500.16(a)(1)—500.16(a)(1)
>Control Description
Incident response plan. Incident response plans shall be reasonably designed to enable prompt response to, and recovery from, any cybersecurity event materially affecting the confidentiality, integrity or availability of the covered entity’s information systems or the continuing functionality of any aspect of the covered entity’s business or operations. Such plans shall address the following areas with respect to different types of cybersecurity events, including disruptive events such as ransomware incidents:
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.