Advisories

HAA 2016-005: New Controls for HITRUST CSF V8

Written by HITRUST | Mar 15, 2024 5:00:24 AM

Policy/Program Change Details
This advisory reminds External Assessor Organizations of the addition of CSF control 01.e, Review of User Access Rights, and CSF control 01.t, Session Time-out, to the CSF controls REQUIRED for certification with the 2016 CSF version 8 release. (See HAA 2016-003 and -004.) Failure to include CSF controls 01.e and 01.t will prevent organizations from submitting their assessments for HITRUST validation and certification against the CSF version 8 release. These two additional requirements increase the total number of CSF controls required for HITRUST CSF certification from 64 to 66.

Rationale
See HAA 2016-003 and HAA 2016-004.

Timetable for Implementation
Effective Date: 1 July 2016