Understanding and Leveraging the CSF
Developed in collaboration with healthcare and information security professionals, the HITRUST Common Security Framework (CSF) is the most widely-adopted security framework in the U.S. healthcare industry. With the inclusion of federal and state regulations, standards and frameworks such as HIPAA, NIST, ISO and COBIT, the CSF is a comprehensive and flexible framework that remains sufficiently prescriptive in how control requirements can be scaled and tailored for healthcare organizations of varying types and sizes.
The HITRUST CSF:
- Leverages existing, globally recognized standards, including HIPAA, NIST, ISO, PCI, FTC and COBIT
- Scales according to type, size and complexity of an implementing organization
- Provides prescriptive requirements to ensure clarity
- Follows a risk-based approach offering multiple levels of implementation requirements determined by risks and thresholds
- Allows for the adoption of alternate controls when necessary
- Evolves according to user input and changing conditions in the healthcare industry and regulatory environment
It is only through registering for a subscription that individuals can access the CSF. Individuals from qualified organizations* can receive a Standard subscription at no charge. Access to the online, interactive version of the CSF, authoritative sources and the CSF Assurance Kit is available only through a paid subscription.
HITRUST offers a series of videos to provide an introduction to the CSF and related programs.
Read the CSF Brochure to learn more about how the CSF is organized and how to implement the framework.
View a sample of the Security Implementation Manual, one of the three components of the HITRUST CSF.
