CSS
Company Details
Linkedin ID:
crisp-shared-services
Employees number:
88
Number of followers:
732
NAICS:
92312
Industry Type:
Homepage:
crispsharedservices.org
IP Addresses:
0
Company ID:
CRI_1803343
Scan Status:
In-progress
CRISP Shared Services Company CyberSecurity Posture
crispsharedservices.org
CRISP Shared Services is a nonprofit dedicated to improving health infrastructure and data exchange technology nationwide. We collaborate with organizations to deliver modern, efficient solutions that enhance patient care, streamline care coordination and advance public health. With a proven track record in data modernization and infrastructure deployment across both public and private sectors, we provide industry-leading solutions tailored to meet the unique needs of diverse jurisdictions and populations. Our extensive experience in interoperability innovation enables us to build infrastructure that is affordable, scalable and impactful to advance healthcare ecosystems and improve health outcomes.
CRISP Shared Services A.I CyberSecurity Scoring
CSS Risk Score (AI oriented)Between 750 and 799
CSS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CSS Global Score (TPRM)XXXX
CSS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CSS Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
CSS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CSS
Incidents vs Public Health Industry Average (This Year)
No incidents recorded for CRISP Shared Services in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CRISP Shared Services in 2025.
Incident Types CSS vs Public Health Industry Avg (This Year)
No incidents recorded for CRISP Shared Services in 2025.
Incident History — CSS (X = Date, Y = Severity)
CSS cyber incidents detection timeline including parent company and subsidiaries
CSS Company Subsidiaries
CRISP Shared Services is a nonprofit dedicated to improving health infrastructure and data exchange technology nationwide. We collaborate with organizations to deliver modern, efficient solutions that enhance patient care, streamline care coordination and advance public health. With a proven track record in data modernization and infrastructure deployment across both public and private sectors, we provide industry-leading solutions tailored to meet the unique needs of diverse jurisdictions and populations. Our extensive experience in interoperability innovation enables us to build infrastructure that is affordable, scalable and impactful to advance healthcare ecosystems and improve health outcomes.
Loading...
CSS Similar Companies
Grossmont Healthcare District
The Grossmont Healthcare District (GHD) is a public agency that supports the health & wellness of East San Diego County. We operate a Health & Wellness Library, fund local nonprofits through grants and sponsorships, support the region's future generations through scholarships, and offer free welln
Kids In Nutrition (KIN)
Mission: Kids In Nutrition (KIN) is dedicated to enhancing food equity, promoting sustainable systems, and improving health for at-risk youth and families through food literacy and food access. Recognizing that children form lifelong habits by age nine, KIN's mission is to cultivate nutrition knowle
Institute of Global Health - UNIGE
The Institute of Global Health (ISG) was founded in January 2014 as a transformation of the former Institute of Social and Preventive Medicine. This transformation was decided by the University of Geneva as a continuation of efforts to develop academic global health given the unique location of Gene
ConscienHealth
ConscienHealth works with experts and organizations to advance sound approaches to health and obesity, the biggest threat to the health of America in this century. We advocate for evidence-based prevention and treatment. We help organizations develop strategies to advance new options from research
Doctors' Alliance For Rural Community Health (Doctors' ARCH)
“For us, we are like forgotten people!” said a resident of Naput settlement in Moroto. “You have seen with your own eyes-the distance, the emptiness. We walk that distance for days, trying to reach health facilities. Now, take this message for us… tell those in Kampala what you have seen!” We witne
Nepal Health Sector Support Programme
The Nepal Health Sector Support Programme 3 (NHSSP 3) had begun in March 2017 as the technical assistance (TA) component of FCDO’s Nepal Health Sector Programme 3 (NHSP3), and included two TA components, the General Health Technical Assistance (GHTA) to support the federal MoHP to deliver its Health
.png)
CSS CyberSecurity News
November 10, 2025 07:23 PM
M&A, expansion and strategy: this is how the Costa Rican telecom sector is being redefined
Costa Rica's telecommunications market is moving towards consolidation, with several acquisitions approved by Sutel in 2025 and a pending...
July 31, 2025 07:00 AM
Here’s who’s pledged to improve medical data sharing
Dozens of organizations, including 11 health systems, have agreed to work together to help improve the sharing of medical data across...
