Affordable Software For Security Assessments

egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
Hello all,

Do any of you more experienced folks know where to find affordable software for use in security compliance assessments for areas listed below:

  • HIPAA/HITECH
  • 800-115
  • PCI DSS
  • FedRAMP
  • 800-53 
  • 800-171
  • 800-66
  • NIST CSF
  • ISO 27001

    If I were to pick one that I'm absolutely looking for it's the HIPAA/HITECH assessment software, however if you know about a comprehensive solution that'll be very awesome as well.  As always thanks in advance for your suggestions, tips, and comments.

B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+

Comments

  • yoba222yoba222 Member Posts: 1,237 ■■■■■■■■□□
     If Microsoft salespeople had their way, all you'd need to manage a project would be to purchase a license to Microsoft Office Project 2020 and you could point and click manage the project  easy as 1-2-3. Similarly, getting compliant isn't as easy as throwing software at the environment. My company does this for clients sometimes and there's are reason why we charge a decent chunk of money to do it. That said, we don't really use one piece of software to do it all. Depends on what specific task needs doing. Many things are free, but need setting up and dedicated man-hours to monitor and maintain.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□
    Thanks Yoba. You're awesome.  Can you share some of the free risk assessment software you've come across? 
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
  • AprilPowersAprilPowers Member Posts: 1 ■□□□□□□□□□
    Hello there,
    You should check out the Implementing Controls for HIPAA Compliance videos here on InfoSec, it talks about a free SRA tool that was developed by the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR). This tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program. Hope this helps.

    Have a good day.
  • SeverineSeverine Member Posts: 33 ■■■□□□□□□□
    There is not a single software that fits all the requirements. Affordable software for use in security compliance assessments for areas which you have listed depends upon the issues, its priority. 
  • cshkurucshkuru Member Posts: 246 ■■■■□□□□□□
    Check out CSET from Department of Homeland Security. https://github.com/cisagov/cset/releases
  • egrizzlyegrizzly Member Posts: 533 ■■■■■□□□□□

    @cshkuru That CSET tool looks to be specifically for people evaluating security of Critical Infrastructure.  Even the diagrams are critical-infrastructure specific.  Do you think there's an equivalent of the CSET tool for your typical business configuration?  Examples below:

    1. An accounting office with 50-100 employees.
    2. A Marketing firm with 1000-10000 employees.
    3. A Transportation corporation with 10,000 - 50,000 employees.

    Anyways, still, thanks for engaging the thread.
    B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+
Sign In or Register to comment.