e1 Key Highlights
e1 At-a-Glance Overview
| Description | Validated Assessment + Certification |
|---|---|
| Purpose (Use Case) | Provides entry-level assurance focused on the most critical cybersecurity controls to demonstrate that essential security hygiene is in place |
| Number of HITRUST CSF Requirements on a 2-Year Basis and Maturity Levels Considered | 44 (Year 1), 44 (Year 2), Implemented |
| Policy and Procedure Consideration | Minimal |
| Flexibility of Control Selection | No tailoring |
| Evaluation Approach | 1x5: Implementation control maturity level |
| Level of Assurance Conveyed | Low (for organizations that present a low level of information security risk) |
| Control Requirements Performed by Service Providers | Allows Carve-Outs or Inclusion |
| Certifiable Assessment Provides Targeted Coverage for one or more authoritative sources | Yes, 1-year |
| Supporting Assessments | Readiness |
| Alignment with Authoritative Sources | CISA Cyber Essentials, Health Industry Cybersecurity Practices (HICP) for Small Healthcare Organizations, NIST 171’s Basic Requirements, NIST IR 7621 |
| Uses Results Distribution System™ to Share Results | Yes |
| Leverages HITRUST Assurance Intelligence Engine™ (AIE) to Prevent Omissions and Errors | Yes |
HITRUST e1 Benefits
- Adds efficiency and flexibility to the HITRUST Portfolio
- Faster, more streamlined assurances
- Cyber threat-adaptive approach for added protection
- Efficient way to show that core cybersecurity controls are operating effectively to protect the organization
- Requires less effort to complete and falls below the level of assurance conveyed by the more rigorous HITRUST i1 and r2 Assessments
- Provides the right level of assurance for organizations that pose low levels of risk