FAQs

Table of Contents

FAQs

HITRUST CSF Framework FAQ
MyCSF FAQ
CSF Assurance Program FAQ
Third Party Assurance FAQ
CSF Assessor Program FAQ
HITRUST Threat Catalogue FAQ
Frequently Asked Questions About the HITRUST Risk Management Framework
HITRUST CSF and SOC 2® Frequently Asked Questions
- Does a SOC 2 + HITRUST CSF examination assess all 135 or only the controls required for HITRUST certification?
- What is the difference between a HITRUST CSF Certification and a service auditor’s report expressing an opinion on the fairness of the system description, suitability of design, and operating effectiveness of controls based on The HITRUST CSF?
HITRUST CSF and NIST CSF Frequently Asked Question

Download as PDF

HITRUST and the NIST Cybersecurity Framework FAQ

Subtopics

Can risk be calculated based on a control’s maturity level?
Do non-contextual impact ratings for controls provide any real value?
How does the RMF fit into the NIST CsF?
Why can’t I just adopt the NIST CsF without leveraging additional guidance or frameworks?
What is the best approach for implementing the NIST CsF in the healthcare industry?
If I’ve already adopted the HITRUST CSF, does that mean I’ve adopted the NIST CsF?
If I’m HITRUST CSF Certified, what do I need to do to demonstrate I’m complying with the NIST CsF?
Will HITRUST incorporate the NIST Cybersecurity Practice Guides into the HITRUST RMF?

Feedback

Was this helpful?

Yes No

You indicated this topic was not helpful to you ...

Could you please leave a comment telling us why? Thank you!

Thanks for your feedback.

Post your comment on this topic.

Your name *

Your e-mail address *

Comment *

Post Comment

Copyright © 2019 HITRUST — Powered by