Overview
HITRUST now offers the HITRUST AI Security Assessment, ai1 (when combined with an e1 or i1 assessment) and ai2 (when combined with an r2 assessment), which is designed to deliver an AI security assessment and accompanying certification for deployed AI systems.
The HITRUST AI Security (ai1 or ai2) Assessment includes:
- A curated set of security controls encompassing fundamental security practices for deployed AI systems.
- AI security requirements built in response to identified AI threats and analysis of multiple authoritative sources.
- Clearly specified and understandable security requirements which can be included in any HITRUST e1, i1 or r2 assessment by selecting the Security for AI Systems compliance factor in MyCSF.
- The ability to inherit security controls from AI solution providers.
The ai1 or ai2 Assessment in the HITRUST Assessment Portfolio
The addition of the ai1 or ai2 assessment is a continuation of the expansion of the HITRUST assessment portfolio. It is designed to equip organizations to demonstrate that they are addressing the fundamental security risks associated with deployed AI systems. Any organization performing an e1, i1 or r2 assessment may also perform an ai1 or ai2 assessment for its corresponding AI platform and achieve an ai1 or ai2 certification upon meeting the certification criteria.
Eligibility
The diagram below depicts the assessment types and associated CSF library version that qualify for an ai1 or ai2 assessment.
Figure 1
Who Can Perform ai1 or ai2 Assessment
The table below describes a subset of AI personas listed by ISO/IEC 22989:2022, with an indication of whether the persona can perform an ai1 or ai2 Assessment.
|
AI Persona |
Description |
Can Perform This Assessment |
|
AI providers |
An AI provider is an organization or entity that provides products or services that use one or more AI systems.
|
Yes |
|
AI developers |
Concerned with the development of AI services and products (for example, model designers, model verifiers). |
No. The AI Application Deployer that instantiates what an AI developer built can obtain this certification, but the software development function cannot. HITRUST cannot certify the AI application/system development function. HITRUST only certifies implemented systems. |
|
AI customers / users |
Users of an AI product or service. |
No. A SaaS user organization cannot obtain an ai1 or ai2 Certification over the SaaS product. The SaaS provider must certify the system. |
|
AI partners |
Provide products and/or services in the context of AI (e.g., datasets, technical development services, evaluation / assessment services). |
No. |
Details
Steps to Add the Security for AI Systems Compliance Factor
Factors page: The Factors page within e1, i1 or r2 validated assessments includes the Security for AI Systems compliance factor for assessments utilizing v11.4.0 and later. Selecting this factor will add the ai1 or ai2 assessment to an existing e1, i1 or r2 validated assessment.
Figure 2
When the Security for AI Systems compliance factor is added to an assessment, MyCSF will ask three tailoring questions that must be answered:
Figure 3
Scope of the Assessment
For e1, i1 or r2 assessments created with v11.4.0 or later, MyCSF will ask which, if any, in-scope platforms feature AI capabilities. The assessed entity must check all the platforms/systems that they would like to include in their ai1 or ai2 Assessment.
Figure 4
For additional information regarding assessment scoping please see Chapter 7 of the HITRUST Assessment Handbook, which has been updated for the ai1 or ai2 Assessment.
Third-Party Service Providers
When an assessed entity has chosen to include a platform in scope where certain requirements are performed by a third-party service provider, the treatment of the third-party service provider follows the existing rules for the underlying assessment (i.e., a carve out approach is allowed for e1 or i1 assessments but prohibited for r2 assessments).
For additional information on carve outs please see Chapter 7.3 of the HITRUST Assessment Handbook.
Report Credit and QA Reservation
- Report credit: An additional report credit, beyond the HITRUST e1, i1, or r2 report credit, must be purchased prior to submitting the ai1 or ai2 assessment to HITRUST. MyCSF will indicate which report credits are required to be purchased before submission within the Assessment page under the status checklist.
Figure 5
- QA reservation: Only the e1, i1 or r2 validated report credit is required to schedule a QA reservation. The ai1 or ai2 assessment report credit is not required to make a QA reservation but is required to submit the assessment to HITRUST.
For additional information on obtaining report credits and scheduling QA reservations, an organization should contact their Customer Success Manager (CSM) or email our Support team.
Validated Report Agreement and Management Representation Letter
The ai1 or ai2 assessment does not require an additional validated report agreement or management representation letter beyond what is required for the HITRUST e1, i1, or r2 assessment.
HITRUST AI Security Certification Criteria
The ai1 or ai2 certification is awarded if the average control maturity scores of all AI security requirement statements tailored into the assessment through the Security for AI Systems compliance factor achieve a minimum score of 83 in ai1 assessments or 62 in ai2 assessments.
The ai1 and ai2 certification is dependent on also achieving the underlying e1, i1 or r2 certification. The following describes the potential scenarios:
- If certification is not achieved for the underlying HITRUST e1, i1, or r2 assessment, but the ai1 or ai2 certification criteria is achieved (or not achieved), a validated only report for the ai1 or ai2 assessment will be issued.
- If certification is achieved for the underlying HITRUST e1, i1, or r2 assessment, but the ai1 or ai2 assessment does not achieve the certification criteria, a validated only report will be issued for the ai1 or ai2 assessment (while the underlying HITRUST e1, i1 or r2 certification will still be issued).
Figure 6
For an example calculation of the certification criteria for the ai1 or ai2 Assessment, see the FAQs – ai1 or ai2 Assessment.
