Data must be encrypted both at rest and in transit without exception.
Compliance is built on a "shared responsibility" model where both the provider and the cloud service provider (CSP) must fulfill specific roles. HIPAA & Cloud Computing Guidance - Compliancy Group hipaa cloud computing
Implementation of MFA is no longer optional for all users. Data must be encrypted both at rest and