Health Data Compass (HDC) 's cybersecurity plan is based on NIST 800-171 (53). The following domains are covered within NIST 800-171. HIPAA Security rule is mapped to NIST. Please email healthdatacompass@ucdenver.edu for additional information, as needed.

1. Access Control 

2. Awareness and Training 

3. Audit and Accountability 

4. Configuration Management 

5. Identification and Authentication

6. Incident Response 

7. Maintenance 

8. Media Protection

9. Personnel Security

10. Physical Protection

11. Risk Assessment

12. Security Assessment

13. System and Communications Protection

14. System and Information Integrity