Skip to content

Authoritative Sources

The HITRUST Framework (HITRUST CSF®) maps to multiple authoritative sources that organizations need to be certain in their data protection compliance efforts. HITRUST® regularly incorporates additional authoritative sources as they are released and accepted in industry and global sectors.


Authoritative Sources included in the HITRUST Framework (HITRUST CSF) Version 11.3

1 TAC 15 390.2 16 CFR 681 201 CMR 17.00 21 CFR 11
23 NYCRR 500 Second Amendment AICPA TSP 100 APEC CCPA 1798
CIS Controls v8 CMS ARS v3.1 COBIT 5 EHNAC
HIPAA Breach Notification Rule (45 CFR HIPAA.BN) HIPAA Privacy Rule (45 CFR HIPAA.PR) HIPAA Security Rule (45 CFR HIPAA.SR) HITRUST De-ID Framework v1
IRS Pub 1075 (2021) ISO/IEC 23894:2023 ISO/IEC 27001:2022 ISO/IEC 27002:2022
ISO/IEC 27799:2016 ISO/IEC 29100:2011 ISO 31000:2018 MARS-E v2.2
NIST AI RMF 1.0 NIST Cybersecurity Framework v1.1 NIST SP 800-171 R2 NIST SP 800-53 R4
NIST SP 800-53 R5 NRS 603A NY OHIP Moderate-Plus Security Baseline v5.0 OCR Audit Protocol (2016)
OCR Guidance for Unsecured PHI OECD Privacy Framework Ontario PHIPA PCI DSS v4
PDPA (Singapore) South Carolina Insurance Data Security Act (SCIDSA) 4655 Joint Commission Standards (TJC) VA Directive 6500
FFIEC CAT HHS Cybersecurity Performance Goals MITRE ATLAS AI Mitigations NIST SP 800-172
OWASP AI Exchange StateRAMP r5 TX-RAMP r5

Ready to take your information security program to the next level?


Chat Now

This is where you can start a live chat with a member of our team