Yes, a HITRUST CSF assessment is a requirement for certification against the NIST Cybersecurity Framework. This is because the HITRUST CSF provides the detailed requirements an organization should implement to adequately address the cybersecurity objectives—what NIST refers to as “outcomes”—specified by the NIST Cybersecurity Framework Core Subcategories. Subsequently, HITRUST will only issue a certification for the NIST Cybersecurity Framework with a HITRUST CSF Assessment Report.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment