HITRUST provides NIST Cybersecurity Framework certification

May 23, 2018

HITRUST, a security and privacy standards development and accreditation organization, announced its certification program for the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity, more widely known as the NIST Cybersecurity Framework (Framework). Through the HITRUST CSF Assurance Program and assessment scorecard for the NIST Framework, HITRUST offers organizations an effective and efficient means of assuring management, business partners, and regulators their compliance with the NIST Framework’s objectives.

By leveraging the HITRUST CSF a controls-based risk management framework that aligns with and supports the NIST Framework—HITRUST is positioned to deliver on the goal of sector-specific Target Profiles envisioned by NIST, the Federal Communication Commission’s Communications Security, Reliability and Interoperability Council in the Communications Sector, Health and Human Services (HHS) in the Healthcare and Public Health (HPH) Sector, U.S. Coast Guard and National Highway Traffic Safety Administration in the Transportation Sector, the Financial Services Sector Coordinating Council in the Financial Sector, and others. The NIST Framework requires an organization to determine the security controls it needs to achieve the objectives defined by the Core Subcategories, i.e., its Target Profile, and ensure there is a comprehensive process to assess those controls.

The HITRUST CSF’s integration of multiple industry-relevant statutory, regulatory, and best practice requirements into a single framework makes it easy for organizations to determine an appropriate Target Profile and subsequently implement and report their progress toward a cybersecurity program that fulfills the goals and objectives of the NIST Framework.

The 2018 Government Accountability Office (GAO) Report to Congressional Committees on Critical Infrastructure Protection recognized “the alignment of the framework to the [HITRUST CSF] allows organizations to demonstrate compliance with NIST.” HITRUST also worked with the Department of Homeland Security and HHS to publish the Healthcare Sector Cybersecurity Framework Implementation Guide, helping healthcare organizations integrate all aspects of the NIST Framework into their cybersecurity programs. Building on this model, HITRUST has committed to developing additional guidance documents to support more streamlined implementation of the NIST Framework for many industry sectors.

A HITRUST CSF scorecard of the NIST Framework provides:

  • Compliance ratings for each NIST Framework Core Subcategory;
  • guidance for approximating NIST Framework Implementation Tiers based on the compliance ratings; and
  • consistent reporting across all critical infrastructure industries.

The HITRUST CSF Assurance Program can also help organizations understand and report their effectiveness against many other standards and leading practice frameworks. With one assessment, organizations can view their information privacy and security program against the HIPAA Security and Privacy Rules, NIST Framework, GDPR, International Organization for Standardization (ISO) 27001, Payment Card Industry (PCI) and the American Institute of Certified Public Accountants (AICPA) Trust Services Criteria, and can obtain a Service Organization Control (SOC) 2 report.

Business Wire has the full release

Sponsored Recommendations

AI-Driven Healthcare: Empowering Nurses, Clinicians, and Care Teams for Smarter, More Efficient Care

Explore how AI-first ThinkAndor® is transforming nursing workflows and patient care at Sentara, improving outcomes, reducing readmissions, and enhancing care transitions in this...

The Future of Storage: The Complexities and Implications in Healthcare

Join us on January 23rd to explore the future of data storage in healthcare and learn how strategic IT decisions today can shape agility and competitiveness for tomorrow.

IT Healthcare Report: Technology Insights for a Transformative Future

Explore the latest healthcare IT trends, challenges, and opportunities in AI, patient care, and security. Gain actionable insights to navigate the industry's transformation.

How to Build Trust in AI: The Data Leaders’ Playbook

This eBook strives to provide data leaders like you with a comprehensive understanding of the urgent need to deliver high-quality data to your business. It also reviews key strategies...