AI continues to transform industries at an unprecedented pace. However, it also brings unique security challenges that traditional cybersecurity frameworks can’t or don’t address in a practical and comprehensive way. That’s why HITRUST is launching a new solution: the HITRUST AI Security Assessment and Certification. This first-of-its-kind solution is tailored to meet the demands of AI technology, help organizations safeguard their AI systems, and build trust with customers and stakeholders.

What is the AI Security Assessment?

The HITRUST AI Security Assessment is a comprehensive framework designed to address AI security risks. It is built on a foundation of up to 44 highly prescriptive controls that address current AI threats. These AI-focused controls can seamlessly integrate with HITRUST’s core e1, i1, or r2 assessment requirements, allowing organizations to tailor their security approach based on specific AI deployment scenarios and inherent risks.

What does the AI Security Certification offer?

The HITRUST AI Security Assessment and Certification offers a practical, comprehensive model of AI security assurance for organizations looking to deploy and integrate AI into their products and services with confidence. It goes beyond compliance by providing clear, actionable control requirements that are easy to implement, and a proven methodology for defining, testing, and validating AI security programs. Organizations can earn trust and demonstrate the highest commitment to AI security, risk management, and threat mitigation with the HITRUST AI Security Certification.

Why should organizations choose HITRUST for AI security?

HITRUST has been a trusted leader in enterprise risk management, information security, and compliance assurances for over 17 years. HITRUST designed its framework to address specific AI security risks after extensive collaboration with AI experts and industry groups to evaluate the AI risk landscape and work on mitigation strategies. HITRUST studied more than two dozen key frameworks like ISO, NIST, and OWASP to harmonize and analyze the requirements against the HITRUST framework.

HITRUST provides the only measurable assurance mechanism proven to be reliable against threats. As per the HITRUST 2024 Trust Report, less than 1% of HITRUST-certified environments reported breaches over the last two years. Achieving the HITRUST AI Security Certification demonstrates an organization’s commitment to the highest level of AI security.

What are the key features of the HITRUST AI Security Assessment and Certification?

• Comprehensive control set: The assessment comprises up to 44 controls specifically tailored to AI, addressing everything from data privacy to the AI model resiliency, ensuring robust protection.
• Tailored control selection: Organizations can choose controls based on their specific AI deployment needs, enabling a flexible, risk-based approach to security.
• Independent validation: Organizations undergo rigorous independent testing and centralized reviews for their AI systems, adding a layer of trust to their security practices.
• Threat-adaptive updates: HITRUST updates its controls frequently to ensure they stay relevant in the ever-evolving threat landscape.
• Efficiency through inheritance: Organizations can inherit controls from their cloud service providers or other vendors that already have HITRUST certifications to make their assessment process more efficient. Major cloud service providers were involved in the development of this solution, making it easier for their customers to get certified.
• Practical solution: HITRUST harmonized controls from NIST, ISO, OWASP, and other standards into a single framework with prescriptive requirements that are easy to understand and implement.

Who should consider the HITRUST AI Security Assessment and Certification?

The HITRUST AI Security Assessment and Certification is ideal for any organization developing or deploying AI platforms. Organizations across industries and sizes can leverage this assessment to secure AI-powered applications and boost their competitive edge.

• Security teams: Establish and demonstrate a strong security posture tailored to AI.
• Sales and marketing leaders: Build customer confidence in AI-powered products with HITRUST certification.
• Third-party risk management program managers: Require and verify security standards for vendors with AI systems.
• CEOs, board members, and executives: Gain confidence that the AI systems are secured with the right controls.

A future-ready approach to AI security

With the HITRUST AI Security Assessment and Certification, organizations can confidently navigate the evolving AI landscape, backed by a framework that’s adaptable, reliable, and trusted. This certification helps mitigate AI security risks and provides a strong foundation for compliance, stakeholder trust, and operational resilience.

For more information on the HITRUST AI Security Assessment and Certification, visit the HITRUST website. 

Staying ahead of emerging threats is crucial for organizations looking to protect their data and systems. HITRUST assessments are designed to help organizations maintain strong defenses.

