As part of our journey on the HITRUST RightStart program, we once again arrived in the office early to push on HITRUST certification.
Today we dove into and completed Section 10 of the HITRUST Assessment, Password Management.
We also put Section 8, Network Protection, into a rear naked choke hold. In other words, we put it down.
This post is another Behind The Scenes (BTS) look at our progress today.
Password Management is outlined in Section 10 of the HITRUST assessment. There are 14 controls to address within it.
Here’s what I worked on today for Password Management:
- Encryption of passwords during transmission (in-motion) and when stored at-rest.
- Documentation and implementation of hashing passwords when stored at-rest
- Providing documentation that we avoid the use of sending unprotected (clear text) email messages for the dissemination of passwords (definitely a low hanging fruit for us).
Network Protection is covered in Section 8 of the HITRUST assessment. There are 14 controls that require coverage.
Here are the memorable components that I worked on today for Network Protection:
- Documenting the Paubox Zero Trust Network Security model
- Network Diagram policy and procedures
- Application-level firewalls
HITRUST Caffeine Intake Methodology
— Hoala Greevy (@HoalaGreevy) January 10, 2019
Caffeine consumption is surging during our HITRUST push.
“Casual Ascent of Mount Everest” and the Rise of Banter
As we continued to put HITRUST controls into a state of Compliance Purgatory, I began to note the rise of competitive banter between Tyler “Commish” Dornenburg and myself.
Also observed today was when our Director of Engineering, Jonathan “BBQ” Greeley, slacked me:
“You’re starting the year off with a casual ascent of Mount Everest here.”
We managed to meet our daily quota of achievement before 4pm today. That’s a good day’s work.
In summary for today, I’ll go the way of Ari Melber and end it with a reference to 90s hip hop:
Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain.
In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.