HIPAA · Technical safeguards
§164.312(a)(1) Access control
Allow access to ePHI only to authorized persons or software through unique IDs, emergency access, automatic logoff and encryption.
Mapped across 14 provisions
Equivalent and related requirements in other frameworks and regulations.
- NIST 800-53EquivalentOfficial mapping
Source: HIPAA Security Rule / NIST SP 800-53 Rev. 5
AC-2 Account managementAccess control & identity
- CIS Controls v8EquivalentCurated6.1 Establish an access granting process
Access control & identity
- Cyber EssentialsEquivalentCuratedCE-3 User access control
Access control & identity
- DORAPartialCuratedArt. 9 Protection and prevention
Access control & identity
- Essential EightPartialCuratedE8-3 Multi-factor authentication
Access control & identity
- Essential EightPartialCuratedE8-4 Restrict administrative privileges
Access control & identity
- GLBAEquivalentCurated§314.4(c)(1) Access controls
Access control & identity
- ISO 27001EquivalentCuratedA.5.15 Access control
Access control & identity
- NIS2PartialCuratedArt. 21(2)(i) Access control and asset management
Access control & identity
- NIST 800-171EquivalentCurated3.1.1 Limit system access to authorized users
Access control & identity
- NIST CSF 2.0EquivalentCuratedPR.AA-01 Identities and credentials managed
Access control & identity
- PCI DSSEquivalentCuratedReq. 7 Restrict access by business need to know
Access control & identity
- PCI DSSEquivalentCuratedReq. 8 Identify users and authenticate access
Access control & identity
- SOC 2EquivalentCuratedCC6.1 Logical access security controls
Access control & identity