HAA 2016-005: New Controls for HITRUST CSF V8

July 26, 2016

Policy/Program Change Details
This advisory reminds External Assessor Organizations of the addition of CSF control 01.e, Review of User Access Rights, and CSF control 01.t, Session Time-out, to the CSF controls REQUIRED for certification with the 2016 CSF version 8 release. (See HAA 2016-003 and -004.) Failure to include CSF controls 01.e and 01.t will prevent organizations from submitting their assessments for HITRUST validation and certification against the CSF version 8 release. These two additional requirements increase the total number of CSF controls required for HITRUST CSF certification from 64 to 66.

Rationale
See HAA 2016-003 and HAA 2016-004.

Timetable for Implementation
Effective Date: 1 July 2016

You may also be interested in:

Subscribe to get updates,
news, and industry information.

Subscribe

HAA 2016-005: New Controls for HITRUST CSF V8

You may also be interested in:

HAA 2024-004: Introducing e1 and i1 Combined Assessment HAA 2024-004: Introducing e1 and i1 Combined Assessment

HAA 2024-002: CSF Version 11.3 Release HAA 2024-002: CSF Version 11.3 Release

HAA 2024-003: CSF v11.2 Creation Deadline for e1 and i1 Assessments HAA 2024-003: CSF v11.2 Creation Deadline for e1 and i1 Assessments

Subscribe to get updates,news, and industry information.

Chat Now

HAA 2024-004: Introducing e1 and i1 Combined Assessment

HAA 2024-003: CSF v11.2 Creation Deadline for e1 and i1 Assessments

Subscribe to get updates,
news, and industry information.