The HITRUST i1 Assessment Leverages Security Best Practices and Current Threat Intelligence to Proactively Defend Against Cyberthreats, Including Ransomware and Phishing
The HITRUST Implemented, 1-year (i1) Assessment + Certification is an innovative, threat-adaptive, broad-based assessment that evolves over time to actively address the ever-changing cybersecurity landscape across industries. The i1 is a new class of information security assessment with a threat-adaptive control set that maintains cyber relevance to meet present and future threats.
As HITRUST set out to create the i1 assessment, we found gaps in existing cybersecurity frameworks and standards, including:
- Required controls are not always current or relevant
- Key and emerging cybersecurity risks (such as ransomware) are not always addressed
- The low frequency of updates in many frameworks
- Lack of prescriptiveness, so it is difficult to determine suitability or applicability
The i1 is the first information security assessment of its kind that addresses common deficiencies in other standards and frameworks with attributes not available through other assurance programs.
i1 Assessments Deliver Next-Generation Assurances
By using 219 pre-set control requirements* that leverage security best practices, ongoing threat intelligence data, and the MITRE ATT&CK Framework, the i1 keeps pace with the latest cyberattack threats, including ransomware and phishing.
- Moves security assessments beyond a check-list model to a more dynamic approach that ensures control selection is continuously relevant in defending against the latest threats and cyberattack techniques
- Designed to sunset controls that have lost relevance and have limited assurance value
- Focuses on Implementation for greater assurance that control requirements are in place and operating as intended
- Uses the proven HITRUST CSF framework, which is highly prescriptive and constantly updated, unlike many other frameworks that are vague and remain unchanged for years
- Assessment and testing through a highly qualified HITRUST Authorized External Assessor firm of your choice and the comprehensive HITRUST QA process for Validation and Certification (if earned)
- Leverages good security hygiene and leading practices that substantially cover authoritative sources, such as: NIST SP 800-171, HIPAA Security Rule, GLBA Safeguards Rule, U.S.Department of Labor EBSA Cybersecurity Program Best Practices, Health Industry Cybersecurity Practices (HICP)
- 1-year Certification, which can help justify reductions in cyber insurance premiums
- Reduces time, effort, and cost by Inheriting prior assessment results along with reliance on sharing cloud controls
- Leverages the HITRUST Results Distribution System (RDS) online portal to share assurance results with relying parties through a PDF, web browser, and/or API so they can obtain, interpret, and analyze assessments more efficiently
- Since some organizations choose an i1 Assessment based on speed-to-completion considerations, HITRUST has established a 45 business days (or less) post-submission Service Level Agreement to complete QA on Validated i1 Assessments—or the customer’s next i1 Validated Assessment report credit is free. (Note: Validated assessment submissions that enter escalated QA due to quality concerns are exempted from this SLA.)
*A HITRUST i1 Validated Assessment performed using the HITRUST CSF v9.6 framework includes 219 control requirements, however to address emerging cyberthreats in the future, the number of requirements included in i1 Assessments may change over time. To ensure the i1 Assessment requirement selection remains up-to-date, HITRUST evaluates security controls and reviews threat intelligence data no less than quarterly, and for each release of the HITRUST CSF framework.
How the i1 Fits into the Full HITRUST Assessment Portfolio
All HITRUST Assessments leverage a single assurance methodology, framework, assessment platform, and the HITRUST Results Distribution System. This approach ensures consistency and efficiency across the assessment portfolio. Compared to other HITRUST Assessments, the Implemented, 1-year (i1) Assessment falls between the HITRUST bC Self-assessment and the more rigorous HITRUST Risk-based 2-year (r2) Assessment in terms of effort and assurance levels.
For More Information About the i1 Assessment:
Contact your HITRUST Product Specialist
Call: 855-448-7878 or Email: firstname.lastname@example.org
Download the HITRUST CSF
The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. For eligible organizations, the HITRUST CSF is available to download free of charge.