The Company Adds and Harmonizes Another 12 Standards to Its Control Frameworks For Even Greater Relevance and Reliability

FRISCO, Texas, April 16, 2024

HITRUST, a leader in information risk management, information security, and compliance assurances, is pleased to announce the release of version 11.3.0 of the HITRUST Framework (HITRUST CSF®) on April 16, 2024. This update reaffirms HITRUST's commitment to providing organizations with a comprehensive, up-to-date framework that addresses evolving cyber threats and regulatory requirements.

What is the HITRUST Framework?

The HITRUST Framework (HITRUST CSF) is a comprehensive, scalable, reliable, and efficient framework for information risk management, cybersecurity, and regulatory compliance. It is designed to help organizations globally, in any sector, earn the trust of their customers and stakeholders by demonstrating their commitment to relevant and reliable information security standards.

What's New in CSF v11.3.0

• Addition of FedRAMP, StateRAMP, and TX-RAMP authoritative sources, which provide a standardized approach to ensure that assessed entities doing business with the government comply with applicable information security requirements.
• Integration of NIST SP 800-172: Enhancing protections for Controlled Unclassified Information (CUI) and supporting organizations with high-risk profiles in their HITRUST r2 Assessment tailoring.
• Foundation for CMMC Level 3 Requirements: Preparing organizations for new compliance needs based on stringent NIST standards.
• Inclusion of MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (MITRE Atlas) Mitigations: Addressing security requirements crucial for safeguarding AI systems.
• Streamlined Assessment Process: Reduced redundancy in requirement statements, significantly decreasing the average r2 assessment size without compromising control coverage.

Customer Benefits

• Staying Ahead of Regulations: By integrating and normalizing the latest industry standards and requirements, CSF v11.3.0 ensures organizations remain aligned with current and emerging regulations.
• Comprehensive Cyber Threat Adaptation: The inclusion of cutting-edge authoritative sources like NIST SP 800-172 and MITRE ATLAS ensures the framework meets the challenges of today's dynamic threat landscape.
• Enhanced Efficiency: Consolidation efforts have streamlined the assessment process, reducing effort and time investment for organizations pursuing HITRUST certification while meeting one or many regulatory compliance requirements.

Transition Information

With the launch of v11.3.0, new e1 and i1 assessments will be aligned with the updated framework, ensuring organizations benefit from the latest cybersecurity and compliance advancements. Existing assessments under v11.2.0 can still proceed, providing flexibility and continuity for ongoing certification efforts.

Access and Implementation

HITRUST CSF v11.3.0 is available for download on the HITRUST website. New e1 and i1 assessment objects, including i1 rapid recertification assessments, using CSF v11.2 in MyCSF have been disabled. 

Organizations are encouraged to transition to the updated framework to leverage the enhanced protections and efficiencies it offers.

For more information and to download the HITRUST CSF v11.3.0, visit the HITRUST Framework page.