HIPAA → NIS2 crosswalk

A control-by-control mapping between HIPAA Security Rule (45 CFR Part 164, Subpart C) and NIS2 Directive (EU 2022/2555). 7 mappings.

HIPAA	NIS2	Relationship	Notes
§164.308(a)(1) Security management process	Art. 21(2)(a) Risk analysis and information system security policies	RelatedCurated	Évaluation et gestion des risques
§164.308(a)(6) Security incident procedures	Art. 21(2)(b) Incident handling	PartialCurated	Réponse aux incidents et notification des violations
§164.308(a)(6) Security incident procedures	Art. 23 Reporting obligations	PartialCurated	Réponse aux incidents et notification des violations
§164.312(a)(1) Access control	Art. 21(2)(i) Access control and asset management	PartialCurated	Contrôle d'accès et identité
§164.312(e)(1) Transmission security	Art. 21(2)(h) Cryptography and encryption	EquivalentCurated	Cryptographie et protection des données
§164.404 Notification to individuals	Art. 21(2)(b) Incident handling	RelatedCurated	Réponse aux incidents et notification des violations
§164.404 Notification to individuals	Art. 23 Reporting obligations	RelatedCurated	Réponse aux incidents et notification des violations

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.