In 2026, ASPR expanded the tool to add a cybersecurity-specific module. With cyber threats posing a growing risk to the Healthcare and Public Health (HPH) sector, ASPR strives to ensure the nation’s health system is resilient, including against cyber incidents. This new module focuses on the facility’s cyber risk posture and environment, guiding users through a series of questions about their cybersecurity policies, controls, and practices.
Responses are scored against both the NIST Cybersecurity Framework 2.0 and the HHS Cybersecurity Performance Goals, providing an objective, standards-based view of an organization’s level of protection against cyber threats. This enables users to understand how their facility compares to established best practices, identify gaps, and prioritize investments to strengthen cybersecurity resilience.
The cybersecurity module functions as an integrated add-on to the existing risk assessment portion of the RISC 2.0 Toolkit, or a standalone assessment. All existing organizational aggregation, comparison, and user management features still apply, enabling facilities, health systems, and coalitions to analyze cyber risk alongside other risks in a unified platform.
Login or Register to Get Started
