County Cyber Security

The Colorado Department of Health Care Policy & Financing (HCPF), in partnership with the Governor’s Office of Information Technology (OIT) and the Colorado Department of Human Services (CDHS) are working toward the goal of standardizing cyber security measures for human services agencies across the State of Colorado. To accomplish this goal, the Department continues to work with county partners, CDHS and OIT on adherence to data security and privacy best practices and compliance with the Colorado Information Security Policies (CISPs) and the federal Health and Human Services Security Risk Assessment.

State Fiscal Year 2020-21: Cyber Security Risk Assessment & Remediation Plan Deliverable

To move towards statewide compliance with the CISPs and data privacy, a baseline measurement of current cyber security and data privacy practices is needed. The measurement will be completed in increments through a Risk Assessment and Remediation Plan deliverable. For the FY 2020-21 Cyber Security Incentive, this deliverable is due on July 5, 2021

Option 2 County Cyber Security Incentive Support

The Department scheduled one support session per quarter per region listed below. These support calls are meant to be working sessions for option 2 counties to fill out the sections described below, ask questions, and take note of items for follow up. 

Session   Policy Policy Name New   Existing Total
1 CISP-001 Access Control 3 20 23
1 CISP-005 Configuration Mgmt 0 8 8
1 CISP-007 Identification and Authentication 7 0 7
1 CISP-009 System Maintenance 3 0 3
1 CISP-015 System and Comm Protection 4 0 4
    Session 1 Total 17 28 45
2 CISP-002 Security Awareness and Training 12 0 12
2 CISP-012 Personnel Security 9 0 9
2 CISP-014 System and Services Acquisition 8 0 8
2 CISP-017 Security Planning 14 0 14
    Session 2 Total 43 0 43
3 CISP-004 Security Assessment and Auth 0 3 3
3 CISP-013 Risk Assessment 3 0 3
3 CISP-006 Contingency Planning 1 22 23
3 CISP-008 Incident Response 15 0 15
    Session 3 Total 19 25 44
4 CISP-010 Media Protection 10 0 10
4 CISP-011 Physical and Enviro Protection 41 0 41
    Session 4 Total 51 0 51
 

County Cyber Security Frequently Asked Questions

The Department will regularly update frequently asked questions on cyber security policy, the FY 2020-21 Risk Assessment & Remediation Plan deliverable, and other cyber security-related topics. 

Questions? Contact HCPFCountyRelations@state.co.us