HITRUST, the leader in enterprise risk management, information security, and compliance assurances, is pleased to announce the release of version 11.3.0 of the HITRUST Framework (HITRUST CSF) on April 16, 2024. This update reaffirms HITRUST’s commitment to providing organizations with a comprehensive, up-to-date framework that addresses evolving cyber threats and regulatory requirements.
The HITRUST Framework (HITRUST CSF®) is a comprehensive, scalable, reliable, and efficient framework for information risk management, cybersecurity, and regulatory compliance. It is designed to help organizations globally, in any sector, earn the trust of their customers and stakeholders by demonstrating their commitment to relevant and reliable information security standards.
What’s New in CSF v11.3.0
- Addition of FedRAMP, StateRAMP, and TX-RAMP authoritative sources, which provide a standardized approach to ensure that assessed entities doing business with the government comply with applicable information security requirements.
- Integration of NIST SP 800-172: Enhancing protections for Controlled Unclassified Information (CUI) and supporting organizations with high-risk profiles in their HITRUST r2 Assessment tailoring.
- Foundation for CMMC Level 3 Requirements: Preparing organizations for new compliance needs based on stringent NIST standards.
- Inclusion of MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (MITRE Atlas) mitigation. Addressing security requirements crucial for safeguarding AI systems.
- Streamlined Assessment Process: Reduced redundancy in requirement statements, significantly decreasing the average r2 assessment size without compromising control coverage.
Customer Benefits
- Staying Ahead of Regulations: By integrating and normalizing the latest industry standards and requirements, CSF v11.3.0 ensures organizations remain aligned with current and emerging regulations.
- Comprehensive Cyber Threat Adaptation: The inclusion of cutting-edge authoritative sources like NIST SP 800-172 and MITRE ATLAS ensures the framework meets the challenges of today’s dynamic threat landscape.
- Enhanced Efficiency: Consolidation efforts have streamlined the assessment process, reducing effort and time investment for organizations pursuing HITRUST certification while meeting one or many regulatory compliance requirements.
Transition Information
With the launch of v11.3.0, new e1 and i1 assessments will be aligned with the updated framework, ensuring organizations benefit from the latest cybersecurity and compliance advancements. Existing assessments under v11.2.0 can still proceed, providing flexibility and continuity for ongoing certification efforts.
SOURCE: PRNewswire