One Framework, One Assessment, Globally.
The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations globally a comprehensive, flexible, and efficient approach to regulatory/standards compliance and risk management.
Developed in collaboration with data protection professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST CSF is both risk- and compliance-based, organizations of varying risk profiles can customize the security and privacy control baselines through various factors, including organization type, size, systems, and compliance requirements.
HITRUST understands data protection compliance and the challenges of assembling and maintaining the many and varied programs, which is why our integrated approach ensures the components are aligned, maintained, and comprehensive in order to support your organization’s information security management program. Due to this, HITRUST CSF has become a widely adopted security and privacy framework across industries globally.
Download the HITRUST CSF v9.6.0 free of charge.
The HITRUST CSF provides the structure, transparency, guidance, and cross-references to authoritative sources organizations globally need to be certain of their data protection compliance. The initial development of the HITRUST CSF leveraged nationally and internationally accepted security and privacy-related regulations, standards, and frameworks–including ISO, NIST, PCI, HIPAA, and GDPR–to ensure a comprehensive set of security and privacy controls and continually incorporates additional authoritative sources. The HITRUST CSF standardizes these requirements, providing clarity and consistency and reducing the burden of compliance.
The commitment and expertise demonstrated by HITRUST ensure that organizations leveraging the framework are prepared when new security and privacy regulations and risks are introduced.
For more on understanding and leveraging the HITRUST CSF, click here.
Click here for more information on leveraging the HITRUST CSF via the MyCSF tool.
HITRUST CSF v9.6.0 Overview
This version incorporates modifications of certain requirement statements and illustrative procedures in anticipation of the new i1 assessment release, a refreshed NIST SP 800-53 revision 4 mapping, and the inclusion of NIST SP 800-53 revision 4 as a selectable compliance factor. These updates reflect HITRUST’s commitment to providing a framework fitting for any organization globally.