An organization selects an appropriate set of security control requirements for its information protection program based on its organizational, system and regulatory risk factors, and it is this set of control requirements that constitute its NIST Cybersecurity Framework Target Profile. While the control requirements map to various NIST Framework Core Subcategories, the control requirements for an organization’s HITRUST CSF Certification and certification of its NIST Cybersecurity Framework implementation are the same.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment