As AI continues to gain momentum, organizations face new risks, challenges, and security concerns. In response, HITRUST launched two comprehensive AI assurance solutions in 2024.  

1. HITRUST AI Risk Management Assessment 

2. HITRUST AI Security Assessment and Certification 

Let’s explore.  

Common features

Before diving into each solution’s unique attributes, it’s important to note that both AI Risk Management and AI Security Assessments share several foundational HITRUST capabilities.  

• Prescriptive, harmonized controls

  Each AI assessment leverages HITRUST’s rigorous, prescriptive controls built on a harmonized framework that reflects leading standards such as ISO/IEC 23894:2023, NIST RMF, and more. 

• Cyber threat-adaptive framework

  HITRUST regularly updates control sets to address evolving AI threats. This continuous refinement ensures that both AI assessments stay current with emerging risks. 

• Powered by MyCSF

  Both solutions use HITRUST’s SaaS platform, MyCSF, enabling organizations to efficiently manage assessments and securely share results and reports with stakeholders. 

• Credibility and reliability

  HITRUST has an established track record in cybersecurity assurance, providing globally recognized methodologies that organizations of all sizes can trust. 

HITRUST AI Risk Management Assessment 

Purpose 

The HITRUST AI Risk Management Assessment is designed for organizations seeking a targeted evaluation of their AI risk management practices.  

Key features 

• Non-certified solution: Evaluates AI risk management without the formalities of a certification process 

• 51 AI-specific controls: Focuses on AI risks based on 51 controls, helping you pinpoint vulnerabilities and prioritize improvements 

• Self-evaluation: Allows flexibility to perform a standalone self-assessment or engage a HITRUST External Assessor for independent testing 

• Cost-effective entry point: Offers a cost-effective way to begin identifying and addressing AI-related risks 

• AI RM Insights Report: Delivers clear, detailed scoring mapped to ISO/IEC 23894:2023 and NIST RMF v1.0, including color-coded scorecards, gap analysis, and next-step recommendations 

Ideal for 

• AI users and producers looking for a flexible approach to assess AI risks 

• Organizations wanting a low-barrier, targeted way to identify AI gaps 

• Teams looking to create or refine an AI risk management program but not yet ready to pursue formal certification 

HITRUST AI Security Assessment and Certification 

Purpose 

The HITRUST AI Security Assessment and Certification is a higher-level assurance solution that validates the security of AI systems in a formal manner.  

Key features 

• Certified validation: Results in a HITRUST AI certification that demonstrates the highest level of security assurance to stakeholders 

• 44 security controls: Focuses on the security and privacy of AI platforms with 44 controls, which can be tailored based on specific use case scenarios  

• Independent, centralized quality review: Includes third-party validation and centralized quality review, demonstrating rigorous testing and reliable results 

• Inheritance: Allows to inherit AI controls from cloud service providers and other vendors that already have HITRUST-certified systems  

• Seamless add-on to HITRUST cybersecurity assessments: Can be added to any of HITRUST’s core assessments (e1, i1, r2), ensuring comprehensive coverage of both cybersecurity and AI security in a unified approach 

Ideal for 

• AI developers and deployers seeking a formal certification that can be shared with customers, regulators, and partners 

• Organizations looking to align AI security controls with recognized frameworks (e.g., NIST, ISO/IEC, OWASP) and consolidate compliance efforts 

• Teams that proactively want to stay ahead of new AI security threats 

Which one is right for you?

If you’re exploring AI risks, processes, and gaps, choose the HITRUST AI Risk Management Assessment to gain deep insights without the pressure of achieving certification. This approach offers an entry point to identify AI risks and build a roadmap for improvement cost-effectively. 

If you need formal recognition, choose the HITRUST AI Security Assessment and Certification to showcase a validated, independently reviewed AI security posture. This ensures your stakeholders have the assurance they need regarding your organization’s AI security readiness. 

Bottom line 

HITRUST’s AI assurance addresses the evolving landscape of AI risk, compliance, and security. You will benefit from HITRUST’s proven framework, advanced tools, and industry-leading approach whether you opt for the AI Risk Management Assessment or the AI Security Assessment.  

HITRUST’s flexible solutions help ensure AI technologies are deployed responsibly, securely, and with optimal risk management no matter your organization’s size or AI maturity. Choose the solution that best aligns with your goals — risk-focused or security-focused — to confidently navigate the complexities of AI adoption while meeting stakeholder expectations for transparency and assurance. 

Visit the HITRUST AI Hub for more information on how HITRUST can help you secure, manage, and certify your organization’s AI systems.