HITRUST Releases New Features and Major Enhancements to its Information Risk Management Platform
<< All Press Releases

Date: June 12, 2018

HITRUST MyCSF 2.0 a leap forward in streamlining and managing information risk assessments

Frisco, TX – June 12, 2018 – HITRUST, a leading security and privacy standards development and certification organization, today announced the next generation of its Software as a Service (SaaS) information risk management platform which has been redesigned to be the best-in-class for assessing and reporting information risk and compliance.

HITRUST MyCSF 2.0 incorporates major updates designed to provide a more flexible and streamlined assessment and third-party review process, corrective action plan management, enhanced benchmarking and dashboards, and integration with major GRC platforms and the HITRUST Assessment XChange.

HITRUST engaged its customers and HITRUST CSF® Assessors to understand their requirements and leveraged its unique position and experience in framework development and information risk management, combined with hundreds of thousands of risk assessments, in designing the most efficient solution for information risk assessment management.

“We heard and have responded to our customers’ request for a solution capable of supporting their evolving assessment needs that aligns with managing risk and the changing global regulatory landscape,” said Michael Frederick, Vice President Operations, HITRUST. “We completely redesigned HITRUST MyCSF to make it more efficient to perform and manage assessments and to scale to meet the needs of global organizations of all sizes.”

HITRUST MyCSF 2.0 incorporates the HITRUST CSF, allowing organizations to perform assessments and report against the privacy and security controls of the HITRUST CSF or any one of the thirty-five authoritative sources currently included in the framework, such as NIST 800-53, ISO 27000, NIST Cyber Security Framework, HIPAA, PCI, FFIEC and GDPR. Since the HITRUST CSF harmonizes these standards and frameworks, it enables organizations to conduct a streamlined assessment that reduces the need to duplicate assessments or answer redundant assessment questions. Key updates and enhancements in HITRUST MyCSF 2.0 include:

  • Streamlined Assessment Navigation – Provides an intuitive application design coupled with a dynamic logic that guides the user
  • Single-Page Assessment View – Offers a more generalized view of the questionnaire that eliminates the burden of answering questions on multiple pages
  • HITRUST CSF Assessment Preview – Provides an understanding of the implications that changes in scope, authoritative sources or HITRUST CSF versions will have on assessments
  • Improved Evidence Support – Streamlines linking of evidence to document requests
  • Aggregated Respondent Answers – Aggregates scoring for assessment questions that have been delegated to multiple respondents based on custom determined weights
  • Advanced Analytics & Dashboards – Includes the ability to create more customized charts and dashboards
  • Enhanced Benchmarking – Compares customized benchmarks against chosen populations
  • Updated UI and Platform Support – Enables full functionality for desktop, tablet and mobile use
  • Control Inheritance – Supports the ability to inherit control scores from internal and external assessments
  • Improved Reporting – Includes compliance reporting on various authoritative sources
  • Robust API – Enables integration and exchange of assessment related information with GRC tools and the HITRUST Assessment XChange

“HITRUST understands that addressing information privacy and security risk management and compliance is an important priority for every organization regardless of industry, and they are constantly making the process easier. By leveraging HITRUST MyCSF we have been able to reduce risk and improve efficiencies while demonstrating compliance with a number of regulations,” said Scott Pettigrew, Vice President and Chief Security Officer with HMS.

HITRUST MyCSF 2.0 is offered in varying subscription levels and will be generally available July 2018. For more information visit the MyCSF webpage, contact sales@hitrustalliance.net or register for our upcoming webinar.


Founded in 2007, HITRUST Alliance is a not-for-profit organization whose mission is to champion programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from both the public and private sectors, HITRUST develops, maintains and provides broad access to its widely adopted common risk and compliance management and de-identification frameworks; related assessment and assurance methodologies; and initiatives advancing cyber sharing, analysis, and resilience.

HITRUST actively participates in many efforts in government advocacy, community building, and cybersecurity education. For more information, visit www.hitrustalliance.net.

To view the full press release, click here. 

Chat Now

This is where you can start a live chat with a member of our team