Yes, one certification is for the organization’s implementation of the HITRUST CSF controls and is based on minimum scoring criteria for 19 topical control areas, such as access control and wireless network security. The other is a certification of an organization’s Current and Target Profiles based on the HITRUST CSF control requirements that map to each of the NIST Cybersecurity Framework’s Core Subcategories.

However, a HITRUST CSF certification will invariably result in a HITRUST certification of an organization’s NIST Framework implementation.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment