Authoritative Sources
The HITRUST Framework (HITRUST CSF®) maps to multiple authoritative sources that organizations need to be certain in their data protection compliance efforts. HITRUST® regularly incorporates additional authoritative sources as they are released and accepted in industry and global sectors.
Authoritative Sources included in the HITRUST Framework (HITRUST CSF) Version 11.5
| 10 NY DoH 405.46 | 16 CFR 314 | 16 CFR 681 | 201 CMR 17.00 |
| 21 CFR 11 | 23 NYCRR 500 Second Amendment | 45 CFR HIPAA.BN | 45 CFR HIPAA.PR |
| 45 CFR HIPAA.SR | ADHICS | AICPA TSP 100 | APEC |
| ASD Strategies to Mitigate Cybersecurity Incidents | CCPA | CIS Controls v8 | CMMC 2.0 |
| CMS ARS 5.1 | COBIT 2019 | DORA | EU GDPR |
| FedRAMP r5 | FFIEC CAT | FISMA | GovRAMP r5 |
| HHS Cybersecurity Performance Goals | HICP 2023 | HITRUST De-ID Framework v1 | IRS Pub 1075 (2021) |
| ISO/IEC 23894:2023 | ISO/IEC 27001:2022 | ISO/IEC 27002:2022 | ISO/IEC 27799:2016 |
| ISO/IEC 29100:2011 | ISO/IEC 29151:2017 | ISO/IEC 31000:2018 | MARS-E v2.2 |
| MITRE ATLAS | NAIC 668 | NIS2 | NIST AI RMF 1.0 |
| NIST CSF 2.0 | NIST SP 800-53 R4 | NIST SP 800-53 R5 | NIST SP-800-171 R2 |
| NIST SP 800-171 R3 | NIST SP 800-172 | NRS 603A | NY OHIP Moderate-Plus Security Baseline v5.0 |
| OCR Audit Protocol (2016) | OCR Guidance for Unsecured PHI | OECD Privacy Framework | OWASP AI Exchange |
| OWASP ML Top 10 | PCI DSS v4 | PHIPA | SCIDSA 4655 |
| SGP SCA 2018 | Singapore MAS | Singapore PDPA | Texas Medical Records Privacy Act |
| TJC | TX 521 | TXRAMP r5 | UK AI Guide |
| VA Directive 6500 |