What is it?

The HITRUST CSF® is a targeted, controls-based risk framework that incorporates international and national frameworks and standards including NIST, HIPAA, ISO, PCI, and others to provide organizations with a more cost-effective means to satisfy industry, regulatory, and client requirements.

Why get it?

The HITRUST CSF is a certifiable framework that helps organizations address internal risk management, third-party risk management, and compliance needs in lieu of proprietary information security questionnaires and onsite audits.

[ Read: The Answer To Your Data Risk Management and Compliance Dilemma ]

Reasons to leverage the HITRUST CSF and attain formal certification:

  • A prescriptive, certifiable, rigorous approach to accurately evaluate your organization’s current risk management posture
  • Customize a set of risk-based controls that meets your organization’s industry, regulatory,                and client needs
  • Integrates and harmonizes other risk management frameworks for ease of reporting
  • Communicate your security program to regulators, clients, and other stakeholders with                   transparency and consistency in a repeatable fashion

Each HITRUST CSF Certified organization is required to adhere to a minimum baseline of controls. These required controls can be scaled to appropriately fit the organization’s type, size, and complexity. Each of these have formal classification in the HITRUST CSF. You can also include GDPR, HIPAA, NIST, SOC 2, and others as part of the certification.

How does it work?

Attaining HITRUST CSF Certification requires a formal third-party assessment – known as a “Validated Assessment” – from an approved HITRUST External Assessor.

[ Read: Why Layer 8 Security Became HITRUST Assessors ]

If you’re interested, you should contact us to learn more about the process, including:

  • Understanding the certification process from start to finish
  • Defining what will be in-scope for the assessment
  • Identifying your organization’s tailored baseline
  • Preparing your organization for the assessment
  • Receiving the certification and maintaining compliance


HITRUST champions programs that safeguard sensitive information and manage information risk for global organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from the public and private sectors, HITRUST develops, maintains and provides broad access to its widely-adopted common risk and compliance management frameworks, related assessment and assurance methodologies.

HITRUST understands the challenges of assembling and maintaining the many and varied programs needed to manage information risk and compliance. The HITRUST Approach provides organizations a comprehensive information risk management and compliance program to provide an integrated approach that ensures all programs are aligned, maintained and comprehensive to support an organization’s information risk management and compliance objectives.

Contact Layer 8 Security today to schedule a free consultation