This latest release is part of HITRUST’s commitment to ensure the HITRUST CSF stays relevant to the information risk management, data protection, and regulatory compliance needs of domestic and global organizations through incorporation of new standards and regulations.
HITRUST® is making the HITRUST CSF – a widely used information privacy and security framework for organizations – more open and comprehensive, so that it can be applied more effectively across a variety of global industries.
HITRUST CSF Version 9.1 incorporates both the EU General Data Protection Regulation (GDPR)and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500). Incorporation of the EU General Data Protection Regulation (GDPR) is part of HITRUST’s initiative towards internationalization of the CSF and increased support for global organizational privacy programs. The updated framework now allows organizations to easily manage and report on the controls intended to address GDPR requirements.
Integrating the New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) into the HITRUST CSF will enable the financial industry to leverage the framework to achieve better cybersecurity resilience and protection. The requirements for Financial Services Companies not only affects financial institutions but also healthcare organizations such as health insurers and their business associates, including those outside of New York.
HITRUST has also updated the HITRUST CSF Assurance program with formatting enhancements to the NIST Cybersecurity Scorecard.
HITRUST CSF Version 9.1 and updates to the HITRUST CSF Assurance program stay true to HITRUST’s commitment to streamline the assessment process and extend the “assess once, report many” approach as a standard security framework.
For more information on the HITRUST CSF v9.1, click here.