FRISCO, Texas, March 4, 2024 /PRNewswire

Last week marked a significant milestone in cybersecurity as the National Institute of Standards and Technology (NIST) released version 2.0 of its Cybersecurity Framework. In response, HITRUST, the leader in cybersecurity assurance and risk management, today announced support for NIST 2.0 and unveiled a companion document aimed at the enhanced value of cyber resilience for all industries, including the healthcare sector and other critical infrastructure sectors wishing to effectively utilize and apply the updated framework.

With nearly two decades of practical experience in implementing the NIST Cybersecurity Framework (CSF), including a pivotal role in developing ongoing guidance for the healthcare industry, HITRUST is well-positioned to provide comprehensive support in navigating the complexities of cybersecurity assurance and risk management.

"We continue our commitment to guiding organizations towards cyber resilience," said Robert Booker, Chief Strategy Officer at HITRUST. "Our companion document offers tailored guidance to healthcare and other industries, and to the broader security community, facilitating a deeper understanding of the framework's context and specific application."

The companion document, titled "The HITRUST Approach to Cyber Resilience: Leveraging HITRUST to Implement the NIST Cybersecurity Framework Version 2.0," not only describes the nuances of NIST 2.0 but also equips organizations with practical insights to select appropriate controls and actions, further fortifying their cybersecurity posture. Moreover, it underscores HITRUST's dedication to collaborating with customers, industry stakeholders, and regulatory authorities in the public sector to spearhead advancements in cybersecurity assurance and risk management.

"As organizations strive to mitigate evolving cyber threats, our approach provides a clear pathway to enhance cyber resilience," added Booker. "We empower our nation's leading companies to proactively address cybersecurity risks, positioning them at the forefront of their cyber journey."

HITRUST's approach facilitates seamless implementation of NIST Cybersecurity Framework 2.0, enabling organizations to demonstrate control selection commensurate with identified risks, implementation, maturity, and effectiveness with confidence. This methodology supports organizations across diverse industries and aligns with regulatory requirements such as the HIPAA Security Rule, offering a defensible approach for healthcare entities seeking compliance. This approach is broader than alignment with and guidance for implementation of version 2.0 of the NIST Cybersecurity Framework. The HITRUST approach provides recognized and trusted assurance that relevant controls are properly selected and implemented along with a valuable NIST Cybersecurity Framework scorecard demonstrating coverage across the NIST Cybersecurity Framework.

For organizations seeking to elevate their cybersecurity posture and embrace cyber resilience, HITRUST stands as a trusted partner, committed to delivering practical solutions and unparalleled expertise.

HITRUST support for version 2.0 of the NIST Cybersecurity Framework will be available in the second half of 2024 with publication of an Informative Reference to NIST under the National Online Informative References Program and addition of version 2.0 to version 11.4 of the HITRUST framework. This will support use of NIST CSF version 2.0 as a selectable factor in HITRUST reports and will support NIST CSF version 2.0 for HITRUST r2 Assurance reports at the HITRUST 11.4 level.