Introducing the Next Generation of MyCSF

MyCSF – Features

Regardless of the industry served, organizations are challenged with managing information security risks, data governance, complying with the numerous information protection regulations, and adhering to national and international standards and best practices. HITRUST understands that addressing these challenges is a priority for organizations of all sizes, in all industries and geographies. Implementing an information risk management framework, performing thorough and accurate information risk assessments, streamlining remediation activities, and reporting and tracking compliance is resource-intensive and complicated at best and many times overwhelming.

We’ve leveraged our unique position and experience in framework development and information risk management and compliance, combined with processing hundreds of thousands of risk assessments, to design the most efficient solution for assessing, managing, and reporting information risk and compliance.

MyCSF makes it easy and cost-effective for an organization to manage information risk and meet international, federal, and state regulations concerning privacy and security. The MyCSF tool provides global organizations of all sizes with a purposefully designed and engineered SaaS solution for performing risk assessments and corrective action plan management, including enhanced benchmarking and dashboards as well as integration with major GRC platforms and the HITRUST Assessment XChange™. MyCSF is a solution that will support an organization’s evolving assessment needs that align with managing risk in the changing cyber threat, information risk, and global regulatory landscape.

Learn More About MyCSF

MyCSF – Features

  • Centralized Corrective Action Plans (CAPs) – Manage all CAPs across your organization, including those stemming from non-HITRUST assessments, from one singular location.
  • Custom Assessments – Tailor assessments to fit your organization’s needs, whether by selecting an entire regulatory factor or specific control requirement statements individually from the HITRUST CSF.
  • Evidence Support – Maintain a library of supporting documentation and link them to control requirements and maturity domains, including the abilities to upload and download documents in bulk and view uploaded evidence with an in-browser document reader.
  • Track Assessments Submitted for CSF Reports – Tracking HITRUST reviewed requirement statements and responding to HITRUST Assurance review comments is easier with new views and pages.
  • Custom User Roles – Customize user roles to have as many (or as few) capabilities as necessary to meet the specific needs of assessment teams.
  • Aggregated Respondent Answers – Aggregates scoring for assessment questions that have been delegated to multiple respondents based on weights you determine.
  • Robust API – Enables integration and exchange of assessment related information with GRC tools.
  • Reservation System – Schedule CSF Validated Assessment submissions into QA up to a year in advance to lock in a starting date for the QA process to begin – allows for better submission planning, greater predictability, and added trackability.
  • Assurance Intelligence Engine™ – Additional automated checks that analyze assessment documentation before submission to alert for missing information, inconsistencies, and errors to save time by identifying issues up-front that can slow the assessment review process.
  • Results Distribution System™ (RDS) – The RDS allows assessed entities to share assessment results through a highly secure web portal or API so that relying parties can more easily find and view the assurance information they need to make better-informed decisions faster. Learn More
  • Kanban Style Dashboards – Clearer user interfaces show at-a-glance status tracking and dashboard summary adds transparency by showing open tasks and indicating which stages are complete, current, and remaining (currently in Beta Testing).
  • MyCSF Compliance and Reporting Pack for HIPAA – Automatically compiles the list of evidence collected during the HITRUST Assessment process and provides specific information required to show compliance with HIPAA regulations. Information is consolidated into a compliance report, formatted by HIPAA control, and populated with evidence that can be shared directly with Office for Civil Rights (OCR) investigators. Learn More.
  • Web Forms – Online forms improve efficiency and accuracy by eliminating templates, replacing the past process of manually uploading documents, and allowing eSignatures so users no longer need to scan and manage pdf files.
  • User-Friendly Notifications – Improved communication during the QA process with periodic updates and requests which are much more detailed, easier to understand, and focused on specific actions and timelines needed to move assessments to the next phase.
  • Quality Assurance (QA) Enhancements – Streamlined and automated aspects of the QA process increase efficiency and reduce report processing times.
  • Advanced Analytics & Dashboards – Includes the ability to create customized charts and dashboards.
  • Platform Support – Enables full functionality for desktop, tablet, and mobile use.
  • HITRUST Assessment Preview – Provide an understanding of the implications that the change in scope, authoritative sources, or CSF version will have on an assessment.
  • Benchmarking – Customized benchmarks against populations that you choose.
  • UI and UX Updates – Numerous updates to user interface and experience include the ability to enter scoping data, complete the QA checklist, and request draft revisions directly into MyCSF for added efficiency, greater document security, and less redundancy.
  • Control Inheritance – Supports the ability to inherit control scores from internal and external assessments.
  • Comprehensive Reporting – Includes compliance reporting on various authoritative sources.
  • Integration with the HITRUST Assessment XChange – Integration of the HITRUST MyCSF and HITRUST Assessment XChange platforms makes sharing risk assessment data simple, secure, and efficient.

By utilizing MyCSF, an organization can reduce resources, improve efficiencies, enhance reporting and dashboards, streamline assessment modeling, and share assessment information with other applications relating to information risk management and compliance. MyCSF is offered at varying subscription levels.


View Relevant Resources


Download the HITRUST CSF

The HITRUST Approach is built upon the comprehensive and scalable HITRUST CSF framework, which helps organizations of all sizes implement and enhance information risk management and compliance programs. For eligible organizations, the HITRUST CSF is available to download free of charge.


Chat Now

This is where you can start a live chat with a member of our team