| Description | e1 Assessment Foundational Cybersecurity |
|---|---|
| Purpose (Use Case) | Provides entry-level assurance focused on the most critical cybersecurity controls to demonstrate that essential security hygiene is in place |
| Number of HITRUST CSF Requirements on a 2-Year Basis and Maturity Levels Considered | 44 (Year 1), 44 (Year 2), Implemented |
| Policy and Procedure Consideration | Minimal |
| Flexibility of Control Selection | No tailoring |
| Evaluation Approach | 1x5: Implementation control maturity level |
| Level of Assurance Conveyed | Low (for organizations that present a low level of information security risk) |
| Control Requirements Performed by Service Providers | Allows Carve-Outs or Inclusion |
| Certifiable Assessment Provides Targeted Coverage for one or more authoritative sources | Yes, 1-year |
| Supporting Assessments | Readiness |
| Alignment with Authoritative Sources | CISA Cyber Essentials, Health Industry Cybersecurity Practices (HICP) for Small Healthcare Organizations, NIST 171’s Basic Requirements, NIST IR 7621 |
| Uses Results Distribution System™ to Share Results | Yes |
| Leverages HITRUST Assurance Intelligence Engine™ (AIE) to Prevent Omissions and Errors | Yes |
