Health-ISAC Unveils “All about Zero Trust: A Health-ISAC Guide for CISOs”

Download the whitepaper here


ORMOND BEACH, FL, August 26, 2022 – Health Information Sharing and Analysis Center (Health-ISAC) today released a new white paper intended to help CISOs understand and implement a zero trust security architecture, with a focus on how an identity-centric approach to cybersecurity can provide a foundation for zero trust.

The purpose of this paper is to educate healthcare CISOs on zero trust, detail its basic tenets, the unique challenges to a zero trust migration, and how to begin implementing the architecture.

The paper lays out healthcare specific challenges organizations will have to address. Two key points the paper highlights: the preponderance of Internet of Things devices and the roaming nature of some healthcare workers that may make authentication and fine-grained authorization complex.

Identity is at the core of zero trust: multi-factor authentication (MFA), well-governed authorization, and the proper provisioning of roles and attributes for access is critical. Access rules need to be as granular as possible to enable least privilege and all subjects, assets, and workflows need to be explicitly authenticated and authorized. The paper also adds zero trust components to the Health-ISAC Framework for Managing identity.

This paper is the fifth in a Health-ISAC series focused on helping organizations of all sizes and maturity levels understand the importance of an identity-centric approach to cybersecurity and the ways it can better address the current threat landscape.



This paper is the 5th in Health-ISAC’s Identity Series to guide healthcare CISOs


1. Identity for the CISO Not Yet Paying Attention to Identity

2. Health-ISAC Framework for CISOs to Manage Identity

3. Authentication

4. Identity, Operability, Patient Access and the 21st Century Cures Act

5. Identity and Zero Trust




Translate »