Content, Channel partners

HITRUST Announces Plans to Release New Version of CSF Framework in January 2023

Viruses are detected in cyberspace. Abstract sight is aiming for threats. The problem is detected. Illustration.

HITRUST, an organization that offers information risk management certifications and assessments, will release a new version of its CSF framework in January 2023.

The new release, HITRUST CSF version 11, will "improve mitigations against evolving cyber threats, broaden the coverage of authoritative sources and streamline the journey to higher levels of assurance, according to a prepared statement.

CSF v11 Key Features

CSF v11 highlights HITRUST's commitment to continuous improvement, the organization stated.

Key features of CSF v11 include:

  • Enables organizations to perform HITRUST assessments that use cyber threat-adaptive controls for each level of assurance
  • Allows organizations to map out the requirements associated with various certifications and speed up the process of earning them
  • Offers a single framework that accounts for different risk levels and compliance requirements
  • Ensures all HITRUST assessments are subsets (or supersets) of each other, allowing organizations to reuse the work in lower-level HITRUST assessments to share common control requirements and achieve higher assurances
  • Integrations across Microsoft Azure, Dynamics 365, Microsoft 365 and Power Platform
  • Addition of NIST SP 800-53, Rev 5 and Health Industry Cybersecurity Practices (HICP) standards
  • AI-based standards development capabilities that enable HITRUST assurance experts to map and maintain standards in accordance with authoritative sources

CSF v11 will help global organizations "stay relevant with current and emerging threats," HITRUST VP of Standards Andrew Russell said. That way, they can use the framework to conduct security assessments, generate security insights and use them to find the best ways to combat cyberattacks.

A Closer Look at HITRUST's CSF Framework

The CSF framework provides global organizations with a "comprehensive, flexible and efficient approach to regulatory/standards compliance and risk management," according to HITRUST. Organizations can use the framework to secure, monitor and manage their data in compliance with myriad industry requirements.

Organizations in healthcare, financial services and many other industries follow CSF's framework. In addition, HITRUST has partnered with Trend Micro and other technology providers to help organizations adopt the standard to bolster their cyber protection.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.