500.11(a)—500.11(a)
>Control Description
Each covered entity shall implement written policies and procedures designed to ensure the security of information systems and nonpublic information that are accessible to, or held by, third-party service providers. Such policies and procedures shall be based on the risk assessment of the covered entity and shall address to the extent applicable:
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.