The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and
efficient approach to regulatory compliance and risk management.
Developed in collaboration with data protection professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security and
privacy framework. Because the HITRUST CSF is both risk- and compliance-based, organizations of varying risk profiles can customize the security and privacy control
baselines through a variety of factors including organization type, size, systems, and regulatory requirements.
Organized into 14 Control Categories, 49 Control Objectives, and 156 Control Specifications.