As part of our commitment to threat-adaptive requirements, we continually evaluate and refine our assessment framework to address trending and emerging attack methods. We recently examined the latest Q3 2024 threat data to ensure our requirements in the HITRUST i1 assessment remain effective and serve as a baseline for the rigorous r2 assessment.

We focused on the prominent cyberattack techniques and analyzed them using the MITRE ATT&CK Framework. This model allows us to map threat techniques to specific mitigations and tailor requirements that counteract real-world tactics.

If you are seeking to understand the technical depth of each requirement, read our detailed blog post: Q3 2024 Threat-Adaptive Evaluation for the HITRUST i1 and r2 Assessments.

Here are the quick highlights.

Top Trending Threats for Q3 2024

• Exfiltration Over Web Service (T1567): This technique involves cybercriminals stealing data using web services as a transfer medium. It is one of the top trending threats. Aligning with MITRE recommendations, the HITRUST i1 requires data categorization, protection of covered and confidential information, and restrictions on accessing certain websites and domains. These requirements help prevent unauthorized data from leaving the network by forcing traffic through secure, monitored pathways and restricting access where necessary.
• Browser Session Hijacking (T1185): This technique allows attackers to hijack active web sessions and gain unauthorized access to information. HITRUST i1 addresses this threat by requiring the implementation of strict user permissions, restricting high-integrity processes, and educating users on the importance of securely closing browser sessions.

Emerging Threat Techniques

In addition to trends, we track emerging threats that could grow in relevance. We focused on the following three techniques.

• Data From Network Shares (T1039): Attackers may attempt to access sensitive data stored on network shares, typically used for sharing within organizations. This cyberattack technique can be challenging to control because it abuses legitimate system features. HITRUST i1 mitigates this risk by advising organizations to carefully categorize data and restrict access to only authorized users, limiting potential exposure.
• Debugger Evasion (T1622): Attackers often attempt to avoid detection by bypassing debugging tools. Debugging tools are used by security teams to analyze malware, and evasion makes analysis harder. HITRUST i1 recommends proactive monitoring and regular reviews of potential malware signatures.
• Escape to Host (T1611): Containers are intended to isolate applications from the host environment, but some attackers try to break out of these isolated environments to access the broader system. HITRUST i1 addresses this by enforcing strict application and network control policies, alongside anti-malware protections that ensure containers remain separated from host systems.

Adaptive Requirements to Stay Prepared

The adaptive nature of HITRUST assessments is a critical feature that sets it apart from static compliance frameworks. As cyber threats evolve, so do our requirements, ensuring that organizations using the assessment benefit from a library of requirements that aligns with current threat intelligence. HITRUST i1 requirements are built to address the most common cyberattack techniques, covering over 99% of identified threats in the latest MITRE ATT&CK analysis. As an added benefit, these requirements also serve as the foundation for the HITRUST r2 assessment, a more advanced framework offering comprehensive protection for high-risk environments.

Our Q3 analysis underlines the effectiveness of HITRUST’s threat-adaptive requirement set, equipping organizations to navigate a complex and fast-changing cyber landscape. For a deeper dive into the technical details of requirements, explore our blog post: Q3 2024 Threat-Adaptive Evaluation for the HITRUST i1 and r2 Assessments.

By Brent Zelinski, Standards Senior Manager, HITRUST 

Trending highlights  

• Exfiltration over Web Service (T1567) 
• Browser Session Hijacking (T1185)

Emerging highlights 

• T1039: Data From Network Shares 
• T1622: Debugger Evasion 
• T1611: Escape to Host 

After analyzing Q3 cyber threat data, we’ve put our i1 assessment controls to test. Our i1 controls are selected to ensure coverage against existing and emerging cyber threats and additionally serve as a baseline of the r2 assessment. The Q2 threat data and corresponding analysis confirm the relevance of previously trending threats and highlight the continuing need for the r2 baseline security controls. 

Based on the top techniques and associated mitigations identified and addressed in the most recent version of the MITRE ATT&CK Framework (v15.1), the control requirements in the i1 assessment continue to address the top 20 cyber threats by volume identified during the third quarter of 2024 and address all techniques with associated MITRE mitigations, including 99% of all cyber threats seen. 

