The HITRUST CSF Assessment questionnaire will ask about your organization’s information security practices in 19 major topical domains such as information protection program, endpoint protection, portable media security, third party assurance and risk management.

To gain an understanding of your organization’s risk profile, the questionnaire will ask you if:

  • Specific requirements are addressed in organizational policy and standards,
  • There are processes and procedures to support the implementation of the requirements,
  • The requirements have been implemented consistently across the organization,
  • The effectiveness of the controls are monitored (e.g., with a metric or other type of measurement), and
  • The controls are actively managed based on this monitoring.

References: HITRUST CSF Assessment Process, CSF Assurance Program Requirements and Risk Analysis Guide


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment