Hi, it’s me... Back again with something exciting: Puppet’s new Compliance Enforcement Modules, or CEMs. We’ve been working on some pretty cool stuff since we launched Puppet Comply last year. Lots of great feedback has come in, and we’re thankful for every opportunity we get to show our customers how we can help. This feedback comes in many forms, but one of the things we’ve heard time and time again is that achieving compliance is still hard.
The Department of Health and Human Services’ Office for Civil Rights (OCR) conducts periodic audits to verify that covered entities (CEs) and their business associates (BAs) are complying with HIPAA regulations. This article will discuss the steps organizations can take to ensure they pass a HIPAA compliance audit by having the proper data privacy and security measures in place for protected health information (PHI) and electronically protected health information (ePHI).
Throughout my career within the compliance and security space, I’ve seen the practice of proactively managing digital risk move from a nice-to-have to a must-have for enterprise organizations. And over the last 5 years, things have shifted drastically. Personally, it reminds me of the classic “Dry Bones” nursery rhyme song that my son loves so much which points out how all the different bones are connected to make one body.
Patch compliance indicates the number of compliant devices in your network. This means the number of computers that have been patched or remediated against security threats effectively. The distribution and deployment of patches accomplish nothing if your devices are not compliant. So to establish a good patch management strategy, it is important to pay attention to the effectiveness and reach of your patch deployment activities.
This blog is the second in a four-part series on infrastructure automation for government agencies that are modernizing digital systems while grappling with budget and staffing constraints and the challenges of COVID-19.
