What is HITRUST CSF?

  • The foundation of all HITRUST programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
  • Developed in collaboration with data protection professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST CSF is both risk- and compliance-based, organizations of varying risk profiles can customize the security and privacy control baselines through a variety of factors including organization type, size, systems, and regulatory requirements
  • Organized into 14 Control Categories, 49 Control Objectives, and 156 Control Specifications

HITRUST: Fast Facts

HITRUST CSF Controls

HITRUST CSF Assessment Domains