CASE STUDY: A Healthcare CISO’s Journey to NIST Adoption and Implementation

Devin Shirley, CISO at Arkansas Blue Cross Blue Shield, recently shared his experience leading a health plan through NIST adoption, implementation and greater security maturity. In the interview, he recounts why his organization chose the NIST CSF, his approach to NIST adoption, how he was able to achieve organizational alignment, and lessons learned during the process.

When asked about working with Intraprise Health for NIST adoption, Devin had this to say. “After all our vetting, I chose Intraprise Health as our NIST assessor not only because of their singular focus on health-care cybersecurity, but because they have the proven expertise plus software solutions that make the process easier now and for the future. We learned alongside their experts, which will have a long-term impact on our security maturity.”

Read the full case study