>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

5.260.35.260.3

>Control Description

Except as otherwise provided herein, a covered entity shall perform an initial risk assessment of its business operation and develop the cybersecurity best practices it deems appropriate. After performing the initial risk assessment, the covered entity shall continue to monitor and evaluate cybersecurity risks to its business operation on an ongoing basis and shall modify its cybersecurity best practices and risk assessments as it deems appropriate. The risk assessment and ongoing monitoring and evaluation required pursuant to this subsection may be performed by an affiliate of the covered entity or a third-party with expertise in the field of cybersecurity. Examples of cybersecurity best practices include, without limit, CIS Version 8, COBIT 5, ISO/IEC 27001, and NIST SP 800-53, or later versions thereof. Covered entities shall fully comply with this subsection within 90 days of being licensed.

>Cross-Framework Mappings

SCF

CPL-03.1
Compare
RSK-04
Compare
RSK-04.1
Compare
RSK-07
Compare

Ask AI

Configure your API key to use AI features.