HITRUST is reminding assessors, MyCSF subscribers, and organizations with third-party risk management (TPRM) programs participating in the HITRUST certification program that the comment period for proposed updates to select HITRUST CSF certification requirements will close on July 1, 2026.
The proposed updates are intended to address the rapidly evolving vulnerability identification and exploitation landscape enabled by frontier AI models and help organizations address the "Defend" and "Thwart" focus areas reflected in the NIST Cyber AI Profile.
The changes affect requirements across Endpoint Protection, Configuration Management, Vulnerability Management, Audit Logging & Monitoring, Third Party Assurance, Incident Management, and Risk Management.
Stakeholders are encouraged to review the proposed changes and provide feedback directly in Manula, particularly regarding the clarity, feasibility, and implementation impact of the revised requirements.
Community input plays an important role in ensuring the HITRUST certification program remains effective, practical, and aligned with current risk realities.
Please submit all feedback by July 1, 2026.