CIS Controls Successfully Mapped to Healthcare and Public Health Sector-Specific Cybersecurity Performance Goals

EAST GREENBUSH, N.Y., Sep. 3, 2024 – The Center for Internet Security, Inc. (CIS®) is pleased to announce the successful mapping of CIS Critical Security Controls® (CIS Controls®) v8.1 to the U.S. Department of Health and Human Services' Healthcare and Public Health (HHS HPH) cybersecurity performance goals (CPGs).

In an era where cyber threats are escalating, the need for robust cybersecurity measures is more critical than ever, particularly in sensitive sectors such as healthcare. This mapping is a significant step forward in enhancing the protection of healthcare organizations across the United States.

The CIS Controls are a prescriptive, prioritized, and simplified set of best practices that organizations can use to strengthen their cybersecurity posture. They encompass a spectrum of tasks such as inventory and control of hardware and software assets, continuous vulnerability management, controlled use of administrative privileges, and incident response planning. By implementing the CIS Controls, organizations can significantly reduce their risk of cyber attacks, safeguarding their data, systems, and network infrastructure.

The HPH CPGs serve as a critical roadmap for creating a resilient healthcare system and maintaining crucial healthcare services across the public health environment. The goals focus on reducing vulnerabilities, strengthening systems against attacks, and ensuring swift recovery if compromised.

"The compatibility between CIS Controls v8.1 and the HPH CPGs delivers an invaluable cybersecurity resource tailored for the healthcare industry," said Curtis Dukes, CIS Executive Vice President and General Manager, Security Best Practices. "It offers organizations in this sector a clear pathway toward increased efficiency in managing security risks while optimizing their efforts on ensuring patient safety through data integrity."

The mapping of these two industry-leading resources creates an integrated framework where both sets of controls complement each other. It ensures that health care organizations using the CPGs can bridge any gaps in their security defenses by consulting the corresponding CIS Controls.

Download the mapping here.

Want to see how the CIS Critical Security Controls fit into your broader security program? Use our CIS Controls Navigator to explore how they map to other security standards.

For more information on the CIS Controls v8.1 mapping to HPH CPGs, please contact CIS Sr. Media Relations Manager Kelly Wyland at [email protected] or 518-256-6978.

About CIS

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit, responsible for the CIS Critical Security Controls® and CIS Benchmarks™, globally recognized best practices for securing IT systems and data. We lead a global community of IT professionals to continuously refine these standards to proactively safeguard against emerging threats. Our CIS Hardened Images® provide secure, on-demand, scalable computing environments in the cloud. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial (SLTT) government entities, and the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®), which supports the cybersecurity needs of U.S. election offices. To learn more, visit CISecurity.org or follow us on X: @CISecurity.