The latest version of the HITRUST CSF framework is available on our website for qualified organizations. A qualified organization is defined as any organization employing a function or activity involving data protection, provided said organization does not offer security and/or privacy products or services. Additionally, any federal, state, or local agency or department may be considered a qualified organization. HITRUST has the right to verify eligibility.
References: CSF Framework Download (Requires agreeing to the HITRUST CSF License Agreement)
If you are not sure whether your organization is qualified, please contact firstname.lastname@example.org or call 855-HITRUST.