One Framework, One Assessment, Globally.

The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.

Developed in collaboration with data protection professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST CSF provides a risk-based approach to information protection and compliance, organizations of varying risk profiles can customize the security and privacy control baselines through a variety of organizational, technical, and compliance risk factors.

The HITRUST CSF provides the structure, transparency, guidance, and cross-references to authoritative sources organizations globally need to be certain of their data protection compliance. The initial development of the HITRUST CSF leveraged nationally and internationally accepted security and privacy-related regulations, standards, and frameworks–including ISO, NIST, PCI, HIPAA, and COBIT–to ensure a comprehensive set of security and privacy controls, and continually incorporates additional authoritative sources. The HITRUST CSF standardizes these requirements, providing clarity and consistency, and reducing the burden of compliance.

HITRUST understands data protection compliance and the challenges of assembling and maintaining the many and varied programs, which is why our integrated approach ensures the components are aligned, maintained, and comprehensive in order to support your organization’s information security management program. Due to this, HITRUST CSF has become a widely adopted security and privacy framework across industries globally.

The commitment and expertise demonstrated by HITRUST ensure that organizations leveraging the framework are prepared when new security and privacy regulations and risks are introduced.

For more information on leveraging the HITRUST CSF via the MyCSF tool, click here.

Download the HITRUST CSF v9.4 free of charge.

HITRUST CSF v9.4 Overview
This version integrates the Department of Defense (DoD) Cybersecurity Maturity Model (CMMC) version 1.0 standard into the HITRUST CSF and includes added language to the glossary to better clarify terms found in the framework. These updates reflect HITRUST’s commitment to providing a framework fitting for any organization globally.


Will v9.4 and v9.3 both be in MyCSF?

Yes, both v9.3 and v9.4 will be accessible in MyCSF starting June 22, 2020.

What’s different between v9.3 and v9.4?

v9.4 integrates the Department of Defense (DoD) Cybersecurity Maturity Model (CMMC) version 1.0 standard.

If an organization is in the process of starting an Assessment in v9.3, should they re-evaluate and move to v9.4?

The reason an organization would move to v9.4 would be to incorporate the Department of Defense (DoD) Cybersecurity Maturity Model (CMMC) version 1.0 standard requirements.

How will this impact existing v9.3 Assessments in process?

There will be no impact, unless an organization and assessor firm determine the changes in v9.4 are more appropriate to the scope and requirements for the assessed entity. Assessments for v9.3 can still be generated despite the release of v9.4.

View Relevant Resources

Chat Now

This is where you can start a live chat with a member of our team