HITRUST, the leader in information security assurances for risk management and compliance, information security, and compliance assurances, announces the release of version 11.4.0 of the HITRUST Framework (HITRUST CSF®).
This update reaffirms HITRUST's commitment to providing organizations with a comprehensive, up-to-date framework that addresses evolving cyber threats and regulatory requirements.
What is the HITRUST Framework?
The HITRUST Framework (HITRUST CSF) is a comprehensive, scalable, reliable, and efficient framework for information risk management, cybersecurity, and regulatory compliance. It is designed to help organizations globally, in any sector, earn the trust of their customers and stakeholders by demonstrating their commitment to relevant and reliable information security standards.
What's New in CSF v11.4.0
- Expanded Coverage of Emerging Standards: Incorporates NIST Cybersecurity Framework 2.0, NIST SP 800-171 r3, CMMC 2.0, and CMS ARS v5.1, providing updated protections for sensitive information across industries and regulatory environments.
- Enhanced Global and Industry-Specific Compliance: Adds authoritative sources such as ISO/IEC 29151:2017, EU Digital Operational Resilience Act (DORA), NAIC 668, and 16 CFR 314 to address international, financial, and healthcare regulatory requirements.
- Focus on AI and Advanced Technologies: Introduces the OWASP Machine Learning Top 10 to mitigate risks in AI and machine learning systems, enhancing security for organizations leveraging advanced technologies.
- Refreshed Authoritative Sources: Updates existing mappings for several key authoritative sources, including the South Carolina Insurance Data Security Act (SCIDSA), Texas Medical Records Privacy Act, FISMA, 201 CMR 17.00, California Consumer Privacy Act § 1798, FDA 21 CFR Part 11, NIST SP 800-171 r2, OWASP AI Exchange, and MITRE ATLAS.
- Removed Authoritative Sources: The following sources have been retired in v11.4.0 due to obsolescence or evolving industry priorities: DirectTrust, EHNAC, Banking Requirements, and Title 1 Texas Administrative Code § 390.2.
Customer Benefits
- Regulatory Alignment: The inclusion of authoritative sources like DORA, 16 CFR 314, and NAIC 668 ensures organizations can meet evolving compliance mandates across diverse sectors, including finance, healthcare, and government.
- AI and Cyber Resilience: The addition of OWASP ML Top 10 and the latest NIST and CMMC updates provides tools to address emerging threats and adapt to complex cybersecurity challenges.
- Global Standards Integration: ISO/IEC 29151:2017 and CMS ARS v5.1 bring international and healthcare-focused privacy and security practices into a unified framework, simplifying compliance for global organizations.
- Streamlined Process: Leveraging a centralized framework reduces redundancy in compliance efforts, enabling organizations to efficiently achieve HITRUST certification while addressing multiple regulatory requirements simultaneously.
- Future-Ready Framework: HITRUST CSF v11.4.0 equips organizations to stay ahead of regulatory changes, ensuring long-term adaptability and resilience in the face of evolving cybersecurity and privacy landscapes.
Transition Information
With the launch of v11.4.0, new e1 and i1 assessments will be aligned with the updated framework, ensuring organizations benefit from the latest cybersecurity and compliance advancements. Existing assessments under v11.3.2 can still proceed, providing flexibility and continuity for ongoing certification efforts.
Access and Implementation
HITRUST CSF v11.4.0 is available for download on the HITRUST website.
Organizations are encouraged to transition to the updated framework to leverage the enhanced protections and efficiencies it offers. For more information and to download the HITRUST CSF v11.4.0, visit the HITRUST Framework page.