Standards | CFR Sections | Implementation Specifications (R)=Required, (A)=Addressable | |
---|---|---|---|
Security Management Process | 164.308(a)(1) | Risk Analysis | (R) |
Risk Management | (R) | ||
Sanction Policy | (R) | ||
Information Systems Activity Review | (R) | ||
Assigned Security Responsibility | 164.308(a)(2) | (R) | |
Workforce Security | 164.308(a)(3) | Authorization and/or Supervision | (A) |
Workforce Clearance Procedure | (A) | ||
Termination Procedures | (A) | ||
Information Access Management | 164.308(a)(4) | Isolating Health care Clearinghouse Function | (R) |
Access Authorization | (A) | ||
Access Establishment and Modification | (A) | ||
Security Awareness and Training | 164.308(a)(5) | Security Reminders | (A) |
Protection from Malicious Software | (A) | ||
Log-in Monitoring | (A) | ||
Password Management | (A) | ||
Security Incident Procedures | 164.308(a)(6) | Response and Reporting | (R) |
Contingency Plan | 164.308(a)(7) | Data Backup Plan | (R) |
Disaster Recovery Plan | (R) | ||
Emergency Mode Operation Plan | (R) | ||
Testing and Revision Procedure | (A) | ||
Applications and Data Criticality Analysis | (A) | ||
Evaluation | 164.308(a)(8) | (R) | |
Business Associate Contracts and Other Arrangement | 164.308(b)(1) | Written Contract or Other Arrangement | (R) |