This is a Demo Compliance Environment
No real customer data is stored here. All organizations, evidence, assessments, and control updates are seeded sample/demo data for product demonstrations.
Active demo organization: King's Healthcare, Inc. (Demo Organization)
marv
MediTech HIPAA + NIST 800-171 Audit
1 framework scope
3 fully implemented
0 overdue POA&M items
0 awaiting customer review
0 needs info/rejected
HIPAA Security Rule
HIPAA · 45 CFR 164
Physical Safeguards
0 / 1 controls answered
0%0 implemented1 open
Physical Safeguards
0 / 1 controls answered
Implementation Coverage
0%
Includes fully implemented controls only
Evidence Coverage
0%
Controls with at least one linked evidence item
High Risk Gaps
0
Open controls marked High/Critical
Top Gaps
164.310(d)(1) Device and Media Controls
Administrative Safeguards
1 / 2 controls answered
50%1 implemented1 open
Administrative Safeguards
1 / 2 controls answered
Implementation Coverage
50%
Includes fully implemented controls only
Evidence Coverage
0%
Controls with at least one linked evidence item
High Risk Gaps
0
Open controls marked High/Critical
Top Gaps
164.308(a)(5)(ii)(C) Log-in Monitoring
Technical Safeguards
1 / 2 controls answered
50%1 implemented1 open
Technical Safeguards
1 / 2 controls answered
Implementation Coverage
50%
Includes fully implemented controls only
Evidence Coverage
0%
Controls with at least one linked evidence item
High Risk Gaps
0
Open controls marked High/Critical
Top Gaps
164.312(a)(1) Access Control
Policies & Procedures
1 / 1 controls answered
100%1 implemented0 open
Policies & Procedures
1 / 1 controls answered
Implementation Coverage
100%
Includes fully implemented controls only
Evidence Coverage
0%
Controls with at least one linked evidence item
High Risk Gaps
0
Open controls marked High/Critical
Top Gaps
No open gaps in this domain.
164.308(a)(1)(ii)(A) Risk Analysis
—164.308(a)(5)(ii)(C) Log-in Monitoring
—164.310(d)(1) Device and Media Controls
—164.316(b)(1) Documentation Retention
—164.312(a)(1) Access Control
—164.312(b) Audit Controls
—| Control | Domain | Framework | Status | Customer Review | Evidence Review | Risk | Evidence | POA&M | Owner | Due |
|---|---|---|---|---|---|---|---|---|---|---|
164.308(a)(1)(ii)(A) Risk Analysis | Administrative Safeguards | HIPAA | IMPLEMENTED | DRAFT | — | — | Missing | — | — | Apr 13, 2026 13d overdue |
164.308(a)(5)(ii)(C) Log-in Monitoring | Administrative Safeguards | HIPAA | NOT IMPLEMENTED | DRAFT | — | — | Missing | — | — | Apr 13, 2026 13d overdue |
164.310(d)(1) Device and Media Controls | Physical Safeguards | HIPAA | NOT IMPLEMENTED | DRAFT | — | — | Missing | — | — | Apr 13, 2026 13d overdue |
164.316(b)(1) Documentation Retention | Policies & Procedures | HIPAA | IMPLEMENTED | DRAFT | — | — | Missing | — | — | Apr 13, 2026 13d overdue |
164.312(a)(1) Access Control | Technical Safeguards | HIPAA | NOT IMPLEMENTED | DRAFT | — | — | Missing | — | — | Apr 13, 2026 13d overdue |
164.312(b) Audit Controls | Technical Safeguards | HIPAA | IMPLEMENTED | DRAFT | — | — | Missing | — | — | Apr 13, 2026 13d overdue |