Yes, you’re well on your way as the HITRUST Risk Management Framework (RMF)—consisting of the HITRUST CSF, CSF Assurance Program and related method and tools—is the foundation for a model implementation of the NIST CsF in the private sector.
Since the NIST CsF lacks the prescriptive controls needed for an organization to implement the framework, HITRUST provides NIST CsF-implementing organizations a single, comprehensive, prescriptive, yet tailorable control framework to meet its business objectives. The HITRUST CSF also helps organizations satisfy multiple regulatory and other compliance requirements—including the Health Insurance Portability and Accountability Act (HIPAA) Security Rule’s standards and implementation specifications—and ultimately meet industry-recognized due care and due diligence requirements for the adequate protection of health information.
By implementing the HITRUST RMF, organizations automatically implement the NIST CsF recommendations and meet the cyber resilience objectives specified by the NIST CsF Subcategories.
Source: HITRUST Alliance FAQ
Contact: Ali Pabrai at Pabrai@ecfirst.com for a complimentary 29-minute, tailored Webinar on HITRUST: Fast Track to Certification.
Date: December 4, 2018