Q3 2024 threat data analysis details  

Initial findings 

HITRUST noted that the MITRE ATT&CK techniques shown below had the largest increase in occurrence during Q2 2024, compared to the same data from Q1 2024. 

 i1 status evaluation

For each of the threat techniques identified above, HITRUST explored the existing i1 assessment control set and found that the requirement statements currently included provided significant coverage against each of these techniques.

Overall technique coverage 

T1567: Exfiltration over Web Service 

The T1567 attack technique was a top-growing threat technique in Q3 of 2024.  

T1567: i1 Coverage Evaluation  

For the T1567 Exfiltration over Web Service technique, MITRE associates two mitigations with the attack technique. M1057 (Data Loss Prevention) instructs to “use a data loss prevention (DLP) strategy to categorize sensitive data, identify data formats indicative of personally identifiable information (PII), and restrict exfiltration of sensitive data” and M1021 (Restrict Web-Based Content) describes to “restrict use of certain websites, block downloads/attachments, block Javascript, restrict browser extensions, etc.” 

The following HITRUST CSF requirements contained in the i1 provide coverage for this technique. 

• The organization ensures that security gateways (e.g., a firewall) are used to validate source and destination addresses at internal and external network control points. The organization designs and implements network perimeters so that all outgoing network traffic to the internet must pass through at least one application layer filtering proxy server. The application-layer filtering proxy supports decrypting network traffic, logging individual TCP sessions, blocking specific URLs, domain names, and IP addresses to implement a disallow list, or applying lists of allowed sites that can be accessed through the proxy while blocking all other sites. The organization forces outbound traffic to the internet through an authenticated proxy server on the enterprise perimeter. Internal directory services and IP addresses are protected and hidden from any external access. Requirements for network routing control are based on the access control policy. 
• Technologies are implemented for the timely installation, upgrade, and regular updating of anti-malware protective measures. Periodic reviews/scans are required of the installed software and the data content of systems to identify and, where possible, remove any unauthorized software. The organization employs anti-malware software that offers a centralized infrastructure compiling information on file or having administrators manually push updates to all machines. After applying a malicious code detection and repair software update, automated systems verify that each system has received its signature update. The checks carried out by the malicious code detection and repair software to scan computers and media include checking: any files on electronic or optical media, and files received over networks, for malicious code before use; and electronic mail attachments and downloads for malicious code before use or file types that are unnecessary for the organization’s business before use; Web traffic, such as HTML, JavaScript, and HTTP, for malicious code; removable media (e.g., USB tokens and hard drives, CDs/DVDs, external serial advanced technology attachment devices) when inserted. The check of electronic mail attachments and downloads for malicious code is carried out at different places (e.g., at electronic mail servers, desktop computers, and when entering the organization’s network). Bring your own device (BYOD) users are required to use anti-malware software (where supported). Server environments for which the server software developer specifically recommends not installing host-based anti-virus and anti-spyware software are addressed via a network-based malware detection (NBMD) solution. 
• The organization augments endpoint protection strategies with additional solutions — including those built into the operating system, if available — to mitigate exploitation of unknown vulnerabilities where traditional antivirus may be ineffective; and where applicable, target the solutions to protect commonly exploited applications (e.g., web browsers, office productivity suites, Java plugins). 
• Covered and/or confidential information, at minimum, is rendered unusable, unreadable, or indecipherable anywhere it is stored, including on personal computers (laptops, desktops) portable digital media, backup media, servers, databases, or logs. Exceptions to encryption requirements are authorized by management and documented. Encryption is implemented via one-way hashes, truncation, or strong cryptography and key-management procedures. For full-disk encryption, logical access is independent of O/S access. Decryption keys are not tied to user accounts. If encryption is not applied because it is determined not to be reasonable or appropriate, the organization documents its rationale for its decision or uses alternative compensating controls other than encryption if the method is approved and reviewed annually by the CISO. 
• The encryption policy addresses the type and strength of the encryption algorithm and when used to protect the confidentiality of information. The organization employs cryptographic modules that are certified and adhere to the minimum applicable standards.

