Welcome to the GENEDGE self-help services page for Pharmaceutical Suppliers.
This site is designed to guide pharmaceutical suppliers through the complex landscape of cybersecurity requirements.
The page is structured into three sections:
-
- This top section offers high-level information and resources to help you understand the broader context. Listen to the Podcast to the right for more details. Try out the Pharmaceutical Supplier Cybersecurity Assessment.
-
- The second section below assists you in selecting the most applicable cybersecurity framework for your company.
-
- The third section provides framework-specific resources, enabling you to enhance your cybersecurity posture effectively.
This comprehensive approach is aimed at simplifying your path to cybersecurity compliance, offering clear guidance every step of the way.
Listen to Latest Pharmaceutical Supplier PodcastNew Pharmaceutical Supplier Cybersecurity Assessment Tool
- Get a Personalized Plan of Action: At the conclusion of the 15-minute assessment, you’ll receive a customized Plan of Action and Milestones (POA&M) tailored to your organization’s specific cybersecurity needs.
- Quick and Convenient: This easy-to-use assessment takes just 15 minutes to complete, providing a streamlined way to evaluate your current cybersecurity posture without exposing vulnerabilities.
- Fast Turnaround: Receive your comprehensive results by email within 1 business day, outlining clear next steps to improve your cybersecurity, no matter which framework your company is following.
- Actionable Insights: The POA&M offers prioritized recommendations, helping you focus on critical areas for improvement and compliance, positioning your business for a more secure future.
- Free and Accessible: This assessment is offered at no cost to small and medium-sized pharmaceutical suppliers in Virginia, empowering you to take the first step toward stronger cybersecurity.
Selecting A Cybersecurity Framework:
Pharma Supplier Cyber Resources
If your small or medium-sized pharmaceutical manufacturing business is currently part of the DoD supply chain or considering entering it, CMMC requirements will apply, which is why this webpage has a DoD focus; however, we also provide resources for navigating other cybersecurity frameworks that may be relevant to your operations.
Cyber Selection Framework Resources
Cyber Framework Comparisons
Requirements Framework Selection Tool
Get The Most Out Of GENEDGE Pharmaceutical Resources!
NIST 800-171 CMMC Level 1
1. Framework Source:
CMMC Level 1 Assessment Guide: This official document from the Department of Defense provides comprehensive guidance for conducting a CMMC Level 1 self-assessment. It includes detailed information on the required security controls and assessment procedures.
CMMC Level 1 Assessment Guide
CMMC Self Assessment Guide
2. Training Resources:
MEP Training: Asynchronous training provided by Georgia MEP (GaMEP) for CMMC 2.0 Level 1. This 4-hour course includes quizzes.
GaMEP Training
CMMC Toolkit Wiki
3. Additional References
CMMC Documentation: The official documentation page provides access to various resources related to CMMC, including scoping guidance and assessment guides for different levels.
CMMC Documentation
Cybersecurity Maturity Model Certification 2.0 Overview: This page from the Cybersecurity and Infrastructure Security Agency (CISA) offers an overview of the CMMC 2.0 program, outlining the three levels of certification and their alignment with NIST cybersecurity standards.
CMMC 2.0 Overview
Health Industry Cybersecurity Practices (HICP)
1. Framework Source:
Health Industry Cybersecurity Practices (HICP) Document: The cornerstone publication providing guidance on managing threats and protecting patients within the healthcare sector. It outlines key cybersecurity practices and is developed by the HHS 405(d) Program.
Health Industry Cybersecurity Practices (HICP)
HICP Datasheet
2. Training Resources:
Knowledge on Demand Platform: HHS offers free cybersecurity training for the healthcare sector, covering topics such as social engineering, ransomware, loss or theft of equipment or data, insider threats, and attacks against network-connected medical devices. These trainings are designed to enhance cybersecurity awareness and resilience within healthcare organizations.
Knowledge on Demand
405(d) Program Resources: This program provides a range of resources, including the HICP document, to help healthcare organizations improve their cybersecurity posture. It includes educational materials, templates, and practical guides for implementing cybersecurity practices.
HHS 405(d) Program Resources
3. Additional References
Cybersecurity Task Force Resources: This includes the latest updates and resources provided by the HHS Cybersecurity Task Force to help healthcare organizations address rising cyber threats. The platform offers detailed insights and best practices for enhancing cybersecurity in the healthcare sector.
HHS Cybersecurity Task Force Resources
Hospital Cyber Resiliency Landscape Analysis: This report leverages the HICP framework to provide an overview of how U.S. hospitals are protected against common cybersecurity threats. It identifies best practices and areas for improvement in hospital cyber resiliency.
Hospital Cyber Resiliency Landscape Analysis
HHS Healthcare Sector-Specific Cybersecurity Performance Goals
1. Framework Source:
Healthcare and Public Health (HPH) Cybersecurity Performance Goals: The official document outlining the cybersecurity performance goals tailored specifically for the healthcare sector. This document is designed to help healthcare organizations prioritize and implement high-impact cybersecurity practices.
HHS Cybersecurity Performance Goals
Cyber Performance Goals
2. Training Resources
CPG Guided Tour: The healthcare sector faces significant cybersecurity risks, making it a prime target for cybercriminals due to its size, reliance on technology, and sensitive data. Cyber incidents in healthcare have led to prolonged disruptions, patient diversions, and strained acute care, resulting in canceled appointments and delayed procedures.
A Guided Tour Through CPGs
Cyber Performance Goals Webpage
3. Additional References
HIPPA Journal Article: The Department of Health and Human Services (HHS) has unveiled the Cybersecurity Performance Goals (CPGs) that were outlined in its December 2023 Healthcare Sector Cybersecurity Strategy.
The HIPPA Journal Article on CPGs
NIST Cybersecurity Framework (CSF)
1. Framework Source:
The official page on the NIST website provides detailed information about the framework, including downloadable documents, updates, and guides.
2. Training Resources
Quick Start Guide:
NIST offers a quick start guide to help organizations begin implementing the CSF. This guide is particularly useful for those new to the framework.
CSF 2.0 Resource Center:
This page includes various resources like profiles, informative references, and tools that aid in the implementation of CSF 2.0.
CSF 2.0 Informative References | NIST
3. Additional References
CSF Overview and Updates: A comprehensive overview of the updates in CSF 2.0, including its expanded scope and new components
NIST’s Journey to CSF 2.0 | NIST
- NIST Computer Security Resource Center (CSRC):
A central hub for NIST’s cybersecurity and privacy-related activities, including publications, projects, and events.
