Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security Content Automation Protocol SCAP


ARCHIVED: The NIST HIPAA Security Rule Toolkit is no longer supported, and is provided here only for historical purposes.

HIPAA Security Rule Toolkit

The NIST HIPAA Security Toolkit Application is intended to help organizations better understand the requirements of the HIPAA Security Rule, implement those requirements, and assess those implementations in their operational environment. Target users include, but are not limited to, HIPAA covered entities, business associates, and other organizations such as those providing HIPAA Security Rule implementation, assessment, and compliance services. Target user organizations can range in size from large nationwide health plans with vast information technology (IT) resources to small health care providers with limited access to IT expertise.

The HIPAA Security Rule Toolkit User Guide explains how to use the toolkit.

The install guide addresses how to install the toolkit for each supported operating system.

Toolkit installers for Windows, Red Hat Enterprise Linux, and MAC OS operating systems can be found below.

Questions about the NIST HIPAA Security Rule Toolkit can be submitted to


Microsoft Windows

Released: 11/21/2011

Download: (Download 22.4 MB)

SHA-256: 5822FF2B093361CF7BC13EE536E27E196B4142EE10FCEFFF8C5F04484E03F030

Red Hat Enterprise Linux

Released: 11/21/2011

Download: (Download 8.56 MB)

SHA-256: 057C8F782B4E290239A3BBC83A784D26BC2A28F4AC7BB2491242CB2C32BEF37B

Apple Mac OS

Released: 11/21/2011

Download: (Download 8.85 MB)

SHA-256: AC6684DA25BF8C5FF9A5B850429133DADECCF7731A542FC87D1DA7036C7B5609

Created December 07, 2016, Updated May 13, 2024