CIS Controls v8 → HIPAA crosswalk
A control-by-control mapping between CIS Critical Security Controls v8 and HIPAA Security Rule (45 CFR Part 164, Subpart C). 3 mappings.
| CIS Controls v8 | HIPAA | Relationship | Notes |
|---|---|---|---|
| 3.11 Encrypt sensitive data at rest | §164.312(e)(1) Transmission security | EquivalentCurated | Cryptography & data protection |
| 6.1 Establish an access granting process | §164.312(a)(1) Access control | EquivalentCurated | Access control & identity |
| 8.1 Establish and maintain an audit log management process | §164.312(b) Audit controls | EquivalentCurated | Logging, monitoring & detection |
Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.