Specifications include, but are not limited to: The Contractor will provide certification support services which includes providing an independent, third party security and privacy control assessment report that covers compliance with the following and in accordance with DHCS certification governance as well as CMS certification guidance (refer to CMS’ “Framework for the Independent Third-Party Security and Privacy Assessment Guidelines for Medicaid Enterprise Systems (MES)”): National Institute of Standards and Technology (NIST) Special Publications (SP) 800-171 and/or NIST SP 800-53 standards and align with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule; • Aligning Health Care Industry Security Approaches pursuant to Cybersecurity Act of 2015, Section 405(d); and • The Open Web Application Security Project Top 10.
