An organization selects an appropriate set of security control requirements for its information protection program based on its organizational, system and regulatory risk factors, and it is this set of control requirements that constitute its NIST Cybersecurity Framework Target Profile. While the control requirements map to various NIST Framework Core Subcategories, the control requirements for an organization’s HITRUST CSF Certification and certification of its NIST Cybersecurity Framework implementation are the same.
Source: HITRUST Alliance FAQ
Contact: Ali Pabrai at Pabrai@ecfirst.com for a complimentary 29-minute, tailored Webinar on HITRUST: Fast Track to Certification.
Date: December 4, 2018