Description | e1 Assessment Foundational Cybersecurity |
---|---|
Purpose (Use Case) | Provides entry-level assurance focused on the most critical cybersecurity controls to demonstrate that essential security hygiene is in place |
Number of HITRUST CSF Requirements on a 2-Year Basis and Maturity Levels Considered | 44 (Year 1), 44 (Year 2), Implemented |
Policy and Procedure Consideration | Minimal |
Flexibility of Control Selection | No tailoring |
Evaluation Approach | 1x5: Implementation control maturity level |
Level of Assurance Conveyed | Low (for organizations that present a low level of information security risk) |
Control Requirements Performed by Service Providers | Allows Carve-Outs or Inclusion |
Certifiable Assessment Provides Targeted Coverage for one or more authoritative sources | Yes, 1-year |
Supporting Assessments | Readiness |
Alignment with Authoritative Sources | CISA Cyber Essentials, Health Industry Cybersecurity Practices (HICP) for Small Healthcare Organizations, NIST 171’s Basic Requirements, NIST IR 7621 |
Uses Results Distribution System™ to Share Results | Yes |
Leverages HITRUST Assurance Intelligence Engine™ (AIE) to Prevent Omissions and Errors | Yes |