HITRUST CSF Certification will generally result in certification of an organization’s information security program against the NIST Cybersecurity Framework because the control requirements for both frameworks are essentially the same; they’re just mapped and aggregated differently. However, because they are mapped and aggregated differently, it is possible, but rare, to have a circumstance where an organization may achieve certification against one framework but not the other. It is important to note that both certifications are achieved via the same assessment. There is not a separate NIST CsF assessment from the HITRUST CSF assessment


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment