HITRUST (BTS): Password management & network protection

Password Management

• Encryption of passwords during transmission (in-motion) and when stored at-rest.
• Documentation and implementation of hashing passwords when stored at-rest
• Providing documentation that we avoid the use of sending unprotected (clear text) email messages for the dissemination of passwords (definitely a low hanging fruit for us).

Network Protection

• Documenting the Paubox Zero Trust Network Security model
• Network Diagram policy and procedures
• Application-level firewalls

HITRUST Caffeine Intake Methodology

Caffeine intake increase via #HITRUST certification process pic.twitter.com/y60McScVUP

— Hoala Greevy (@HoalaGreevy) January 10, 2019

Caffeine consumption is surging during our HITRUST push.

"Casual Ascent of Mount Everest" and the Rise of Banter

As we continued to put HITRUST controls into a state of Compliance Purgatory, I began to note the rise of competitive banter between Tyler "Commish" Dornenburg and myself. Also observed today was when our Director of Engineering, Jonathan "BBQ" Greeley, slacked me: "You're starting the year off with a casual ascent of Mount Everest here." We managed to meet our daily quota of achievement before 4pm today. That's a good day's work. In summary for today, I'll go the way of Ari Melber and end it with a reference to 90s hip hop:

HITRUST

Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.