Through HITRUST, an organization seeks to adopt a control framework that is:

  • relevant through regular maintenance of supporting authoritative sources and changes in the threat environment;
  • scalable to various sizes and types of organizations or systems in a controlled manner;
  • tailorable through managed approvals of alternative (compensating) controls;
  • based on compliance with control baselines intended to manage risk to an industry-accepted level;
  • capable of providing certifiable risk assurances to internal and external stakeholders, including regulators; and
  • supported by appropriate guidance and tools.

For more information on HITRUST and the CSF, refer to the HITRUST Key Programs and Services guide.


Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment