Consistent with the certification requirements for the HITRUST CSF, an organization must achieve a minimum score for each NIST Cybersecurity Framework Core Category, which is aggregated from the scores for individual HITRUST CSF control requirements as they are mapped to each Core Subcategory within a Category. However, no additional Corrective Action Plans (CAPs) are needed to support HITRUST’s certification of the NIST Cybersecurity Framework beyond what is required for HITRUST CSF certification.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment