Introducing the Next Generation of MyCSF

MyCSF – Features

Regardless of the industry served, organizations are challenged with managing information security risks, data governance, complying with the numerous information protection regulations, and adhering to national and international standards and best practices. HITRUST understands that addressing these challenges is a priority for organizations of all sizes, in all industries and geographies. Implementing an information risk management framework, performing thorough and accurate information risk assessments, streamlining remediation activities, and reporting and tracking compliance is resource-intensive and complicated at best and many times overwhelming.

We’ve leveraged our unique position and experience in framework development and information risk management and compliance, combined with processing hundreds of thousands of risk assessments, to design the most efficient solution for assessing, managing, and reporting information risk and compliance.

MyCSF makes it easy and cost-effective for an organization to manage information risk and meet international, federal, and state regulations concerning privacy and security. The MyCSF tool provides global organizations of all sizes with a purposefully designed and engineered SaaS solution for performing risk assessments and corrective action plan management, including enhanced benchmarking and dashboards as well as integration with major GRC platforms and the HITRUST Assessment XChange™. MyCSF is a solution that will support an organization’s evolving assessment needs that align with managing risk in the changing cyber threat, information risk, and global regulatory landscape.

Learn More About MyCSF

MyCSF – Features

  • Supports All Phases of HITRUST Assurance – Enables moving from Readiness to Validated Assessments along with full traversability across e1, i1, and r2 control sets.
  • Configurable Tailoring Empowers complete flexibility during r2 Assessments to select control requirement statements or regulatory factors from the HITRUST CSF framework. Allows setting up and storing customized control libraries for current or future targeted assessments.
  • Centralized Corrective Action Plans (CAPs) Manages all CAPs across your organization in one location, including those from non-HITRUST assessments.
  • Assurance Intelligence Engine™  Uses an automated, patent pending approach to analyze assessment documentation for missing information, inconsistencies, and errors before submission to identify and correct issues that can slow the assessment review process.
  • Kanban Style Dashboards  Clearer user interfaces show at-a-glance status tracking, and the dashboard summary adds transparency by showing open tasks and indicating which stages are complete, current, and remaining.
  • Track Assessments Submitted for CSF Reports  Simplifies monitoring HITRUST reviewed requirement statements and responding to HITRUST Assurance comments.
  • Aggregated Respondent Answers – Compiles scoring for assessment questions delegated to multiple respondents based on the weights you determine.
  • Robust API – Enables integration and exchange of assessment related information with GRC tools.
  • Evidence Support – Maintains a library of supporting documentation and links to control requirements and maturity domains, including the ability to upload and download documents in bulk and view uploaded evidence with an in-browser document reader.

  • Web Forms Online forms improve efficiency and accuracy by eliminating templates, replacing the past process of manually uploading documents, and allowing eSignatures so users no longer need to scan and manage pdf files.
  • Advanced Analytics & Dashboards – Includes creating customized charts and dashboards based on assessment scoring.
  • HITRUST Assessment Preview – Shows the implications that changing scope, authoritative sources, or CSF version will have on an assessment.
  • Control Inheritance – Enables inheriting results and scores from your own organization’s existing assessments and from HITRUST-Certified cloud and other service providers.
  • Comprehensive Reporting – Includes compliance reporting on various authoritative sources.
  • Compliance Insights Reports for HIPAA – Generated as an add-on report from MyCSF, the innovative HITRUST Compliance Insights Report evaluates HIPAA regulatory compliance and delivers greater value from your organization’s HITRUST r2 Assessment.
  • MyCSF Compliance and Reporting Pack for HIPAA Automatically compiles, organizes, and assembles evidence and documentation during the assessment process in support of a HIPAA audit. Information is consolidated into a compliance report formatted by HIPAA control that can be shared directly with Office for Civil Rights (OCR) investigators. Learn More.
  • Results Distribution System™ (RDS) – Allows assessed entities to share assurance results through a highly secure online portal so that relying parties can find and view information more easily. Learn More
  • Interfaces with the HITRUST Assessment XChange – Integration of the HITRUST MyCSF and HITRUST Assessment XChange platforms makes sharing risk assessment data simple, secure, and efficient.

By utilizing MyCSF, an organization can reduce resources, improve efficiencies, enhance reporting and dashboards, streamline assessment modeling, and share assessment information with other applications relating to information risk management and compliance. MyCSF is offered at varying subscription levels.

View Relevant Resources


Download the HITRUST CSF

The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. For eligible organizations, the HITRUST CSF is available to download free of charge.


Chat Now

This is where you can start a live chat with a member of our team