Understanding and Leveraging the CSF
Developed in collaboration with healthcare and information security professionals, the HITRUST Common Security Framework (CSF) is the most widely-adopted security framework in the U.S. healthcare industry. With the inclusion of federal and state regulations, standards and frameworks such as HIPAA, NIST, ISO and COBIT, the CSF is a comprehensive and flexible framework that remains sufficiently prescriptive in how control requirements can be scaled and tailored for healthcare organizations of varying types and sizes.
The HITRUST CSF:
- Leverages existing, globally recognized standards, including HIPAA, NIST, ISO, PCI, FTC and COBIT
- Scales according to type, size and complexity of an implementing organization
- Provides prescriptive requirements to ensure clarity
- Follows a risk-based approach offering multiple levels of implementation requirements determined by risks and thresholds
- Allows for the adoption of alternate controls when necessary
- Evolves according to user input and changing conditions in the healthcare industry and regulatory environment
It is only through registering for a subscription that individuals can access the CSF. Individuals from qualified organizations* can receive a Standard subscription at no charge. Access to the online, interactive version of the CSF, authoritative sources and the CSF Assurance Kit is available only through a paid subscription.
HITRUST offers a series of videos to provide an introduction to the CSF and related programs.











