Certified CSF Practitioner Course (CCSFP)

We are pleased to announce that, until further notice, HITRUST Academy will be providing Certified CSF Practitioner (CCSFP) classes in a virtual classroom environment. HITRUST is committed to providing the highest quality training experience and has designed a virtual training program consistent with those expectations.

To enroll in a class, click here.

Virtual training class schedule

The Certified CSF Practitioner Course includes in-depth instruction on risk management practices, and how to implement the CSF framework and utilize the methodology to perform assessments and validate compliance. The curriculum is supported by case studies, hands-on learning, and real-world application of the knowledge learned.

This course is delivered in three components:

  • Online pre-work via the HITRUST Academy learning management system,
  • Classroom instruction virtually and
  • Online Practitioner exam.

Online Topics

  • Overview of key players and how they interconnect
  • Analysis and discussion of trends within industry relating to privacy and security (e.g., challenges and constraints, top concerns and initiatives)
  • Overview of the regulatory landscape that affects organizations (e.g., compliance agencies, standards, regulations)
  • Review of market dynamics and the challenges facing industry
  • Introduction to HITRUST and the CSF framework
  • Discussion of risk management and its relation to the CSF framework
  • Review of the HITRUST Assurance Program

Virtual Classroom Topics

  • Thorough review of the structure of the CSF framework, including the control categories, objectives, and control references, multiple levels of implementation requirements, risk factors and authoritative sources cross referenced
  • Detailed explanation of the MyCSF platform, including a review of each component and case studies with hands-on use of each component
  • Overview of the HITRUST Assurance Program as a means of managing and communicating security internally and with third parties (e.g., business partners, customers, vendors)
  • Introduction to the tools and methodology for utilizing the CSF framework
  • Discussion of best practices for adoption and performing an assessment
  • Explanation of the differences between i1 and r2 Validated Assessments, as well as i1 and r2 Certified Assessments, and their value to an organization
  • A review of the requirements for HITRUST certification

Course Materials

Course materials are provided to help guide students through several interactive classroom exercises. The following browsers are supported for accessing the course and related materials: Chrome, Edge, Safari and Firefox (Note: Internet Explorer is not supported).


Approximately 20 days before the class start date, enrolled students are given access to the online pre-work module (takes 2-3 hours to complete). The pre-work must be completed prior to arriving for the classroom component. Those who do not complete required pre-work will not be allowed to take the certification exam and will not receive a refund for the course. Experience in IT compliance or audit is helpful.

Intended Audience

  • Individuals in organizations that plan to leverage the HITRUST CSF framework and process internally.
  • HITRUST Authorized External Assessor organizations that provide HITRUST and CSF-related services.
  • Students studying cybersecurity, risk management, and compliance.


The cost of the Certified CSF Practitioner Course is $3000. The certification exam is included in the course price. One exam retake is offered for $500 if a passing grade is not achieved on the first try. Additional information regarding exam timeframes is available here.


To enroll in the course each individual must have an account on the HITRUST Academy. Seats are available on a first-come, first-serve basis and guaranteed only when payment in full has been received (or coupon code applied in the case of those paying through the invoice process).


Attendees must pass the Practitioner Exam to become a Certified CSF Practitioner (CCSFP). The CCSFP certification is valid subject to remaining current with required training. Practitioners are required to complete an online, annual refresher course each of the two years following classroom component completion and attend the full class again the third year to maintain the CCSFP certification. The training is due no later than the end of the month that corresponds with the certification’s original anniversary date.

CPE Credit

Participants who complete the Certified CSF Practitioner Course and pass the Exam are eligible for 27 hours to be applied toward continuing professional education (CPE) credit. Certificates will include the CPE hours and are available on an individual’s HITRUST Academy account.

Payment and Change Policies

Detailed information regarding payment, cancellations, refunds, transfers, substitutions, or exam retakes is available here.

Logistics Information for Virtual Classes

To help you prepare for HITRUST Academy, classroom-related information is available here.

Ready to Register?

Click here to sign up for an upcoming HITRUST Academy course.


Chat Now

This is where you can start a live chat with a member of our team