CIHA Cybersecurity
CIHA Cybersecurity
CIHA Cybersecurity Policies
The purpose of Cherokee Indian Hospital Authority’s 18 cybersecurity policies is to provide a security framework that ensures the protection of the Hospital’s information and data from unauthorized access, loss, or damage while supporting the organization’s business-driven needs by meeting state and federal regulatory compliance, as well as meeting compliance with North Carolina State departments, including the North Carolina Department of Information Technology, the North Carolina Department of Health and Human Services, and NC Medicaid. Based on industry standards and best practices, these policies are the foundation for cybersecurity at CIHA.
In support of the purpose, each policy has been developed to ensure the confidentiality, integrity, availability, privacy, and security of the information assets of the Cherokee Indian Hospital Authority through the establishment of safeguards to prevent theft, abuse, and misuse while exceeding State departments’ compliance requirements. These policies were developed with the assistance of subject matter experts and peer-reviewed by using National Institute of Standards and Technology controls as the framework.
To view each policy, please click on the corresponding link:
CIHA-Cybersecurity-Access-Control-Policy-9.20.24
CIHA-Cybersecurity-Assessment-Authorization-and-Monitoring-Policy-9.20.24
CIHA-Cybersecurity-Audit-and-Accountability-Policy-9.20.24
CIHA-Cybersecurity-Awareness-and-Training-Policy-9.20.24
CIHA-Cybersecurity-Configuration-Management-Policy-9.20.24
CIHA-Cybersecurity-Contingency-Planning-Policy-9.20.24
CIHA Cybersecurity Identification and Authentication Policy 10.5.23
CIHA Cybersecurity Incident Response Policy 10.5.23
CIHA Cybersecurity Maintenance Policy 10.19.23
CIHA Cybersecurity Media Protection Policy 10.19.23
CIHA Cybersecurity Personnel Security Policy 11.9.23
CIHA Cybersecurity Physical and Environmental Protection Policy 11.9.23
CIHA-Cybersecurity-Planning-Policy-9.20.24
CIHA-Cybersecurity-Program-Management-Policy-9.20.24
CIHA-Cybersecurity-Risk-Assessment-Policy-9.20.24
CIHA-Cybersecurity-System-and-Communications-Protection-Policy-9.20.24
CIHA-Cybersecurity-System-and-Information-Integrity-Policy-9.20.24
CIHA-Cybersecurity-System-and-Services-Acquisition-Policy-9.20..24