Friday, September 16, 2022

SP 800-66 Rev. 2 Reverse Mapped HIPPA - NIST Updated Guidance for Health Care Cybersecurity

Here's a NIST mapping crosswalk between the HIPAA requirements and NIST SP 800-53r5 in a spreadsheet format.

Spreadsheet Here: 2022 HIPAA Crosswalk SP 800-66 ipd Table 12.ver.01.xlsx - Google Drive from Blog Downloads (

NIST PageSP 800-66 Rev. 2 (Draft), Implementing the HIPAA Security Rule: Cybersecurity Resources | CSRC (

Publication LinkNIST SP 800-66r2 initial public draft, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide

I reworked the information from the initial public draft into a spreadsheet that also allows easy importing into different tools. Additionally, I included a direct NIST map, essentially reversing the look-up. Finally, all control IDs are now two digits which allows for proper sorting and lookups with tools inside arrays.

Here's a snapshot of the format (click to view):