HHS 405(d) Health Industry Cybersecurity Practices (HICP, 2023 Edition)

HHS-published voluntary cybersecurity practices for the healthcare sector under §405(d) of the Cybersecurity Act of 2015. Implementation can support HITECH safe-harbor benefit (PL 116-321). Mapped from HICP Technical Volumes 1 and 2 sub-practices to M365-observable controls.