Regulatory Compliance
The HITRUST Framework (HITRUST CSF®) is the maps to over 60 regulations, standards, and best practices. Ensuring that theses authoritatives sources are harmonized into our framework means that organizations are empowered to comply with mutliple regulations and align to many other standards, effectively and efficiently. HITRUST® regularly incorporates additional authoritative sources as they are released and accepted in industry and global sectors.
Authoritative Sources included in the HITRUST Framework (HITRUST CSF) Version 11.7
| 10 NY DoH 405.46 | 16 CFR 314 | 16 CFR 681 | 201 CMR 17.00 |
| 21 CFR 11 | 23 NYCRR 500 Second Amendment | 45 CFR HIPAA.BN | 45 CFR HIPAA.PR |
| 45 CFR HIPAA.SR | ADHICS | AICPA TSP 100 | APEC |
| APRA CPS 230 | BSI C5 | ASD Strategies to Mitigate Cybersecurity Incidents | CCPA |
| CIS Controls v8 | CMMC Level 1 | CMS ARS 5.1 | CMS ARC-AMPE |
| COBIT 2019 | DORA | EU GDPR | FedRAMP KSI |
| FedRAMP r5 | FFIEC CAT | FISMA | GovRAMP r5 |
| HHS Cybersecurity Performance Goals | HICP 2023 | HITRUST De-ID Framework v1 | India DPDPA Act 2023 |
| IRS Pub 1075 (2021) | ISO/IEC 23894:2023 | ISO/IEC 27001:2022 | ISO/IEC 27002:2022 |
| ISO/IEC 27799:2016 | ISO/IEC 29100:2011 | ISO/IEC 29151:2017 | ISO/IEC 31000:2018 |
| MITRE ATLAS | NAIC 668 | NIS2 | NIST AI RMF 1.0 |
| NIST CSF 2.0 | NIST IR 8374r1 | NIST SP 800-53 R4 | NIST SP 800-53 R5 2.0 |
| NIST SP 800-171 R2 | NIST SP 800-171 R3 | NIST SP 800-172 | NRS 603A |
| NY OHIP Moderate-Plus Security Baseline v5.0 | OCR Audit Protocol (2016) | OCR Guidance for Unsecured PHI | OECD Privacy Framework |
| OWASP AI Exchange | OWASP ML Top 10 | PCI DSS v4 | PHIPA |
| SCIDSA 4655 | SGP SCA 2018 | Singapore MAS | Singapore PDPA |
| Texas Medical Records Privacy Act | TJC | TX 521 | TXRAMP r5 |
| UK AI Guide | UK CAF DSPT V7 | UK NHS CAF DSPT V6 | VA Directive 6500 |