What is the relationship between the controls categories of the HITRUST CSF and the assessment domains found in MyCSF?
The simple answer is that there is no relationship between the HITRUST CSF control categories and the assessment domains. The HITRUST CSF control categories were derived from ISO and provide the structure for the framework. The assessment domains take the control requirements and group them into logical domains based on common IT organizational structure. This is done to make performing an assessment more efficient as controls should be fairly well grouped around typical IT departments.