Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Using the NIST CSF as the focus, map HIPAA, PCI, and one other regulatory requirement that includes elements of IR/DR/BC into the following table (remember

Using the NIST CSF as the focus, map HIPAA, PCI, and one other regulatory requirement that includes elements of IR/DR/BC into the following table (remember the key word searching). In the Summary Comments section, comment on deficiencies based on your opinion in any of the frameworks for the corresponding CSF subcategory.

CSF Subcategory

HIPAA Requirement

PCI DSS Requirement

X Requirement (Your choice)

Summary Comments

ID.AM-1: Physical devices and systems within the organization are inventoried

ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value

ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)

ID.RA-1: Asset vulnerabilities are identified and documented

ID.RA-4: Potential business impacts and likelihoods are identified

PR.AC-2: Physical access to assets is managed and protected

PR.IP-4: Backups of information are conducted, maintained, and tested

PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed

PR.IP-10: Response and recovery plans are tested

DE.CM-1: The network is monitored to detect potential cybersecurity events

RS.RP-1: Response plan is executed during or after an incident

RS.IM-1: Response plans incorporate lessons learned

RC.RP-1: Recovery plan is executed during or after a cybersecurity incident

RC.CO-3: Recovery activities are communicated to internal and external stakeholders as well as executive and management teams

Step by Step Solution

3.40 Rating (159 Votes )

There are 3 Steps involved in it

Step: 1

CSF Subcategory IDAM1 Physical devices and systems within the organization are inventoried HIPAA Requirement There is no specific HIPAA requirement that requires organizations to inventory their physi... blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Accounting Introduction To Financial Accounting

Authors: Henry Dauderis, David Annand

1st Edition

1517089719, 978-1517089719

More Books

Students also viewed these Accounting questions

Question

Find the equation 1 D y cos x 75 A y cos x 2 B y cos x 2 C y cos x

Answered: 1 week ago