The information risk management, standards, and certification agency, HITRUST, made an announcement that it is going to release a new version of its well-known cybersecurity framework this January. HITRUST CSF Version 11 includes a number of enhancements to make sure the framework remains applicable, with enhanced mitigations against changing and arising cybersecurity threats, at the same time minimizing the load on healthcare companies for certification.
The HITRUST CSF is a risk management and compliance system that healthcare providers could use to lessen the burden and intricacy of reaching HIPAA compliance and efficiently control and minimize risks to personal and confidential data, which include protected health information (PHI). To help better protect against appearing and changing cyber threats, the new HITRUST CSF version allows the whole HITRUST assessment portfolio to take advantage of cyber threat-adaptive settings, suitable for every level of confidence. Control mappings were enhanced as has the accuracy of specs, which minimizes the level of work needed for HITRUST Certification. HITRUST states the new version of the CSF lessens the effort necessary to reach and sustain HITRUST Implementation, 1-year (i1) Certification in two years by as much as 45%.
In the new version, all HITRUST testings are subsets or supersets of one another, meaning companies could use again the work in reduced-level HITRUST testing to gradually attain higher guarantees by sharing common control specifications and inheritance. HITRUST additionally states CSF v11 is completely integrated into Dynamics 365, Microsoft Azure, Power Platform, and Microsoft 365, and that it’s working together with different partners and healthcare providers to bring in innovative functions to enhance clarity on compliance needs.
The new HITRUST CSF additionally spots two new authoritative resources included – NIST SP 800-53, Rev 5, and Health Industry Cybersecurity Practices (HICP) standards – and AI-based standards development abilities were created to help its assurance specialists in mapping and keeping authoritative sources. The second option will minimize mapping and upkeep efforts by as much as 70% and will make it simpler to put more authoritative resources at later date releases.
VP Andrew Russell of HITRUST states that frameworks must remain relevant with present and appearing threats so that companies can perform assessments as effectively as possible and offer practical, yet purposeful, assurances to stakeholders. The investments spent on AI-based standards creation platforms have significantly enhanced HITRUST’s ability to evaluate threat-adaptive mitigations, include authoritative resources, and lessen redundancies, enabling companies to attain the same degree of assurance with less work.