Chief Legal and Compliance Officer, XIFIN, Inc.
AVP Cyber Security, XIFIN, Inc.
XIFIN’s commitment to cybersecurity starts with its focus on appropriate frameworks to guide its cybersecurity efforts.
We utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) as the baseline upon which we build our cybersecurity efforts. The CSF consists of standards, guidelines, and best practices to manage cybersecurity, and is broken down into five functions:
For several years now, we’ve internally assessed our maturity and effectiveness against the CSF. Included in the HITRUST* Risk-based, 2-year Certification process, the HITRUST Alliance assesses whether the aggregated maturity scores for each of the CSF Core categories meet the HITRUST criteria for certification. This is an additional assessment for our revenue cycle management platform, XIFIN RPM.
Stayed tuned for Part 2 of this blog series to learn the significance of achieving HITRUST Risk-based, 2-year certification.
XIFIN also benchmarks its cybersecurity activities against MITRE ATT&CK, a threat modeling and methodology framework, which proves to be an effective perspective of assessment complementary to the CSF.
Our benchmarking provides a solid foundation for our cybersecurity program.