Through HITRUST, an organization seeks to adopt a control framework that is:
- relevant through regular maintenance of supporting authoritative sources and changes in the threat environment;
- scalable to various sizes and types of organizations or systems in a controlled manner;
- tailorable through managed approvals of alternative (compensating) controls;
- based on compliance with control baselines intended to manage risk to an industry-accepted level;
- capable of providing certifiable risk assurances to internal and external stakeholders, including regulators; and
- supported by appropriate guidance and tools.
For more information on HITRUST and the CSF, refer to the HITRUST Key Programs and Services guide.
Thanks for your feedback.