• Question 1

    With GDPR now being enforced, can the HITRUST CSF address GDPR mandates?

  • Question 2

    Is it possible to address the NIST Cybersecurity Framework (CsF) with the HITRUST CSF?

  • Question 3

    The 23 NYCRR 500 is a comprehensive cybersecurity regulation. Does HITRUST CSF address this New York regulation?

  • Question 4

    Is the HITRUST CSF limited to use by healthcare entities only?

  • Question 5

    Can business associates in countries such as India and the Philippines apply the HITRUST CSF standard?

  • Question 6

    Does the HITRUST CSF address PCI DSS requirements for cardholder data?

  • Question 7

    Can organizations in the healthcare industry, that are covered entities or business associates, address compliance with HIPAA and HITECH with the HITRUST CSF?

  • Question 8

    How many key phases are there on the path to HITRUST certification?

    b) There are 12 key phases
    c) It is hard to establish how many phases
    as there is no consistency for
    phases between one organization and another
  • Question 9

    The foundation of the HITRUST CSF is based on:

    b) NERC CSS
    c) Not sure
  • Question 10

    The HITRUST CSF is applicable to large organizations only.

  • Question 11

    The HITRUST CSF may be best described as:

    b) Rigid and aligned exclusively with the
    HIPAA regulations to ensure compliance

    c) Not sure
  • Question 12

    How many control categories (or clauses) are defined in the HITRUST CSF?

  • Question 13

    How many controls are included a HITRUST assessment?

  • Question 14

    How many assessment options are available in the HITRUST CSF Assurance Program?

  • Question 15

    Who conducts HITRUST Validated Assessments?

About ecfirst

Established in 1999 ecfirst is an Iowa-based Corporation. ecfirst delivers complete end-to-end compliance and information security services across the United States and worldwide. ecfirst has completed several hundred information security assessments over the last few years for satisfied clients. Our team has managed assessments using various standards including, but not limited, to NIST 800-53, HITRUST, HIPAA, GDPR, ISO-27001, PCI-DSS and others. We are well regarded in the industry as an affordable and high-quality team with well-established expertise in a number of fields. Many clients first engage ecfirst for its flexible services that range from On-Demand Consulting (ODC) to Managed Compliance Services Programs (MCSPs) covering training, policies, remediation, risk assessment, technical vulnerability assessments, penetration testing and much more.


The HITRUST CSF is a common, standardized methodology to effectively and consistently measure compliance and risk via simplified information collection and reporting, consistent testing procedures and scoring, and demonstrable efficiencies and cost- containment; and additional assurances around the accuracy, consistency and repeatability of assessments due to the use of pre-qualified professional services firms—all of which is designed to meet the unique regulatory and business needs of the healthcare industry. It is a risk-based approach to selecting HITRUST CSF controls for assessment, including management oversight of the assessment. The HITRUST CSF Assurance Program delivers simplified compliance assessment and reporting that addresses healthcare federal, state and industry requirements for both covered entities and their business associates.

Our mission is to keep your organization compliant with regulations and be prepared for any cybersecurity & HITRUST event at any time. Our Information Security experts are able to recommend and help implement your company’s strategic goals and tactical steps for managing enterprise security.


Copyright © 1999-2018 ecfirst Inc. All rights reserved.