Need to Get Certified image

The HITRUST CSF was developed to address the multitude of security, privacy, and compliance challenges facing organizations. The HITRUST CSF helps organizations address these challenges through a comprehensive and flexible framework of prescriptive and scalable security and privacy controls by incorporating a risk-based approach including federal and state regulations along with industry standards and frameworks.


  • Includes, harmonizes, and cross-references existing, globally recognized standards, regulations, and business requirements, including ISO, EU GDPR, NIST, PCI, and dozens of additional authoritative sources;
  • Scales controls according to type, size, and complexity of an organization;
  • Provides prescriptive requirements to ensure clarity;
  • Follows a risk-based approach offering multiple levels of implementation requirements determined by specific risk thresholds;
  • Allows for the adoption of alternate controls, when necessary;
  • Evolves according to user input and changing conditions in the standards and regulatory compliance environment;
  • Provides a unified approach for managing data protection compliance; and
  • Leverages Artificial Intelligence-enabled toolkit to keep the CSF up to date by precisely describing control relationships and allowing for greater efficiency when mapping the CSF framework to new standards and regulations.

Qualified organizations can download the FREE version of HITRUST CSF v11.2.0

HITRUST® also offers a risk assessment and compliance management SaaS platform called MyCSF®, an online tool that organizations use to effectively and efficiently create a proven set of control requirements, based on the HITRUST CSF and which can tailored to their environment. MyCSF is a secure, web-based solution for performing assessments, managing remediation activities, and reporting and tracking compliance.

Chat Now

This is where you can start a live chat with a member of our team