APPENDIX – CYBERSECURITY RESOURCES

 

A selected list of federal resources providing cybersecurity tips and guidance are presented below.

 

1. Department of Health and Human Services (HHS)

• The HHS Office for Civil Rights (OCR) is the lead agency for HIPAA Privacy and Security. Access OCR resources at: HHS.gov/ocr/index.html
• The HHS Office of the National Coordinator for Health Information Technology (ONC) offers security resources including a risk assessment tool, found here: https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool
• HHS authorized the 405(d) Program, a collaborative effort between The Health Sector Coordinating Council and the federal government to align healthcare industry security practices.
• The 405(d) Program is focused on providing organizations across the nation with useful and impactful Healthcare and Public Health (HPH) focused resources, products, and tools that help educate, raise awareness, and provide vetted cybersecurity best practices which drive behavioral change and strengthen the sector’s cybersecurity posture against cyber threats.
• These cybersecurity activities also support healthcare organizations, as covered entities, comply with the Health Information Portability and Accountability Act (HIPAA) requirements.
• https://405d.hhs.gov/information
• https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
• https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

 

2. National Institute of Standards and Technology (NIST)

• NIST, an agency within the U.S. Department of Commerce, serves to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.
• NIST has updated the widely used Cybersecurity Framework (CSF), its landmark guidance document for reducing cybersecurity risk. The NIST CSF is a voluntary guidance that helps businesses of all sizes better understand, assess, manage, and reduce their cybersecurity risk and protect their networks and data.
• The CSF is not a one-size-fits-all approach to managing cybersecurity risks. NIST has developed a guidance titled, NIST Cybersecurity Framework 2.0: Small Business Quick Start Guide, to help small organizations to consider and record their own risk tolerances, priorities, threats, vulnerabilities, requirements, etc.
• NIST also created an online Small Business Cybersecurity Corner with resources and guides contributed from other government agencies and non-profit organizations to meet the cybersecurity needs of the small business community.
• https://www.nist.gov/cyberframework
• https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1300.pdf
• https://www.nist.gov/itl/smallbusinesscyber

 

3. Federal Communication Commission (FCC)
   • The  FCC regulates communications by radio, television, wire, satellite, and cableacross the United States. The FCC maintains jurisdiction over the areas of broadband access, fair competition, radio frequency use, media responsibility, public safety, and homeland security.
   • The FCC recognizes that the Internet promotes efficiency, productivity, and market growth in all business, but that cybersecurity should be a part of operational plan to protect business systems, network and data. The FCC has created the Small Biz Cyber Planner 2.0 to help small businesses create customized cybersecurity plans, along with other online resources.
   • https://www.fcc.gov/communications-business-opportunities/cybersecurity-small-businesses

 

4. Federal Trade Commission (FTC)
   • The FTC is an agency in the U.S. Government that enforces federal consumer protection laws, and federal antitrust laws, to protect consumers, prevent fraud, deception and unfair business practices and anti-competition through law enforcement, advocacy, and education without unduly burdening legitimate business activity.
   • In support of the small business trade protection, FTC has made available a few cybersecurity resources, per the links below.
   • https://www.ftc.gov/business-guidance/small-businesses/cybersecurity
   • https://www.ftc.gov/system/files/attachments/cybersecurity-small-business/cybersecuirty_sb_factsheets_all.pdf

 

5. Cybersecurity and Infrastructure Security Agency (CISA)
   • CISA is a federal agency under the Department of Homeland Security (DHS), acting as operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. CISA works to understand, manage, and mitigate risk to the nation's cyber and physical infrastructure in the public and private sectors.
   • With 16 critical infrastructure sectors identified that cut across many different industries, CISA advocates for appropriate cybersecurity measures at the forefront to protect the nation’s security. However, CISA also places important focus on the smaller business operations within these 16 sectors.
   • https://www.cisa.gov/cyber-guidance-small-businesses
   • https://www.cisa.gov/topics/cybersecurity-best-practices

 

6. Department of Defense (DoD) Office of Small Business Programs

• The DoD provides the military forces needed to deter war and ensure our nation's security. It is a massive organization that requires support from a wide range of suppliers and contractors, ranging from corporations with global reach, to national enterprises, and small business owners.
• DoD has strict security and cybersecurity requirements for its contractors and suppliers. They are mandated to demonstrate their ability to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in order to do business with DoD and other Federal agencies handling FCI and CUI. To assist with cybersecurity compliance, the DoD Office of Small Business Programs has made available certain cyber security resources for reference.
• https://business.defense.gov/Programs/Cyber-Security-Resources/

 

7. S. Small Business Administration (SBA)
   • The SBA is a federal agency that supports American entrepreneurs and small business owners to start, build, and grow their businesses. Through an extensive network of field offices and partnerships, the SBA assists and protects the interests of small business concerns, including cybersecurity.
   • https://www.sba.gov/business-guide/manage-your-business/strengthen-your-cybersecurity

 

 

 

https://www.wedi.org/assets/pdf/Cybersecurity+Resources+7.8.24