HITRUST updates security framework
The Health Information Trust Alliance (HITRUST) has released version 4.0 of the HITRUST Common Security Framework (CSF) and an updated version of the CSF Assurance Program, which includes changes pertaining to the National Institute of Standards and Technology’s (NIST) 800-53 revision 3.
Updates have been made to the CSF Assurance Program so that the program's components accurately reflect both regulatory and market dynamics. Twelve controls were added and one removed from the controls required for certification under the 2012 CSF Assurance Program.
Other advancements related to the CSF Assurance Program include the availability of an integrated Common Health Information Protection (CHIP) Questionnaire and CSF Compliance Worksheet, as well as new illustrative guidance for the CHIP Questionnaire, clarification of assessment and documentation requirements and tighter alignment of scoring criteria with NIST's capability maturity model to better support assessment scoping and execution.
The Frisco, Texas-based IT security collaboration regularly updates the CSF and the CSF Assurance Program to ensure compliance with HIPAA, as well as various other state and federal regulations, according to a Jan. 12 statement. Going forward, HITRUST will incorporate privacy requirements into the CSF to create an integrated security and privacy framework. Available in December, the integrated framework will initially incorporate the new privacy control catalog in the recent release of NIST SP 800-53 r4 as well as changes resulting from ISACA's release of COBIT 5 in 2012.
Updates have been made to the CSF Assurance Program so that the program's components accurately reflect both regulatory and market dynamics. Twelve controls were added and one removed from the controls required for certification under the 2012 CSF Assurance Program.
Other advancements related to the CSF Assurance Program include the availability of an integrated Common Health Information Protection (CHIP) Questionnaire and CSF Compliance Worksheet, as well as new illustrative guidance for the CHIP Questionnaire, clarification of assessment and documentation requirements and tighter alignment of scoring criteria with NIST's capability maturity model to better support assessment scoping and execution.
The Frisco, Texas-based IT security collaboration regularly updates the CSF and the CSF Assurance Program to ensure compliance with HIPAA, as well as various other state and federal regulations, according to a Jan. 12 statement. Going forward, HITRUST will incorporate privacy requirements into the CSF to create an integrated security and privacy framework. Available in December, the integrated framework will initially incorporate the new privacy control catalog in the recent release of NIST SP 800-53 r4 as well as changes resulting from ISACA's release of COBIT 5 in 2012.