Requirement Scoring Calculator
To explore different scoring scenarios, simply click on a score for each control maturity level and watch the calculator determine the requirement’s raw score, PRISMA grade (e.g. 2+, 1-), and HITRUST CSF compliance status. This calculator supports both the current and legacy control maturity weights, and allows measured and managed to be optionally excluded. Its logic is fully up-to-date on all HITRUST Assurance Program advisories and mirrors MyCSF’s scoring logic.
Read more about HITRUST’s scoring approach here.
. See usage
disclaimer
HITRUST’s scoring, inheritance, and sampling calculators (“Calculators”) are provided for demonstrative purposes only, the Calculators do NOT account for certain variables or specific circumstances that may have an impact on the accuracy of the results provided. The results provided from these Calculators should not be taken as professional advice or relied upon as the sole basis for making important decisions. HITRUST MAKES NO WARRANTY OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE, AND SPECIFICALLY DISCLAIMS ALL IMPLIED WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. CALCULATOR RESULTS & CONTENT IS PROVIDED “AS IS,” EXCLUSIVE OF ANY WARRANTY WHATSOEVER.
Assessment Type:
Include measured and managed?:
Control Maturity Level and Weight
0%: Not Compliant (NC)
Range: 0-10.99%
Range: 0-10.99%
25%: Somewhat Compliant (SC)
Range: 11-32.99%
Range: 11-32.99%
50%: Partially Compliant (PC)
Range: 33-65.99%
Range: 33-65.99%
75%: Mostly Compliant (MC)
Range: 66-89.99%
Range: 66-89.99%
100%: Fully Compliant (FC)
Range: 90-100%
Range: 90-100%
Policy (--%)
Procedure (--%)
Implemented (--%)
Measured (--%)
Managed (--%)
Raw Requirement Score
Select a score for each control maturity level to calculate the raw requirement score
PRISMA Grade
info
HITRUST leverages the concepts and rating scheme of the NISTIR 7358 standard - Program Review for Information Security Management Assistance (PRISMA) to assess control maturity. The structure is based upon the Software Engineering Institute's (SEI) former Capability Maturity Model (CMM).
HITRUST CSF Compliance Status