
Some security personnel recommend using the NIST framework, due to its greater depth and complexity, and not merely relying on periodic risk assessments to meet the security rule requirements of HIPPA.
NIST is accepting feedback on its draft. The deadline to submit comments is April 10, 2017.