Authoritative Sources
The HITRUST Framework (HITRUST CSF®) maps to multiple authoritative sources that organizations need to be certain in their data protection compliance efforts. HITRUST® regularly incorporates additional authoritative sources as they are released and accepted in industry and global sectors.
Authoritative Sources included in the HITRUST Framework (HITRUST CSF) Version 11.3
| 1 TAC 15 390.2 | 16 CFR 681 | 201 CMR 17.00 | 21 CFR 11 |
| 23 NYCRR 500 Second Amendment | AICPA TSP 100 | APEC | CCPA 1798 |
| CIS Controls v8 | CMS ARS v3.1 | COBIT 5 | EHNAC |
| EU GDPR | FedRAMP (r5) | FFIEC IS | HICP 2023 |
| HIPAA Breach Notification Rule (45 CFR HIPAA.BN) | HIPAA Privacy Rule (45 CFR HIPAA.PR) | HIPAA Security Rule (45 CFR HIPAA.SR) | HITRUST De-ID Framework v1 |
| IRS Pub 1075 (2021) | ISO/IEC 23894:2023 | ISO/IEC 27001:2022 | ISO/IEC 27002:2022 |
| ISO/IEC 27799:2016 | ISO/IEC 29100:2011 | ISO 31000:2018 | MARS-E v2.2 |
| NIST AI RMF 1.0 | NIST Cybersecurity Framework v1.1 | NIST SP 800-171 R2 | NIST SP 800-53 R4 |
| NIST SP 800-53 R5 | NRS 603A | NY OHIP Moderate-Plus Security Baseline v5.0 | OCR Audit Protocol (2016) |
| OCR Guidance for Unsecured PHI | OECD Privacy Framework | Ontario PHIPA | PCI DSS v4 |
| PDPA (Singapore) | South Carolina Insurance Data Security Act (SCIDSA) 4655 | Joint Commission Standards (TJC) | VA Directive 6500 |
| FFIEC CAT | HHS Cybersecurity Performance Goals | MITRE ATLAS AI Mitigations | NIST SP 800-172 |
| OWASP AI Exchange | StateRAMP r5 | TX-RAMP r5 |