Authoritative Sources
The HITRUST Framework (HITRUST CSF®) maps to multiple authoritative sources that organizations need to be certain in their data protection compliance efforts. HITRUST® regularly incorporates additional authoritative sources as they are released and accepted in industry and global sectors.
Authoritative Sources included in the HITRUST Framework (HITRUST CSF) Version 11.4
| 1 TAC 15 390.2 | 16 CFR 314 | 16 CFR 681 | 201 CMR 17.00 |
| 21 CFR 11 | 23 NYCRR 500 Second Amendment | 45 CFR HIPAA.BN | 45 CFR HIPAA.PR |
| 45 CFR HIPAA.SR | AICPA TSP 100 | APEC | CCPA 1798 |
| CIS Controls v8 | CMMC | CMS ARS v5.1 | COBIT 5 |
| CSA CSM v4 | DORA | EU GDPR | FedRAMP (r5) |
| FFIEC IS | FFIEC CAT | FISMA | HHS Cybersecurity Performance Goals |
| HICP 2023 | HITRUST De-ID Framework v1 | IRS Pub 1075 (2021) | ISO/IEC 23894:2023 |
| ISO/IEC 27001:2022 | ISO/IEC 27002:2022 | ISO/IEC 27799:2016 | ISO/IEC 29100:2011 |
| ISO/IEC 29151:2017 | ISO 31000:2018 | MARS-E v2.2 | MITRE ATLAS |
| NAIC 668 | NIST AI RMF 1.0 | NIST CSF 2.0 | NIST Cybersecurity Framework v1.1 |
| NIST SP 800-53 R4 | NIST SP 800-53 R5 | NIST SP 800-171 R2 | NIST SP 800-171 R3 |
| NRS 603A | NY OHIP Moderate-Plus Security Baseline v5.0 | OCR Audit Protocol (2016) | OCR Guidance for Unsecured PHI |
| OECD Privacy Framework | OWASP AI Exchange | OWASP ML Top 10 | PCI DSSv4 |
| PDPA | PHIPA | SCIDSA 4655 | State Ramp r5 |
| TJC | Texas Medical Records Privacy Act | TXRAMP r5 | VA Directive 6500 |