Corrective Action Plans (CAPs) and Gaps
The ai1 or ai2 Assessment will utilize the underlying HITRUST e1, i1 or r2 assessment’s CAP and Gap logic. Please see the flowchart below for detailed criteria:
Figure 7
For an example calculation of CAPs and Gaps for the HITRUST AI Security Assessment, see the FAQs – ai1 or ai2 assessment.
HITRUST QA
The ai1 or ai2 assessment will feature the same high-quality of deliverables as e1, i1 or r2 assessments, as ensured through HITRUST’s robust Quality Assurance (QA) process.
HITRUST will perform a sample-based QA review of requirement statements for each submitted ai1 or ai2 validated assessment in addition to the sample of core e1, i1 or r2 requirement statements. Additional QA samples will be reviewed for each selected compliance factor when a combined e1 or i1 assessment is performed.
For additional information on HITRUST’s quality assurance process please see Chapter 14 of the HITRUST Assessment Handbook.
Reporting
ai1 or ai2 Assessment Reports
Upon completion of an ai1 or ai2 assessment which achieves the certification criteria (for both the underlying HITRUST validated assessment and the ai1 or ai2 assessment), HITRUST will issue the following reports:
- HITRUST e1, i1 or r2 Certification Report
- HITRUST e1, i1 or r2 Certification Letter
- HITRUST e1, i1 or r2 Certification Letter with Scope Details
- HITRUST ai1 or ai2 Certification Report
- HITRUST ai1 or ai2 Certification Letter
- HITRUST ai1 or ai2 Certification Letter with Scope Details
HITRUST will also issue the reports listed below as applicable:
- For r2 assessments that are certified and utilized v11.3.2, or earlier, a NIST CSF v1.1 certified report or NIST CSF v1.1 validated only report.
- For r2 assessments that are validated only and utilize v11.3.2, or earlier, a NIST CSF v1.1 validated only report.
- For r2 assessments that are certified, utilized v11.4.0, or later, and purchased a NIST CSF v2.0 report credit, a NIST CSF v2.0 certified or validated only report.
- For r2 assessments that are validated only, utilized v11.4.0, or later, and purchased a NIST CSF v2.0 report credit, a NIST CSF v2.0 validated only report.
- Any optionally purchased Insights Report (i.e. HIPAA Insights Report).
ai1 or ai2 assessments that do not achieve the certification criteria or where the underlying e1, i1, or r2 assessments do not achieve the certification criteria, the ai1 or ai2 assessment will be issued as a validated only report.
A sample HITRUST AI Security Assessment Report may be found here.
HITRUST has also made updates to the existing CSF report layout, content, and format of the e1, i1, and r2 assessments. The updated sections include the:
- Certification Letter
- Assessment Context
- Summary Assessment Results (Previously “Results by Assessment Domain”)
- Results by Control Reference
- Appendices A, B and C
HITRUST AI Security Readiness Assessment
HITRUST also offers the ai1 or ai2 assessment as a readiness assessment.
For additional information on readiness assessments please see Chapter 4.1 of the HITRUST Assessment Handbook
ai2 Interim Assessment
All r2 certifications must complete an interim assessment by their one-year anniversary. If the assessment for the r2 certification also achieved an ai2 certification the interim assessment will include a sample of requirement statements from the ai2 assessment (in addition to the interim requirements selected for the underlying r2 assessment). Additionally, any CAPs from the ai2 Assessment will be included in the interim assessment.
If the results of the interim assessment for the underlying HITRUST r2 certification indicate that the certification should not continue, the ai2 certification will also be revoked.
If the results of the interim assessment for the underlying HITRUST r2 certification indicate that the r2 certification should continue while the ai2 certification should not, HITRUST will only issue the interim letter for the HITRUST r2 certification and the ai2 certification will be revoked.
ai2 Bridge Assessment
An ai2 assessment can utilize a bridge assessment. When a bridge assessment is created, the assessment will include a sample of requirement statements from the ai2 certification in addition to the sample of requirement statements from the previous r2 certification.
A separate bridge assessment credit for the ai2 assessment is not required beyond the existing r2 assessment bridge report credit.
Please note the bridge assessments are only available for HITRUST r2 certifications. For additional information on bridge assessments, see Chapter 15.8 of the HITRUST Assessment Handbook.
Rapid Assessment
HITRUST allows rapid assessments to be performed for i1 assessments or e1 combined assessments which meet the criteria for rapid sampling (see HAA 2024-004 Introducing e1 and i1 Combined Assessment). Rapid assessments allow HITRUST requirement statements to be sampled within the assessment when the prior i1 or e1 assessment included an authoritative source which added 60 or more HITRUST requirements to the assessment. The ai1 assessment is not currently eligible for rapid sampling since less than 60 requirements are added to an underlying e1 or i1 assessment when the Security for AI Systems compliance factor is added to an assessment. However, other sources added to the underlying i1 assessment or e1 combined assessment are still eligible to perform a rapid assessment if they meet the specified criteria.
For additional information on rapid assessments please see Chapter 15.5 of the HITRUST Assessment Handbook.
Implementation Timeline
The ability to perform the ai1 or ai2 assessment in MyCSF is available as of the release of this advisory for e1, i1 and r2 assessments created on CSF v11.4.0 and any future version.
Additional Resources
For any additional questions, please contact our Support team or a HITRUST Customer Success Manager. HITRUST has also announced an update to the HITRUST Assessment Handbook to address the new HITRUST AI Security Assessment. Please refer to the HAA 2024-005 - HITRUST Assessment Handbook v1.1.