Skip to content
Cyber Compliance

HIPAAPCI DSS crosswalk

A control-by-control mapping between HIPAA Security Rule (45 CFR Part 164, Subpart C) and PCI DSS v4.0. 5 mappings.

HIPAAPCI DSSRelationshipNotes
§164.312(a)(1)
Access control
Req. 7
Restrict access by business need to know
EquivalentCurated
Contrôle d'accès et identité
§164.312(a)(1)
Access control
Req. 8
Identify users and authenticate access
EquivalentCurated
Contrôle d'accès et identité
§164.312(b)
Audit controls
Req. 10
Log and monitor all access to system components and cardholder data
EquivalentCurated
Journalisation, surveillance et détection
§164.312(e)(1)
Transmission security
Req. 3
Protect stored account data
EquivalentCurated
Cryptographie et protection des données
§164.312(e)(1)
Transmission security
Req. 4
Protect cardholder data with strong cryptography during transmission
EquivalentCurated
Cryptographie et protection des données

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.