While many are adamant about using NIST SP 800-53a Rev 4~ for HIPAA / HITECH there is precedent for using alternatives.
Preference should be given to hybrid frameworks that use HITRUST CSF and / or ISF SOGP as they use a combination of 800-53, COBIT, and / or ISO.
The genesis for building on controls are the new technologies, new attack vectors / threats, and a renewed emphasis on deeper dives into the proper deployment of controls / safeguards.
No comments:
Post a Comment