Overview
The HITRUST CSF v11.6.0 framework (v11.6.0) is available within MyCSF and downloadable here as of August 22, 2025.
The changes included in v11.6.0 consist of:
- Continued requirement statement consolidation to reduce the volume of requirement statement overlap within the CSF
- Several new and refreshed Authoritative Sources
New and Refreshed Authoritative Sources
v11.6.0 includes the following new Authoritative Source:
- CMS Acceptable Risk Controls for ACA, Medicaid, and Partner Entities (ARC-AMPE) mapping and selectable Compliance factor, "ARC-AMPE"
The following Authoritative Source has been refreshed in v11.6.0:
- CMMC Level 1 mapping and selectable factor CMMC Level 1
The following Authoritative Source has been removed in v11.6.0:
- MARS-E v2.2 mapping and selectable Compliance factor, "MARS-E v2.2"
Other changes:
- Added selectable Compliance factor, “GovRAMP CORE”
No changes have been made to the baseline r2 assessment requirement statements between v11.5.0 and v11.6.0 See HAA 2025-004 - CSF v11.5 Creation Deadline for e1 and i1 Assessments for the impact to the e1 and i1 assessment requirement statements.
Additional Resources
For more information, see the HITRUST CSF v11.6.0 Summary of Changes. For additional questions please contact our Support team or a HITRUST Customer Success Manager (CSM).