compliance

compliance Controls

7 controls across 3 frameworks.

HIPAA

Perform periodic technical and non-technical evaluations of security controls in response to environmental or operational changes

Administrative Safeguards / Evaluation

medium 12h

hipaa-pp-1

Implement reasonable and appropriate policies and procedures to comply with the HIPAA Security Rule

Policies & Procedures / Policy Implementation

high 12h

NIST CSF

gv-oc-2

Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered

Govern / Organizational Context

high 4h

gv-oc-3

Legal, regulatory, and contractual requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed

Govern / Organizational Context

critical 8h

gv-po-1

A cybersecurity risk management policy is established and enforced

Govern / Policy

critical 8h

gv-po-2

The cybersecurity policy is reviewed and updated to reflect changes in requirements, threats, and technology

Govern / Policy

high 3h

SOC2

cc4-1

Security controls are evaluated on an ongoing basis

Security / Monitoring Activities

high 12h