HECVAT v4.1.0 Documentation

Complete security assessment framework with 333 questions across 35 categories.

Critical

157

Standard

Minor

255

Scored

Unscored

217

Required

Conditional

Code↕	Category↕	Total↕	Critical↕	Required↕
GNRL	General Information	9	2	6	View
APPL	Application/Service Security	14	4	9	View
AAAI	Authentication, Authorization, and Account Management	18	5	12	View
DATA	Data Security	23	6	16	View
VULN	Vulnerability Management	6	1	4	View
HFIH	Incident Handling	4	1	2	View
PRGN	General Privacy	5	1	3	View
AIML	AI Machine Learning	9	2	6	View
AILM	AI Large Language Model	7	2	4	View
CHNG	Change Management	16	4	11	View
THRD	Third Party Management	5	1	3	View
AIGN	AI Governance	5	1	3	View
AIPL	AI Platform Security	5	1	3	View
AIQU	AI Quality Assurance	2	0	1	View
AISC	AI Supply Chain	5	1	3	View
DPAI	Data Privacy - AI/ML	8	2	5	View
DRPV	Data Rights and Privacy	15	4	10	View
INTL	International Privacy	5	1	3	View
PRPO	Privacy Policy	13	3	9	View
PDAT	Privacy Data Types	8	2	5	View
PCHG	Privacy Changes	2	0	1	View
PTHP	Privacy Third Party	2	0	1	View
PDOC	Privacy Documentation	3	0	2	View
PCOM	Privacy Communications	4	1	2	View
OPEM	Operational Employee Management	10	3	7	View
PCID	PCI Compliance	12	3	8	View
PPPR	Policies, Procedures, and Processes	15	4	10	View
FIDP	Financial and Insurance	11	3	7	View
DCTR	Data Center Operations	16	4	11	View
CONS	Consulting and Professional Services	9	2	6	View
ITAC	IT Architecture and Controls	18	5	12	View
DOCU	Documentation	7	2	4	View
REQU	Requirements	8	2	5	View
COMP	Compliance	5	1	3	View
HIPA	HIPAA Compliance	29	8	20	View