>myctrl.tools
Preferences
Under active development Content is continuously updated and improved · Last updated Feb 18, 2026, 2:55 AM UTC
Compare

500.15(b)500.15(b)

>Control Description

To the extent a covered entity determines that encryption of nonpublic information at rest is infeasible, the covered entity may instead secure such nonpublic information using effective alternative compensating controls that have been reviewed and approved by the covered entity’s CISO in writing. The feasibility of encryption and effectiveness of the compensating controls shall be reviewed by the CISO at least annually.

>Cross-Framework Mappings

SCF

CRY-01
Compare
CRY-01.1
Compare
GOV-02.1
Compare
RSK-06.2
Compare

Ask AI

Configure your API key to use AI features.