HAA 2016-005: New Controls For HITRUST CSF V8
<< All Blogs

Date: May 11, 2016

Impacted Policy/Program Name
CSF Assurance Program Requirements
Date
August 3, 2016
Advisory Type
Requirement Change

Policy/Program Change Details
This advisory reminds External Assessor Organizations of the addition of CSF control 01.e, Review of User Access Rights, and CSF control 01.t, Session Time-out, to the CSF controls REQUIRED for certification with the 2016 CSF version 8 release. (See HAA 2016-003 and -004.) Failure to include CSF controls 01.e and 01.t will prevent organizations from submitting their assessments for HITRUST validation and certification against the CSF version 8 release. These two additional requirements increase the total number of CSF controls required for HITRUST CSF certification from 64 to 66.
Rationale
See HAA 2016-003 and HAA 2016-004.
Timetable for Implementation
Effective Date: 1 July 2016

<< All Blogs

Chat Now

This is where you can start a live chat with a member of our team