Archives

HITRUST redesigns CSF in v11 to increase efficiencies and cyber threat-adaptive assurances

HITRUST

HITRUST, the information risk management, standards, and certification body, will release HITRUST CSF version 11 in January 2023 to improve mitigations against evolving cyber threats, broaden the coverage of authoritative sources, and streamline the journey to higher levels of assurance.

“There is no question that frameworks need to stay relevant with current and emerging threats so organizations can conduct assessments as efficiently as possible and provide practical, yet meaningful, assurances to stakeholders,” said Andrew Russell, VP of Standards, HITRUST. “The investments we’ve made in our AI-based standards development platform have dramatically improved our ability to assess threat-adaptive mitigations, add authoritative sources, and reduce redundancies, allowing organizations to achieve the same level of assurance with less effort.”

Also Read: Antier Provides Exclusive Web 3.0 Solutions That Matter To Education & Healthcare Industries

The CSF v11 demonstrates HITRUST’s commitment to continuous improvement:

Protects against new and emerging threats: The CSF v11 enables the entire HITRUST assessment portfolio to leverage cyber threat-adaptive controls that are appropriate for each level of assurance.

Reduces effort toward HITRUST Certification through greater efficiency: Improved control mappings and precision of specifications afforded through CSF v11 enable reduced level of effort toward a HITRUST certification.  For example, the level of effort to achieve and maintain HITRUST Implemented, 1-year (i1) Certification over two years can be reduced by up to 45%.

Enables a traversable assessment journey through an expanded and aligned portfolio: Enables a single framework in the HITRUST CSF to provide a single approach that covers broad assurance needs for different risk levels and compliance requirements with greater assurance reliability than other assessment options. All HITRUST assessments are now subsets (or supersets) of each other, which allows organizations to reuse the work in lower-level HITRUST assessments to progressively achieve higher assurances by sharing common control requirements and inheritance.

SOURCE: PR Newswire