500.4(a)—500.4(a)
>Control Description
Each covered entity shall designate a CISO. The CISO may be employed by the covered entity, one of its affiliates or a third-party service provider. If the CISO is employed by a third-party service provider or an affiliate, the covered entity shall:
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.