[2/27/24, 11:00 AM EST] CSRC has been experiencing technical issues. If you are unable to access a CSRC page or resource, or get a 503 error, please try reloading the page several times--it may help to wait a few minutes before trying again. We apologize for the inconvenience, and hope to have a solution in place next week.
Physical measures, policies, and procedures to protect a covered entity's or business associate’s electronic information systems and related buildings and equipment from natural and environmental hazards, and unauthorized intrusion.
NIST SP 800-66r2
HIPAA Security Rule - §164.304