The topic you requested could not be found.
Related topics are listed below.

Does a SOC 2 + HITRUST CSF examination assess all 135 or only the controls required for HITRUST certification?

HITRUST CSF and SOC 2® Frequently Asked Questions » Does a SOC 2 + HITRUST CSF examination assess all 135 or only the controls required for HITRUST certification?

The answer to this question is either. HITRUST has updated the SOC 2 + HITRUST guidance to illustrate how a SOC 2 + HITRUST CSF opinion could be based upon all 135 security CSF Controls or only those security controls required for Certification. There are three (3)…

Does the use of alternate controls diminish the value of HITRUST Certification?

Frequently Asked Questions About the HITRUST® Risk Management Framework » CSF Assurance Program and Certification FAQ » Does the use of alternate controls diminish the value of HITRUST Certification?

Alternate (or compensating) controls, by definition, mitigate a similar type and amount of risk as the control it’s intended to replace. This is illustrated in the Risk Analysis Guide for HITRUST Organizations and Assessors by an example proposing the extension of…

How will HITRUST use threat intelligence to update the control specifications in the HITRUST CSF?

HITRUST Threat Catalogue FAQ » How will HITRUST use threat intelligence to update the control specifications in the HITRUST CSF?

The threat landscape is constantly changing, as are the technologies and tools that organizations rely upon to support their business missions. Consequently, an organization’s information protection program must change and adapt. Threat intelligence is one of several…

Will HITRUST incorporate the NIST Cybersecurity Practice Guides into the HITRUST RMF?

Frequently Asked Questions About the HITRUST® Risk Management Framework » HITRUST and the NIST Cybersecurity Framework FAQ » Will HITRUST incorporate the NIST Cybersecurity Practice Guides into the HITRUST RMF?

HITRUST works closely with NIST and we constantly analyze their documentation to see what additional guidance can be utilized. Many guidelines—most often those that are very technical or technology-specific—are typically outside the scope of the HITRUST CSF;…

Will the interim submission that will be conducted on the HITRUST portal be same/similar as full assessment or will it show only selected sample questions to be scored and validated?

Interim Review FAQ » Will the interim submission that will be conducted on the HITRUST portal be same/similar as full assessment or will it show only selected sample questions to be scored and validated?

The interim assessment will be performed against a random sample of requirements that will be selected at the time the interim assessment is generated. HITRUST will only process the selected sample but will verify, in cases where an object was recreated to ensure the…

Will all the threats to personal data be listed in the HITRUST Threat Catalogue?

HITRUST Threat Catalogue FAQ » Will all the threats to personal data be listed in the HITRUST Threat Catalogue?

The HITRUST Threat Catalogue’s initial release is focused on providing as comprehensive a list as possible. However, users of the HITRUST Threat Catalogue should keep in mind that the threats are enumerated at a level consistent with the control specification in the…

How will the HITRUST Threat Catalogue evolve over time?

HITRUST Threat Catalogue FAQ » How will the HITRUST Threat Catalogue evolve over time?

HITRUST anticipates the HITRUST Threat Catalogue will be a “living document” due to the constantly changing threat environment, including planned improvements to better facilitate risk analyses and the consumption of threat intelligence. Changes will likely include…

How often will the HITRUST Threat Catalogue be updated?

HITRUST Threat Catalogue FAQ » How often will the HITRUST Threat Catalogue be updated?

We anticipate updates to occur annually, shortly after each HITRUST CSF release, or when significant changes in the threat environment would warrant an interim release.

What evidence do you have that controls with high maturity will not change or degrade?

Control Maturity and Continuous Monitoring and Assessment FAQ » What evidence do you have that controls with high maturity will not change or degrade?

HITRUST’s analysis of organizational assessment data over the past 10 years indicates that the more mature an organization’s information protection program, specifically their information security controls which demonstrate proficiency of operation, management, and…

Will NIST SP 800-53r5 impact the structure of the HITRUST CSF?

HITRUST CSF Framework FAQ » Will NIST SP 800-53r5 impact the structure of the HITRUST CSF?

The enhancements planned for Q1 2021 will structurally change the HITRUST CSF; however, it will not be impacted by the inclusion of NIST SP 800-53r5 nor will it require “relearning” of the framework. Upon release in Q1 2021, customers will have the ability to sort…