XiFin’s commitment to cybersecurity starts with its focus on appropriate frameworks to guide its cybersecurity efforts.
We utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as the baseline upon which we build our cybersecurity efforts. The CSF consists of standards, guidelines, and best practices to manage cybersecurity, and is broken down into five functions:
For several years now, we’ve internally assessed our maturity and effectiveness against the CSF. Included in the HITRUST* Risk-based, 2-year Certification process, the HITRUST Alliance assesses whether the aggregated maturity scores for each of the CSF Core categories meet the HITRUST criteria for certification. This is an additional assessment for our revenue cycle management platform, XiFin RPM.
Stayed tuned for Part 2 of this blog series to learn the significance of achieving HITRUST Risk-based, 2-year certification.
XiFin also benchmarks its cybersecurity activities against MITRE ATT&CK, a threat modeling and methodology framework, which proves to be an effective perspective of assessment complementary to the CSF.
And lastly, we review our activities against the 18 CIS Critical Security Controls and OWASP Top 10 lists.
Our benchmarking provides a solid foundation for our cybersecurity program.
For more information about our approach to security and compliance, we welcome you to visit our security and compliance pages on our website.