Affordable Software For Security Assessments

Hello all,

Do any of you more experienced folks know where to find affordable software for use in security compliance assessments for areas listed below:

HIPAA/HITECH
800-115
PCI DSS
FedRAMP
800-53
800-171
800-66
NIST CSF
ISO 27001

If I were to pick one that I'm absolutely looking for it's the HIPAA/HITECH assessment software, however if you know about a comprehensive solution that'll be very awesome as well. As always thanks in advance for your suggestions, tips, and comments.

Find more posts tagged with

Comments

yoba222

If Microsoft salespeople had their way, all you'd need to manage a project would be to purchase a license to Microsoft Office Project 2020 and you could point and click manage the project easy as 1-2-3. Similarly, getting compliant isn't as easy as throwing software at the environment. My company does this for clients sometimes and there's are reason why we charge a decent chunk of money to do it. That said, we don't really use one piece of software to do it all. Depends on what specific task needs doing. Many things are free, but need setting up and dedicated man-hours to monitor and maintain.

egrizzly

Thanks Yoba. You're awesome. Can you share some of the free risk assessment software you've come across?

AprilPowers

Hello there,
You should check out the Implementing Controls for HIPAA Compliance videos here on InfoSec, it talks about a free SRA tool that was developed by the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR). This tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program. Hope this helps.

Have a good day.

Severine

There is not a single software that fits all the requirements. Affordable software for use in security compliance assessments for areas which you have listed depends upon the issues, its priority.

cshkuru

Check out CSET from Department of Homeland Security. https://github.com/cisagov/cset/releases

egrizzly

@cshkuru That CSET tool looks to be specifically for people evaluating security of Critical Infrastructure. Even the diagrams are critical-infrastructure specific. Do you think there's an equivalent of the CSET tool for your typical business configuration? Examples below:

1. An accounting office with 50-100 employees.
2. A Marketing firm with 1000-10000 employees.
3. A Transportation corporation with 10,000 - 50,000 employees.

Anyways, still, thanks for engaging the thread.