HITRUST offers two types of CSF Assessments – a self-assessment and a validated assessment.

  • Self-assessments allow organizations to assess themselves using HITRUST’s standard methodology, requirements, and tools provided under the CSF Assurance Program. HITRUST performs limited validation on the results of the self-assessment to provide a limited level of assurance to relying entities.
  • Validated assessments are conducted by a HITRUST Approved CSF Assessor. The CSF Assurance Program’s assessment methodology is used and the controls are scored using HITRUST’s maturity approach to control implementation. Assessments meeting or exceeding the current CSF Assurance Program requirements receive a HITRUST validated report indicating they are HITRUST CSF Certified.

For more information, refer to the HITRUST Webpage Which Assessment is Right for Me? and the CSF Assurance Program Requirements brochure.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment