HITRUST CSF™ Authoritative Source Content

Document created by Christine Tran Employee on May 6, 2020Last modified by Gloria Higley on Oct 2, 2020
Version 12Show Document
  • View in full screen mode

The foundation of all HITRUST® programs and services is the HITRUST CSF, a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.


Developed in collaboration with data protection professionals, the HITRUST CSF rationalizes relevant regulations and standards into a single overarching security and privacy framework. Because the HITRUST CSF is both risk- and compliance-based, organizations of varying risk profiles can customize the security and privacy control baselines through a variety of factors including organization type, size, systems, and regulatory requirements.


Version 9.3 integrates regulatory requirements from the South Carolina Insurance Data Security Act (SCIDSA), the California Consumer Privacy Act (CCPA), and NIST SP 800-171 r2 (DFARS)–into the HITRUST CSF and includes added language to the glossary to better clarify terms found in the framework. These updates reflect HITRUST’s commitment to provide a framework fitting for any organization globally.



This content is available in English only.



Mappings for the HITRUST CSF™ Authoritative Source Content to the RSA Archer Control Standard Library are available in the authoritative source content pack.


Licensing Restrictions

This content requires a license and/or membership in good standing as required by the terms set forth by HITRUST. For more information about licensing, contact HITRUST.


The HITRUST CSF authoritative source content is available with the use of the RSA Archer Policy Program Management use case, the RSA Archer IT Policy Program Management use case, and/or the RSA Archer Assessment & Authorization use case. 


For Additional Support

To learn more about this content, please contact your Account Rep for additional details. For technical support questions, please open a support case or contact RSA Archer at archersupport@rsa.com for more information.