Qualified CSF Certifiers

Qualified CSF Certifiers are organizations approved by HITRUST to perform CSF certifications as well as readiness assessments and remediation activities. HITRUST requires organizations to meet certain criteria in order to become accredited as a Qualified CSF Certifier. Defining these requirements helps to ensure the competency of those involved in the certification process and consistency in the certification audit results across all organizations.

To become a Qualified CSF Certifier, an organization must:

  • Provide a letter from an authorized corporate representative to HITRUST committing the firm to support member organizations with qualified resources
  • Have policies defined and procedures implemented to ensure the integrity and ethics of its employees
  • Complete the Qualified CSF Resource Application
  • Execute the HITRUST CSF Qualified Certifier Agreement and submit with fee to HITRUST
  • Commit a minimum of 5 individuals* to support HITRUST services and become certified as HITRUST Practitioners
  • Purchase annual subscription to HITRUST Central, which provides online access to the CSF

The high level requirements that individuals must meet in order to become HITRUST Practitioners are:

  • Has and continues to maintain expertise in both the healthcare and information security industries
  • Completes and passes the Certified Practitioner Training Course offered by HITRUST
  • Maintains HITRUST and CSF expertise through participation in HITRUST committees
  • Maintains a minimum of 120 CPE's over 3 years
  • Passes a criminal background check (Certifiers only)

The audit team must have at least one subject matter expert (SME) with a minimum of 5 years of practical experience in the healthcare industry, information security and information technology, and maintain a professional security certification (e.g. CISSP).

To learn more about becoming a certifying organization or to return completed materials to HITRUST, email certification@HITRUSTalliance.net.

*If this provision cannot be met due to constraints on the number of client servicing individuals focused on healthcare or information security, please contact HITRUST to discuss alternatives.

View a list of HITRUST approved Qualified CSF Certifiers
Read the CSF Certifiers Data Sheet to learn more about becoming a certifying organization.
View a complete list of certification guidelines in the HITRUST Certification Guidelines
View a complete list of Certifier requirements in the HITRUST Certifier and Consultant Requirements

HITRUST Central

A Professional subscription provides access to the online, interactive CSF , the CSF Assurance Toolkit, and many other resources developed specifically for healthcare information security professionals.

CSF Assurance Program

Learn how the program simplifies compliance assessment and reporting through a common set of information security requirements.

News Events