NIST 800-53

  • Case Study: Mendix Achieves HIPAA compliance with Drummond methodology


Drummond conducts risk assessments leveraging NIST 800-53 to identify technical and administration risks, provide risk mitigation recommendations.

Comprehensive Healthcare Risk Assessment (CHRA)

Drummond comprehensive healthcare risk assessment is a formal, detailed, yet flexible method of evaluating the business and operational risks and controls of an organization. This important service provides senior management with an effective way to understand and appropriately mitigate risks to the organization with associated executive and line management reports. Its objectives are to evaluate and determine compliance with NIST Cybersecurity Framework Controls, to assess how technology and operational risks are managed and controlled, and to evaluate the overall risk exposure to the company and its customers.

Additionally, this assessment summarizes existing controls and provides recommendations for remediating any deficiencies. Drummond encourages complementing your comprehensive healthcare risk assessment with our technical services to ensure all risks are identified. These technical services include vulnerability scanning, penetration testing, database assessments, social engineering attempts (such as physical, voice, email phishing), network security architecture assessments, and wireless assessments.

Healthcare Risk Assessment

Drummond leverages the requirements set forth in the NIST Cybersecurity Framework in conducting information security risk assessments, as well as those processes found in NIST 800-30. This assessment focuses on the highest-risk areas to healthcare organizations, based on industry input and breach data analysis. By focusing on the highest risks, healthcare organizations can quickly identify gaps and more effectively implement controls to mitigate the likelihood and impact of a breach of PHI.

Policy and Procedure Review

Drummond can assist your organization by providing a complete review of NIST policies and procedures to help ensure alignment with NIST SP 800-100 and identify any potential gaps in your program. Additionally, Drummond offers a Policy and Procedure template that we can assist with getting implemented in your operating environment to help ensure NIST SP 800-100 compliance is met.

The People of Drummond
are here to help!

Privacy Preferences

When you visit our website, it may store information through your browser from specific services, usually in the form of cookies. Here you can change your Privacy preferences. It is worth noting that blocking some types of cookies may impact your experience on our website and the services we are able to offer.

Click to enable/disable Google Analytics tracking code.
Click to enable/disable Google Fonts.
Click to enable/disable Google Maps.
Click to enable/disable video embeds.
Our website uses cookies, some from third-party services. Define your Privacy Preferences and/or agree to our use of cookies.