The HITRUST Threat Catalogue is designed to aid organizations in improving their information security posture by better aligning cyber threats with HITRUST CSF control requirements. The HITRUST Threat Catalogue provides greater visibility into areas representing the greatest risk exposure and enhances the underlying risk analysis used to develop the HITRUST CSF.

The explicit alignment of threats to the HITRUST CSF produces a combination not found in other frameworks. It simplifies the risk analysis process for organizations and reduces some of the burden, costs, and confusion otherwise experienced when attempting to achieve this level of analysis.

Identifying threats is a major component of a comprehensive risk analysis process for any organization seeking to protect their sensitive data and helps determine what adverse events are relevant to the organization and must be controlled. For example, the increased frequency of ransomware attacks requires organizations of all types and sizes to re-examine their controls around data backup and restoration and ensure they could successfully recover their data if such an attack occurred.

Key Features of the HITRUST Threat Catalogue:

  • Identifying and leveraging an existing threat taxonomy for common adversarial and non-adversarial threats to personal data and other sensitive information
  • Enumerating all reasonably anticipated threats to covered information for an organization
  • Mapping HITRUST CSF control requirements to the enumerated threats
  • Identifying additional information needed in future iterations of the HITRUST Threat Catalogue to help meet its objectives

By fully leveraging the HITRUST CSF and HITRUST Threat Catalogue, organizations will be better able to safeguard information and maintain the trust of their customers and the members they serve.

Download the HITRUST Threat Catalogue free of charge.

To learn more about the HITRUST Threat Catalogue,
register for our upcoming webinar.

By fully leveraging the HITRUST CSF and HITRUST Threat Catalogue, organizations will be better able to safeguard information and maintain the trust of their customers and the members they serve.

Read the full press release here.

If you need more information, a list of frequently asked questions can be found here.