HIPAA ControlsSecurity Controls Mapping TemplateRegulatory ComplianceSecurity ControlsSafeguardRule (i.e., HIPAA: 164.XXX PCI: Section 1.1.4)DescriptionCode (i.e. NIST: AC-4, COBIT: AI6, CIS: CSC 5.1)Title (i.e., NIST: Information Flow Enforcement, COBIT: Manage Changes, CIS: Minimize administrative priv.)Policy or Procedure to Develop for EnforcementHIPAA: 164.308(a)(1)(ii)(D)Have you implemented procedures to regularly review records of IS activity such as audit logs, access reports, and security incident tracking? (R)

1. HIPAA ControlsSecurity Controls Mapping TemplateRegulatory
ComplianceSecurity ControlsSafeguardRule
(i.e., HIPAA: 164.XXX
PCI: Section 1.1.4)DescriptionCode
(i.e. NIST: AC-4,
COBIT: AI6,
CIS: CSC 5.1)Title
(i.e., NIST: Information Flow Enforcement,
COBIT: Manage Changes,
CIS: Minimize administrative priv.)Policy or Procedure to
Develop for EnforcementHIPAA:
164.308(a)(1)(ii)(D)Have you implemented procedures to
regularly review records of IS activity such as audit logs, access
reports, and security incident tracking? (R)NIST:
AU-6, AU-7, CA-7, IR-5, IR-6AU-6: Audit Review, Analysis,
and Reporting
AU-7: Audit Reduction and Report Generation
CA-7: Continuous Monitoring
IR-5: Incident Monitoring
IR-6: Incident ReportingInformation Security Audit Policy