As the chart from chapter 3 shows, the HIPAA Security Administrative Safeguards have 9 individual Standards, with a total of 21 Implementation Specifications. There are 12 required and 11 addressable Implementation Specifications, and 2 Standards with no Implementation Specifications given, but each of which are required. Here are the 9 Standards for Administrative Safeguards:
Security Management Process
Assigned Security Responsibility
Workforce Security
Information Access Management
Security Awareness Training
Security Incident Procedures
Contingency Plan
Evaluation
Business Associate Contracts and other arrangements
Many of the Implementation Standards will be specific to each covered entity, and that is why some of the Standards have been made 'addressable'.
Some of the following standards are straightforward, but some may involve a great deal of detailed work, review, training, and money to comply with.