January 14, 2025 08:00 AM
Industry perspectives on TEFCA one year post-go-live
Discover the state of TEFCA implementation one year since go-live as stakeholders connect to the national data exchange framework for...
January 08, 2025 08:00 AM
CRISP Shared Services Marks Milestone Year of Progress with Innovations in Public Health Modernization and Interoperability Services
COLUMBIA, Md., January 08, 2025--Propelled by historic expansion of its reach across diverse systems and state lines, CRISP Shared Services...
October 25, 2024 07:00 AM
White House OMB is reviewing proposed cybersecurity updates to HIPAA
The Department of Health and Human Services has filed proposed modifications to the Health Insurance Portability and Accountability Act of...
October 22, 2024 07:00 AM
Arium AE Unveils CRISP Shared Services Office Design
CRISP Shared Services' corporate office in Columbia, MD, embraces an adaptable hybrid workplace model. Tasked with supporting a predominantly remote workforce.
September 27, 2024 07:00 AM
Why Haven’t FERC Cybersecurity Incentives Incentivized Cybersecurity Investments by Electric Utilities?
The Federal Energy Regulatory Commission issued Order No. 893 pursuant to the Infrastructure Investment and Jobs Act, which directed FERC to...
July 16, 2024 07:00 AM
ASEAN's Cyber Initiatives: A Select List
ASEAN is improving the region's cybersecurity capabilities, cyber capacity-building, and cybercrime information-sharing efforts through a series of cyber...
February 22, 2024 08:00 AM
E-ISAC 2023 report highlights cybersecurity triumphs and challenges in electricity sector
The Electricity Information Sharing and Analysis Center (E-ISAC) unveiled its 2023 End-of-Year Report alongside its 2023 Year-in-Review...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CSS CyberSecurity History Information
Official Website of CRISP Shared Services
The official website of CRISP Shared Services is https://www.crispsharedservices.org/.
CRISP Shared Services’s AI-Generated Cybersecurity Score
According to Rankiteo, CRISP Shared Services’s AI-generated cybersecurity score is 763, reflecting their Fair security posture.
How many security badges does CRISP Shared Services’ have ?
According to Rankiteo, CRISP Shared Services currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does CRISP Shared Services have SOC 2 Type 1 certification ?
According to Rankiteo, CRISP Shared Services is not certified under SOC 2 Type 1.
Does CRISP Shared Services have SOC 2 Type 2 certification ?
According to Rankiteo, CRISP Shared Services does not hold a SOC 2 Type 2 certification.
Does CRISP Shared Services comply with GDPR ?
According to Rankiteo, CRISP Shared Services is not listed as GDPR compliant.
Does CRISP Shared Services have PCI DSS certification ?
According to Rankiteo, CRISP Shared Services does not currently maintain PCI DSS compliance.
Does CRISP Shared Services comply with HIPAA ?
According to Rankiteo, CRISP Shared Services is not compliant with HIPAA regulations.
Does CRISP Shared Services have ISO 27001 certification ?
According to Rankiteo,CRISP Shared Services is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CRISP Shared Services
CRISP Shared Services operates primarily in the Public Health industry.
Number of Employees at CRISP Shared Services
CRISP Shared Services employs approximately 88 people worldwide.
Subsidiaries Owned by CRISP Shared Services
CRISP Shared Services presently has no subsidiaries across any sectors.
CRISP Shared Services’s LinkedIn Followers
CRISP Shared Services’s official LinkedIn profile has approximately 732 followers.
NAICS Classification of CRISP Shared Services
CRISP Shared Services is classified under the NAICS code 92312, which corresponds to Administration of Public Health Programs.
CRISP Shared Services’s Presence on Crunchbase
No, CRISP Shared Services does not have a profile on Crunchbase.
CRISP Shared Services’s Presence on LinkedIn
Yes, CRISP Shared Services maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/crisp-shared-services.
Cybersecurity Incidents Involving CRISP Shared Services
As of November 28, 2025, Rankiteo reports that CRISP Shared Services has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
CRISP Shared Services has an estimated 280 peer or competitor companies worldwide.
CRISP Shared Services CyberSecurity History Information
How many cyber incidents has CRISP Shared Services faced ?
Total Incidents: According to Rankiteo, CRISP Shared Services has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at CRISP Shared Services ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=crisp-shared-services' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
