e1 Key Highlights

e1 At-a-Glance Overview

Description	Validated Assessment + Certification
Purpose (Use Case)	Provides entry-level assurance focused on the most critical cybersecurity controls to demonstrate that essential security hygiene is in place
Number of HITRUST CSF Requirements on a 2-Year Basis and Maturity Levels Considered	44 (Year 1), 44 (Year 2), Implemented
Policy and Procedure Consideration	Minimal
Flexibility of Control Selection	No tailoring
Evaluation Approach	1x5: Implementation control maturity level
Level of Assurance Conveyed	Low (for organizations that present a low level of information security risk)
Control Requirements Performed by Service Providers	Allows Carve-Outs or Inclusion
Certifiable Assessment Provides Targeted Coverage for one or more authoritative sources	Yes, 1-year
Supporting Assessments	Readiness
Alignment with Authoritative Sources	CISA Cyber Essentials, Health Industry Cybersecurity Practices (HICP) for Small Healthcare Organizations, NIST 171’s Basic Requirements, NIST IR 7621
Uses Results Distribution System™ to Share Results	Yes
Leverages HITRUST Assurance Intelligence Engine™ (AIE) to Prevent Omissions and Errors	Yes

HITRUST AI Cybersecurity for AI ensures organizations mitigate cybersecurity threats, while also addressing privacy, ethics, and transparency risks.

HITRUST AI Risk Management provides a strong foundation for assessing AI risks, identifying gaps, and drive continuous improvement.

Adds efficiency and flexibility to the HITRUST Portfolio
Faster, more streamlined assurances
Cyber threat-adaptive approach for added protection
Efficient way to show that core cybersecurity controls are operating effectively to protect the organization
Requires less effort to complete and falls below the level of assurance conveyed by the more rigorous HITRUST i1 and r2 Assessments
Provides the right level of assurance for organizations that pose low levels of risk

Contact ecfirst to Get Started