Skip to content
Cyber Compliance

HIPAASOC 2 crosswalk

A control-by-control mapping between HIPAA Security Rule (45 CFR Part 164, Subpart C) and SOC 2 (AICPA Trust Services Criteria). 3 mappings.

HIPAASOC 2RelationshipNotes
§164.312(a)(1)
Access control
CC6.1
Logical access security controls
EquivalentCurated
Access control & identity
§164.312(b)
Audit controls
CC7.2
Security event monitoring
EquivalentCurated
Logging, monitoring & detection
§164.312(e)(1)
Transmission security
CC6.7
Restricting data transmission
PartialCurated
Cryptography & data protection

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.