HITRUST CSF™ Authoritative Source Content

Document created by Christine Tran Employee on May 6, 2020Last modified by Susan Read-Miller on May 20, 2020
Version 9Show Document
  • View in full screen mode

The foundation of all HITRUST® programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.


Developed in collaboration with data protection professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST CSF is both risk- and compliance-based, organizations of varying risk profiles can customize the security and privacy control baselines through a variety of factors including organization type, size, systems, and regulatory requirements.


Version 9.3 integrates regulatory requirements from the South Carolina Insurance Data Security Act (SCIDSA), the California Consumer Privacy Act (CCPA), and NIST SP 800-171 r2 (DFARS)–into the HITRUST CSF and includes added language to the glossary to better clarify terms found in the framework. These updates reflect HITRUST’s commitment to provide a framework fitting for any organization globally.



This content is available in English only.



Control standard mappings are not available for this authoritative source.


Licensing Restrictions

This content requires a license and/or membership in good standing as required by the terms set forth by HITRUST. For more information about licensing, contact HITRUST.


The HITRUST CSF Authoritative Source  authoritative source content is available with the use of the RSA Archer Policy Program Management use case, the RSA Archer IT Policy Program Management use case, and/or the RSA Archer Assessment & Authorization use case. 


For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.