Is HITRUST’s certification for the NIST Cybersecurity Framework separate from HITRUST CSF Certification?
Yes, one certification is for the organization’s implementation of the HITRUST CSF controls and is based on minimum scoring criteria for 19 topical control areas, such as access control and wireless network security. The other is a certification of an organization’s Current and Target Profiles based on the HITRUST CSF control requirements that map to each of the NIST Cybersecurity Framework’s Core Subcategories.
However, a HITRUST CSF certification will invariably result in a HITRUST certification of an organization’s NIST Framework implementation.
Post your comment on this topic.