Demo Request
X Close Search

How can we assist?

HPH Cybersecurity Performance Goals

Censinet RiskOps™ Delivers Comprehensive Support for HPH CPGs


On Jan 24, 2024, The Department of Health and Human Services (HHS) released voluntary Healthcare and Public Health Sector Cybersecurity Performance Goals (HPH CPGs) for U.S. healthcare organizations. The goal is to help prioritize implementation of “high-impact cybersecurity practices” to protect patient data and safety from escalating cyberattacks. HHS recommends implementing 10 Essential CPGs, which are “foundational practices” to drive greater cyber preparedness, and, 10 Enhanced CPGs, which are “advanced practices” to strengthen broader cyber resiliency.

Censinet Accelerates End-to-End HPH CPG Coverage, Compliance

Censinet RiskOps™ accelerates healthcare organizations’ efforts to assess, manage, and maintain full coverage and compliance for all 10 Essential and 10 Enhanced HPH CPGs:

Censinet Questionnaire Icon
HPH CPG enterprise assessment with evidence capture across 
all 10 Essential + 10 Enhanced CPGs
NIST Assessments
Leverage previously-completed NIST CSF and HICP enterprise assessments for HPH CPG assessments
Automated Guidance
Automated, actionable guidance with task assignment and tracking 
to close gaps in HPH CPG coverage
Risk Register
Risk Register to centralize and manage open risk items across all 
TPRM and ERM-related HPH CPGs
RiskOps Dashboard
Censinet RiskOps Dashboard with real-time coverage levels, trend reports, task status, and Board-ready graphics
Audit Ready Icon
Audit-ready reporting to demonstrate HPH CPG coverage and compliance to Board and regulators

10 Essential HPH CPGs

  • Mitigate Known Vulnerabilities
  • Email Security
  • Multi-Factor Authentication
  • Basic Cybersecurity Training
  • Strong Encryption
  • Revoke Credentials for Departing Workforce 
  • Basic Incident Planning and Preparedness
  • Unique Credentials
  • Separate User and Privileged Accounts
  • Vendor/Supplier Cybersecurity Requirements

10 Essential HPH CPGs

  • Asset Inventory
  • Third Party Vulnerability Disclosure
  • Third Party Incident Reporting
  • Cybersecurity Testing
  • Cybersecurity Mitigation
  • Detect and Respond to Relevant TTPs
  • Network Segmentation
  • Centralized Log Collection
  • Centralized Incident Planning & Preparedness
  • Configuration Management

Implement the Most Comprehensive Solution for TPRM Essential CPG

Censinet RiskOps™ maximizes assessment productivity, third-party risk coverage, and cyber risk reduction with purpose-built automation across all third-party risk management (TPRM) workflows & processes.

Essential HPH CPG: Vendor/Supplier Cybersecurity Requirements: Identify, assess, and mitigate risks associated with third party products and services.


Centralize and manage your third-party inventory with 40,000+ vendors and products in Digital Risk Catalog™
Access completed questionnaires with evidence for thousands of vendors and products – ready for assessment
Enable vendors to instantly share risk data, evidence, and ongoing risk posture updates with 1-Click Assessments™


Generate automated corrective action plans (CAPs) with curated findings and recommended remediations
Analyze product-specific use cases and impact within your IT environment, e.g., PHI, network access, MFA, SSO
Automatically generate Summary Risk Reports with dynamic risk scores, remediation status, and activity log


Assign CAP findings and remediations to vendor and/or internal stakeholders, and track status inside a single platform
Get notifications for material changes in vendor risk posture, and get breach alerts for vendors in third-party portfolio
Automatically schedule reassessments based on organizational policy and leverage reassessment automation to complete in < 1 day, on average

Robust Solutions for TPRM-Focused Enhanced CPGs

Censinet Questionnaire Icon
Breach & Ransomware Incident Monitoring
Get breach and ransomware alerts for the vendors in your current third-party portfolio to expedite response
Censinet Digital Risk Catalog Icon
Portfolio Analysis & Filtering
Query current third-party portfolio for key risk exposures like PHI usage, network access, and missing evidence (e.g. BAA, SBOM)
NIST Assessments
AI Risk Assessment
Censinet questionnaire is continuously updated to capture the most critical, emerging AI risks (e.g., privacy, use cases, bias)
Censinet Questionnaire Icon
Fourth-Party Risk Assessment
Censinet questionnaire captures hidden fourth-party risks (e.g., cloud provider, offshore exposure, supply chain)
Automated Guidance
Policy Automation
Codify organizational-specific controls, policies, and procedures into automated CAP findings and Risk Register

Enhanced HPH CPGs:

Third Party Vulnerability Disclosure: Establish processes to promptly discover and respond to known threats and vulnerabilities in assets provided by vendors and service providers

Third Party Incident Reporting: Establish processes to promptly discover and respond to known security incidents or breaches across vendors and service providers

Censinet helps healthcare organizations meet the requirements of the HPH CPGs
Censinet Risk Assessment Request Graphic

Censinet RiskOps™ Demo Request

Do you want to revolutionize the way your healthcare organization manages third-party and enterprise risk while also saving time, money, and increasing data security? It’s time for RiskOps.

Schedule Demo

Sign-up for the Censinet Newsletter!

Hear from the Censinet team on industry news, events, content, and 
engage with our thought leaders every month.

Terms of Use | Privacy Policy | Security Statement | Crafted on the Narrow Land