Skip to content

Policy/Program Change Details
This advisory reminds External Assessor Organizations of the addition of CSF control 01.e, Review of User Access Rights, and CSF control 01.t, Session Time-out, to the CSF controls REQUIRED for certification with the 2016 CSF version 8 release. (See HAA 2016-003 and -004.) Failure to include CSF controls 01.e and 01.t will prevent organizations from submitting their assessments for HITRUST validation and certification against the CSF version 8 release. These two additional requirements increase the total number of CSF controls required for HITRUST CSF certification from 64 to 66.

See HAA 2016-003 and HAA 2016-004.

Timetable for Implementation
Effective Date: 1 July 2016

<< Back to News Next Advisory >>

Subscribe to get updates,
news, and industry information.


Chat Now

This is where you can start a live chat with a member of our team