Advisories

HAA 2023-007: CSF v11.0 Creation Deadline for e1 and i1 Assessments

Written by HITRUST | Mar 5, 2024 10:36:27 AM

Overview
Upon the release oCSF v11.1, HITRUST is announcing the deadline for creating e1 and i1 assessments using CSF v11.0.

Timeline

Details
New e1 and i1 assessments may continue to use CSF v11.0 until July 31, 2023.

  • Effective July 31, 2023, the ability to create new e1 and i1 assessments using CSF v11.0 will be disabled.
  • e1 and i1 assessments using CSF v11.0 can continue to be submitted after July 31, 2023. The v11.0 e1 and i1 assessment submission deadline will be announced a minimum of 90 days in advance.

e1 and i1 Assessment Change Summary

  • e1 Assessment
    The e1 assessment requirement statements have not changed between v11.0 and v11.1.
  • i1 Assessment
    One requirement statement (0506.09m1Organizational.12) included in the i1 assessment has been updated for clarity in v11.1.
    • v11.1: Where a specific business need for wireless access has been identified the organization requires end points to encrypt traffic prior to transmitting information over a wireless network. For devices that do not have an essential wireless business purpose, the organization disables wireless access in the hardware configuration (basic input/output system or extensible firmware interface).
    • v11.0: Where a specific business need for wireless access has been identified, the organization configures wireless access on client machines to allow access only to authorized wireless networks. For devices that do not have an essential wireless business purpose, the organization disables wireless access in the hardware configuration (basic input/output system or extensible firmware interface).

No other changes have been made to the i1 assessment requirement statements between v11.0 and v11.1. 

Additional Information
For any additional questions, please contact our Support team or a HITRUST Customer Success Manager.