“405.d” refers to section 405.d of the Cybersecurity Act of 2015. This (relatively short) section of the legislation calls for (to sum it up in very general terms) the establishment of common, voluntary cybersecurity guidelines for healthcare and public health organizations. The end result of this public and private collaborative initiative are the “Health Industry Cybersecurity practices (HICP).