HITRUST offers two types of CSF Assessments: a self-assessment and a validated assessment.

Self-assessment allows organizations to self-assess using the standard methodology, requirements, and tools provided under the CSF Assurance Program. HITRUST will then perform limited validation on the results of the self-assessment to provide a limited level of assurance to the relying entity.

Validated assessment is conducted by a HITRUST Certified External Assessor. The CSF Assurance methodology is used and the controls are scored accordingly. Assessments meeting or exceeding the current CSF Assurance scoring requirements for certification will be indicated as CSF Certified on the certification report.

*References: Which Assessment is Right for Me? and the CSF Assurance Program Requirements


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment