The HITRUST CSF is both risk- and compliance-based, which allows organizations to tailor the security and privacy control baselines based on a variety of factors including organization type, size, systems, and regulatory requirements. Whether the controls are a custom set developed from a traditional risk analysis, identified as part of established regulations or legislations, or one tailored from a pre-defined control baseline (e.g., ISO/IEC 27001 or NIST SP 800-53, both of which HITRUST leverages in the HITRUST CSF), an organization must implement and maintain the selected controls to manage risk at a level deemed acceptable by its leadership.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment