Information security continuous monitoring (ISCM) has been a part of the HITRUST CSF control maturity and scoring model since the inception of the HITRUST CSF Assurance Program in 2009.

Typical assessment and audit approaches generally focus on policy and implementation of the controls needed to implement that policy. HITRUST takes a more robust approach by specifically looking at the implementation of the control, including how well the control is supported by policy and procedures, as well as how well the organization monitors the effectiveness of the control and whether it takes appropriate action should monitoring indicate a degradation in effectiveness or failure of the control.

As shown in the table below, continuous monitoring is addressed by the ‘Measured’ and ‘Managed’ maturity levels with a maximum of 15 and 10 points awarded for each level, respectively.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment