Although NIST does not have its own certification program for the Cybersecurity Framework, NIST does recognize and actually encourage third party programs that provide a “confidence mechanism” for an organization’s implementation of the Framework, which also includes conformity demonstrations such as certification. While it cannot endorse any commercial approach, NIST goes on to state it “will continue working with those who manage confidence mechanisms programs to assist industry in further leveraging these resources; and private and public-sector entities that have a need for conformity demonstration, to help understand how these organizations can leverage existing programs.”

More information on NIST’s position on confidence mechanisms like the HITRUST certification program can be found at


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment