The information risk management, standards, and certification body, HITRUST, has announced that it will be releasing a new version of its popular cybersecurity framework this month. Version 11 of the HITRUST CSF includes several improvements to ensure the framework stays relevant, with improved mitigations against evolving and emerging cyber threats, while reducing the burden on healthcare organizations for certification.
The HITRUST CSF is a risk management and compliance framework that healthcare organizations can adopt to reduce the burden and complexity of achieving HIPAA compliance and effectively manage and reduce risks to private and confidential information, including protected health information (PHI). To better protect against emerging and evolving cyber threats, the new version of the HITRUST CSF enables the entire HITRUST assessment portfolio to leverage cyber threat-adaptive controls, appropriate for each level of assurance. Control mappings have been improved as has the precision of specifications, which reduces the level of effort required for HITRUST Certification. HITRUST says the updated version of the CSF reduces the effort required to achieve and maintain HITRUST Implemented, 1-year (i1) Certification over two years by up to 45%.
In the updated version, all HITRUST assessments are subsets or supersets of each other, which means organizations can reuse the work in lower-level HITRUST assessments to progressively achieve higher assurances by sharing common control requirements and inheritance. HITRUST also says CSF v11 is fully integrated across Microsoft Azure, Dynamics 365, Microsoft 365, and Power Platform, and that it is collaborating with various partners and healthcare organizations to introduce advanced capabilities to improve clarity on compliance requirements.
The new HITRUST CSF also sees two new authoritative sources added – NIST SP 800-53, Rev 5, and Health Industry Cybersecurity Practices (HICP) standards – and AI-based standards development capabilities have been developed to aid its assurance experts in mapping and maintaining authoritative sources. The latter will reduce mapping and maintenance efforts by up to 70% and will make it easier to add more authoritative sources in future releases.
“There is no question that frameworks need to stay relevant with current and emerging threats so organizations can conduct assessments as efficiently as possible and provide practical, yet meaningful, assurances to stakeholders,” said Andrew Russell, VP of Standards, HITRUST. “The investments we’ve made in our AI-based standards development platform have dramatically improved our ability to assess threat-adaptive mitigations, add authoritative sources, and reduce redundancies, allowing organizations to achieve the same level of assurance with less effort.”
The post HITRUST Cybersecurity Framework Gets 2023 Update appeared first on HIPAA Journal.