HITRUST CSF™ Authoritative Source Content

Document created by Christine Tran Employee on May 6, 2020Last modified by Gloria Higley on Nov 16, 2020
Version 15Show Document
  • View in full screen mode

The foundation of all HITRUST® programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.


Developed in collaboration with data protection professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST CSF is both risk- and compliance-based, organizations of varying risk profiles can customize the security and privacy control baselines through a variety of factors including organization type, size, systems, and regulatory requirements.


Version 9.4.1 incorporates changes stemming from the integration of the U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC) Framework and various Community Supplemental Requirements.



This content is available in English only.



Mappings for the HITRUST CSF™ Authoritative Source Content to the Archer Control Standard Library are available in the authoritative source content pack.


Licensing Restrictions

This content requires a license and/or membership in good standing as required by the terms set forth by HITRUST. For more information about licensing, contact HITRUST.


The HITRUST CSF authoritative source content is available with the use of the Archer Policy Program Management use case, the Archer IT Policy Program Management use case, and/or the Archer Assessment & Authorization use case. 


For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact Archer at archersupport@rsa.com for more information.