CSF Assessors

CSF Assessors are those organizations that have been approved by HITRUST for performing assessment and services associated with the CSF Assurance Program and the Common Security Framework (CSF), a comprehensive security framework that incorporates the existing security requirements of healthcare organizations.

CSF Assessors are critical to HITRUST's efforts to provide trained resources to healthcare organizations of varying size and complexity to assess compliance with security control requirements and document corrective action plans that align with the CSF.

HITRUST requires an organization to meet certain criteria in order to become accredited as a CSF Assessor. Requirements for an organization to become a CSF Assessor include:

  • Completing the CSF Assessor Application and executing the HITRUST CSF Assessor Agreement.
  • Having policies defined and procedures implemented to ensure the integrity and ethics of an organization's employees.
  • Committing individuals to support HITRUST services and become trained as HITRUST Practitioners.
  • Maintaining expertise through participation in HITRUST and other healthcare or security committees.

To learn more about becoming a CSF Assessor or to return completed materials to HITRUST, email certification@HITRUSTalliance.net.

Read the CSF Assessors data sheet.
View a list of CSF Assessors and their contact information.
View a complete list of requirements for CSF Assessors.

HITRUST Central

A Professional subscription provides access to the online, interactive CSF , the CSF Assurance Toolkit, and many other resources developed specifically for healthcare information security professionals.

CSF Assurance Program

Learn how the program simplifies compliance assessment and reporting through a common set of information security requirements.

News Events