Advisories

HAA 2023-006: CSF Version 11.1 Release

Written by HITRUST | Mar 5, 2024 10:39:26 AM

Overview
The HITRUST CSF v11.1 framework (v11.1) is available within MyCSF as of April 4, 2023.

Included in v11.1 are several new and refreshed authoritative sources.

New and Refreshed Authoritative Sources
v11.1 includes the following new and refreshed Authoritative Sources:

  • Added MARS-E v2.2 mapping and selectable Compliance factor, “MARS-E v2.2”
    • The existing MARS-E Compliance factor, “MARS-E v2.0” will not be selectable as of v11.1.
  • Added IRS Pub. 1075 (Rev. 11-2021) mapping and selectable Compliance factor, “IRS Pub. 1075 (Rev. 11-2021)”
    • The existing “IRS Pub. 1075” Compliance factor, will not be selectable as of v11.1.
  • Refreshed FedRAMP mapping and selectable Compliance factor, “FedRAMP”

Changes to the r2 Assessment Baseline
One requirement statement (0506.09m1Organizational.12) included in the r2 assessment baseline has been clarified in v11.1.

  • v11.1: Where a specific business need for wireless access has been identified the organization requires end points to encrypt traffic prior to transmitting information over a wireless network. For devices that do not have an essential wireless business purpose, the organization disables wireless access in the hardware configuration (basic input/output system or extensible firmware interface).
  • v11.0: Where a specific business need for wireless access has been identified, the organization configures wireless access on client machines to allow access only to authorized wireless networks. For devices that do not have an essential wireless business purpose, the organization disables wireless access in the hardware configuration (basic input/output system or extensible firmware interface).

No other changes have been made to the baseline r2 assessment requirement statements between v11.0 and v11.1.

Additional Information
For any additional questions, please contact our Support team or a HITRUST Customer Success Manager.