HITRUST, a globally renowned data protection standards development and certification organisation, has announced the availability of version 9.4 of the HITRUST CSF information risk and compliance management framework, further delivering on its mission of ‘One Framework, One Assessment, Globally’.
HITRUST CSF version 9.4
HITRUST CSF version 9.4 now incorporates and harmonises the largest number of authoritative sources of any security and privacy framework, most recently adding the CMMC framework and two community-specific standards, as well as updating existing sources for continued relevancy.
As security and privacy requirements change in response to new and updated global laws and regulations, or breaches and other cyber events, HITRUST is committed to maintaining and expanding the relevancy and applicability of the HITRUST CSF, in order to meet the continually evolving regulatory and risk-management landscape and associated control requirements.
HITRUST CSF v9.4 related updates include:
- Integrating the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) v1.0,
- Updating the NIST SP 800-171 r2 mappings to ensure continued alignment,
- Piloting the inclusion of community–specific authoritative sources to further extend the Assess Once, Report Many benefits of the HITRUST Approach, and
- Enabling HITRUST MyCSF platform functionality which provides DoD CMMC customers the ability to select CMMC Maturity Level specific CSF requirements in support of compliance pursuits.
Complexity of managing information risk and compliance
HITRUST recognises the complexity of managing information risk and compliance"
“HITRUST recognises the complexity of managing information risk and compliance—no matter what industry you are in,” said Sarah Phillips, the Senior Manager of Standards for HITRUST.
Sarah Phillips adds, “We are committed to helping organisations address these challenges, through maintaining the relevance of the HITRUST CSF, by adding and updating authoritative sources, providing the depth and breadth of controls needed, while eliminating redundancies and the need for organisations to interpret and harmonise a multitude of global frameworks, standards, and regulations.”
HITRUST CSF - key component of the HITRUST Approach
HITRUST understands the challenges of assembling and maintaining the many and varied programmes needed to manage information risk and compliance. The HITRUST CSF is a key component of the HITRUST Approach, which provides organisations an integrated information risk management and compliance solution that ensures all programmes are aligned, maintained, and comprehensive to support an organisation’s information risk management and compliance objectives.
In developing a framework that can meet the needs of organisations locally, nationally and globally, HITRUST recognises that various organisations may have requirements imposed, as a result of being part of a smaller community—such as a subset of an industry group, a State Agency, or by a cooperative sharing agreement.
HITRUST CSF Assessment Report
HITRUST has established a mechanism in the HITRUST CSF, which is enabled through MyCSF
In many cases, these may not be new security or privacy controls, but more specific implementation requirements. HITRUST has established a mechanism in the HITRUST CSF, which is enabled through MyCSF for these requirements to be incorporated, harmonised, and selected for inclusion, during the assessment process and then included in the HITRUST CSF Assessment Report.
The intent is to reduce any additional assessments by enabling organisations to ‘Assess Once, Report Many’. HITRUST CSF v9.4 includes two such community standards and the inclusion of others based on market demand is being evaluated.
HITRUST CSF maps to CMMC requirements
“The HITRUST CSF maps to CMMC requirements and we have developed a white paper, to help organisations understand and instill confidence in the HITRUST Approach,” explained Dr. Bryan Cline, Chief Research Officer, HITRUST.
Dr. Bryan Cline adds, “Organisations utilising HITRUST to operationalise CMMC, as part of their existing information protection programme, can quickly assess CMMC Practice and Process maturity with accuracy and precision.”
- Network / IP
- Electronic security systems
- Office security systems
- Office security
- Application security
- Physical security
- Commercial security
- Perimeter security
- Security management
- Security policy
- Security devices
- Security installation
- Security access systems
- Asset tracking
- Electronic access control
- Identity management
- Building security
- Facility security
- Door access control
- Security software
- Security service
- Physical Security Information Management (PSIM)
- IP security solutions
- Security communication
- Testing & Approvals
- Integration software
- Perimeter protection
- Research & Testing
- Cyber security
- Mobile communications
- Internet of Things (IoT)
- Corporate Security
- Data Security
- Incident Management
- Security Assessments
- Cloud security
- Artificial intelligence (AI)
- Mobile access
- GDPR
- Machine Learning
- Touchless Security
