This presentation is a recording of a web event given on 1/19/2022 by Clearwater Senior Principal Consultant, Adam Nunn
As organizations look to invest more in cybersecurity, we recommend they build their program on a recognized framework. The NIST Cybersecurity Framework is the recommended framework for critical infrastructure industries like healthcare, and an increasing number of U.S. healthcare organizations are adopting the NIST Cybersecurity Framework as their framework of choice.
But adopting the Framework doesn’t necessarily mean that the target profile your organization selects is reasonable and appropriate. At Clearwater, we believe that Section 405(d) of the Cybersecurity Act of 2015, along with HIPAA requirements and the output of an organization’s risk analysis, is a great place to start for constructing a target profile under the NIST Cybersecurity Framework.
During this webinar, Clearwater Senior Principal Consultant Adam Nunn reviews the key elements of Section 405(d), its alignment to the NIST Cybersecurity Framework, and how it delivers the following benefits that are central to advancing cybersecurity practices:
- Provides additional context, guidance, and more concrete targets
- Identifies controls specific to the size of the organization
- Ensures alignment of threats and controls