Affordable Software For Security Assessments

egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+Member Posts: 385 ■■■■□□□□□□
Hello all,

Do any of you more experienced folks know where to find affordable software for use in security compliance assessments for areas listed below:

  • HIPAA/HITECH
  • 800-115
  • PCI DSS
  • FedRAMP
  • 800-53 
  • 800-171
  • 800-66
  • NIST CSF
  • ISO 27001

    If I were to pick one that I'm absolutely looking for it's the HIPAA/HITECH assessment software, however if you know about a comprehensive solution that'll be very awesome as well.  As always thanks in advance for your suggestions, tips, and comments.

Comments

  • yoba222yoba222 Senior Member Member Posts: 1,206 ■■■■■■■■□□
     If Microsoft salespeople had their way, all you'd need to manage a project would be to purchase a license to Microsoft Office Project 2020 and you could point and click manage the project  easy as 1-2-3. Similarly, getting compliant isn't as easy as throwing software at the environment. My company does this for clients sometimes and there's are reason why we charge a decent chunk of money to do it. That said, we don't really use one piece of software to do it all. Depends on what specific task needs doing. Many things are free, but need setting up and dedicated man-hours to monitor and maintain.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • egrizzlyegrizzly B.Sc (Info. Systems), CISSP, CCNA, CCNP, Security+ Member Posts: 385 ■■■■□□□□□□
    Thanks Yoba. You're awesome.  Can you share some of the free risk assessment software you've come across? 
  • AprilPowersAprilPowers Member Posts: 1 ■□□□□□□□□□
    Hello there,
    You should check out the Implementing Controls for HIPAA Compliance videos here on InfoSec, it talks about a free SRA tool that was developed by the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR). This tool is designed to help healthcare providers conduct a security risk assessment as required by the HIPAA Security Rule and the Centers for Medicare and Medicaid Service (CMS) Electronic Health Record (EHR) Incentive Program. Hope this helps.

    Have a good day.
  • SeverineSeverine Member Posts: 33 ■■■□□□□□□□
    There is not a single software that fits all the requirements. Affordable software for use in security compliance assessments for areas which you have listed depends upon the issues, its priority. 
  • cshkurucshkuru The details of my life are quite inconsequential Member Posts: 245 ■■■■□□□□□□
    Check out CSET from Department of Homeland Security. https://github.com/cisagov/cset/releases
Sign In or Register to comment.