Entities will need to pay close attention to revisions in whatever standards are adopted, because the safe harbor will only be available if a covered entity conforms to revisions not later than 6 months after the publication date of the revision. Entities regulated by HIPAA/HITECH or GLBA will be able to rely on the safe harbor if their cybersecurity programs conform to the current versions of the relevant security requirements, provided that the entities conform with revisions to applicable laws not later than 6 months after the publication date of such revision. Connecticut sets the bar for what, in its legislative view, constitutes “reasonable security measures” by outlining these industry-recognized standards as the guidelines.