The topic you requested could not be found.
Related topics are listed below.

The HITRUST CSF FAQ

Frequently Asked Questions About the HITRUST® Risk Management Framework » The HITRUST CSF FAQ

Subtopics Why do organizations need a security and privacy framework? What are the goals for the HITRUST CSF? Does the HITRUST CSF take a “one-size-fits-all” approach to information security? Is the scope of the HITRUST CSF too large for most…

What are the goals for the HITRUST CSF?

Frequently Asked Questions About the HITRUST® Risk Management Framework » The HITRUST CSF FAQ » What are the goals for the HITRUST CSF?

Through HITRUST, an organization seeks to adopt a control framework that is: relevant through regular maintenance of supporting authoritative sources and changes in the threat environment; scalable to various sizes and types of organizations or systems in a…

What is the difference between the HITRUST Scorecard of the NIST Cybersecurity Framework and the HITRUST CSF Certification?

HITRUST CSF and NIST CSF Frequently Asked Question » What is the difference between the HITRUST Scorecard of the NIST Cybersecurity Framework and the HITRUST CSF Certification?

HITRUST CSF Certification is based on an organization meeting specific scoring criteria for the assessed requirements aggregated into 19 topical domains, e.g., access control and wireless network security. The scorecard HITRUST uses to support certification of an…

Will HITRUST be incorporating NIST SP 800-53r5 into the HITRUST CSF and when?

HITRUST CSF Framework FAQ » Will HITRUST be incorporating NIST SP 800-53r5 into the HITRUST CSF and when?

Yes. HITRUST will soon announce more details on scheduled enhancements aimed at reducing complexity while maintaining comprehensive, best-in-class risk management strategies via the HITRUST Approach. These changes are planned for Q1 2021 and include incorporating…

Does a SOC 2 + HITRUST CSF examination assess all 135 or only the controls required for HITRUST certification?

HITRUST CSF and SOC 2® Frequently Asked Questions » Does a SOC 2 + HITRUST CSF examination assess all 135 or only the controls required for HITRUST certification?

The answer to this question is either. HITRUST has updated the SOC 2 + HITRUST guidance to illustrate how a SOC 2 + HITRUST CSF opinion could be based upon all 135 security CSF Controls or only those security controls required for Certification. There are three (3)…

Does the use of alternate controls diminish the value of HITRUST Certification?

Frequently Asked Questions About the HITRUST® Risk Management Framework » CSF Assurance Program and Certification FAQ » Does the use of alternate controls diminish the value of HITRUST Certification?

Alternate (or compensating) controls, by definition, mitigate a similar type and amount of risk as the control it’s intended to replace. This is illustrated in the Risk Analysis Guide for HITRUST Organizations and Assessors by an example proposing the extension of…

Is the scope of the HITRUST CSF too large for most organizations?

Frequently Asked Questions About the HITRUST® Risk Management Framework » The HITRUST CSF FAQ » Is the scope of the HITRUST CSF too large for most organizations?

Although HITRUST specifically provides for significant tailoring of the HITRUST CSF based on an organization’s specific risk factors, any framework can be applied inappropriately. Given the relatively uncontrolled sprawl of sensitive information in many…

What is the process for an organization to achieve HITRUST CSF Certification?

Frequently Asked Questions About the HITRUST® Risk Management Framework » CSF Assurance Program and Certification FAQ » What is the process for an organization to achieve HITRUST CSF Certification?

The organization should first determine the business drivers for attempting certification which should include identifying key stakeholders, defining scope, and selecting an Authorized External Assessor Organization. HITRUST recommends a Readiness Assessment be…

Will NIST SP 800-53r5 impact the structure of the HITRUST CSF?

HITRUST CSF Framework FAQ » Will NIST SP 800-53r5 impact the structure of the HITRUST CSF?

The enhancements planned for Q1 2021 will structurally change the HITRUST CSF; however, it will not be impacted by the inclusion of NIST SP 800-53r5 nor will it require “relearning” of the framework. Upon release in Q1 2021, customers will have the ability to sort…

Is the HITRUST CSF an industry standard for healthcare?

HITRUST CSF Framework FAQ » Is the HITRUST CSF an industry standard for healthcare?

The HITRUST CSF is a data protection standard not only for healthcare, but can effectively be used by organizations across all sectors. The HITRUST CSF provides a consensus-driven standard of due care and due diligence for the protection of electronic protected health…