NIST CsF Assessments & Certifications

The federal government commissioned the development of the NIST Cybersecurity Framework (NIST CsF) to help protect the nation's critical infrastructure including the healthcare sector. Federal regulatory entities including the Office for Civil Rights (OCR) have designated the NIST CsF as a recommended framework for maintaining compliance with HIPAA Security Rule mandates.

Meditology has extensive experience assessing and implementing the NIST CsF for healthcare entities of all shapes and sizes. Our approach provides your organization a prioritized, flexible, repeatable, performance-based, and cost-effective approach for the management of cybersecurity risk via the NIST CsF.

We offer enterprise-wide security risk assessments to evaluate your organization's ability to effectively prevent, detect, and respond to cyberattacks.

Our assessment methodology and reporting model are informed by HIPAA and OCR regulatory expectations for conducting an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic Protected Health Information (e-PHI).

We also provide formal NIST CsF certifications for healthcare entities via the HITRUST Alliance's NIST Cybersecurity Framework certification and assurance program. Contact us to learn more about the NIST CsF certification process.


  • Ranked #1 Best in KLAS for Cybersecurity Advisory Services in 2019 and 2020
  • HIPAA expert witness firm for OCR
  • Experienced CISOs and Privacy Officers
  • Dedicated to healthcare
  • Hundreds of clients coast to coast
  • Advisors to ONC / HHS