T1567: Q3 Coverage Summary  

The attack technique of exfiltrating information via a web service can be a difficult technique to protect against as the definition of web-based is rapidly evolving. As MITRE suggests, controlling interactions with often abused web-based content (M1021) and implementing Data Loss Prevention strategies (M1057) can help to provide assurance. The above requirement statements from the HITRUST CSF framework provide sensible preventive controls to reduce potential attack surfaces and the severity of web-based exfiltration. 

T1185: Indicator Removal 

The T1185 attack technique showed significant growth in Q3 of 2024.

T1185: i1 Coverage Evaluation  

To protect against the T1185 attack technique, MITRE associates two mitigations. M1018 (User Account Management) provides, “since browser pivoting requires a high integrity process to launch from, restricting user permissions and addressing Privilege Escalation and Bypass User Account Control opportunities can limit the exposure to this technique”. While M1017 (User Training) instructs to “close all browser session regularly and when they are no longer needed”. 

For the T1185: Browser Session Hijacking attack technique, the existing coverage is currently addressed in the i1 through three HITRUST CSF requirements. 

• Dedicated phishing awareness training is developed as part of the organization’s onboarding program, is documented and tracked, and includes the recognition and reporting of potential phishing attempts. 
• The organization provides role-based security-related training, especially for personnel with significant security responsibilities (e.g., system administrators), prior to accessing the organization’s information resources, when required by system or environment changes, when entering into a new position that requires additional role-specific training, and no less than annually, thereafter.
• The allocation of privileges for all systems and system components is controlled through a formal authorization process. The organization ensures access privileges associated with each system product (e.g., operating system, database management system, and each application), and the users associated with each system product that need to be allocated are identified. Privileges are allocated to users on a need-to-use basis and event-by-event basis in line with the access control policy (e.g., the minimum requirement for their functional role as user or administrator, only when needed).

T1185: Q3 Coverage Summary 

There is inherent risk when users engage with an internet browser. Educating users on ways their sessions can be compromised (M1017) along with implementing security controls to discourage and limit potential damage from session hijacking (M1018) are major ways to reduce risk and protect assets. The HITRUST CSF requirement statements associated here provide a blueprint for mitigation and protection.  

Emerging techniques 

In addition to analyzing the top volume and trending techniques, we also take into consideration attack techniques that we have not seen in recent analyses. Below we’ve highlighted three techniques that can help give insights into the evolving minds of adversaries. 

T1039: Data From Network Shares 

Adversaries may search network shares on computers they have compromised to find files of interest. Sensitive data can be collected from remote systems via shared network drives (host shared directory, network file server, etc.) that are accessible from the current system prior to Exfiltration. Interactive command shells may be in use, and common functionality within cmd may be used to gather information. 

While we have not yet seen a significant uptick in activity with this technique, it is important to stay informed and up-to-date with detection methods. This technique is also of note as it cannot easily be mitigated with mitigating controls due to its simple nature of abusing legitimate system features. Controls within the CSF that describe appropriate data categorization can help to limit potential damage. 

T1622: Debugger Evasion 

Adversaries may employ various means to detect and avoid debuggers. Debuggers are typically used by defenders to trace and/or analyze the execution of potential malware payloads. 

While we have not yet seen significant activity for this technique, it is important to stay informed and up-to-date with detection methods. This technique is also of note as it cannot easily be mitigated with mitigating controls due to its simple nature of abusing legitimate system features.  

T1611: Escape to Host 

Adversaries may break out of a container to gain access to the underlying host. This can allow an adversary access to other containerized resources from the host level or to the host itself. In principle, containerized resources should provide a clear separation of application functionality and be isolated from the host environment. 

Requirement statements within the CSF such as implementing malicious code and spam protection, maintaining vendor software security, application allowing listing technology, and privileged role discipline are effective to mitigate this attack technique. 

Conclusion 

As we continue to gather emerging cyber threat data and learn from real-world attack techniques, we will continue to update the HITRUST CSF framework and the preset controls in the i1 assessment. By committing to a dynamic and threat-adaptive control library, we can remain vigilant in a constantly evolving realm of cyber threats. This unique functionality sets the HITRUST i1 apart from other assessments.