The latest version of the HITRUST CSF framework is available on our website for qualified organizations. A qualified organization is defined as any organization employing a function or activity involving data protection, provided said organization does not offer security and/or privacy products or services. Additionally, any federal, state, or local agency or department may be considered a qualified organization. HITRUST has the right to verify eligibility.

References: CSF Framework Download (Requires agreeing to the HITRUST CSF License Agreement)

If you are not sure whether your organization is qualified, please contact or call 855-HITRUST.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment