Question
Using the NIST CSF as the focus, map HIPAA, PCI, and one other regulatory requirement that includes elements of IR/DR/BC into the following table (remember
Using the NIST CSF as the focus, map HIPAA, PCI, and one other regulatory requirement that includes elements of IR/DR/BC into the following table (remember the key word searching). In the Summary Comments section, comment on deficiencies based on your opinion in any of the frameworks for the corresponding CSF subcategory.
CSF Subcategory | HIPAA Requirement | PCI DSS Requirement | X Requirement (Your choice) | Summary Comments |
ID.AM-1: Physical devices and systems within the organization are inventoried | ||||
ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value | ||||
ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations) | ||||
ID.RA-1: Asset vulnerabilities are identified and documented | ||||
ID.RA-4: Potential business impacts and likelihoods are identified | ||||
PR.AC-2: Physical access to assets is managed and protected | ||||
PR.IP-4: Backups of information are conducted, maintained, and tested | ||||
PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed | ||||
PR.IP-10: Response and recovery plans are tested | ||||
DE.CM-1: The network is monitored to detect potential cybersecurity events | ||||
RS.RP-1: Response plan is executed during or after an incident | ||||
RS.IM-1: Response plans incorporate lessons learned | ||||
RC.RP-1: Recovery plan is executed during or after a cybersecurity incident | ||||
RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams |
Step by Step Solution
3.40 Rating (159 Votes )
There are 3 Steps involved in it
Step: 1
CSF Subcategory IDAM1 Physical devices and systems within the organization are inventoried HIPAA Requirement There is no specific HIPAA requirement that requires organizations to inventory their physi...Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started