MyCSF needs to have a job that runs which ranks the controls on a level of strictness and removes duplicate controls that are less strict when they provide the same coverage. Often times, we see multiple of the same controls (with just a timeframe changed, more requirements than one another, etc.). Removing duplication would help speed up certification.

Ex: 1141.01bCMSSystem.12 - The organization
1. disables accounts of users posing a significant risk immediately, not to exceed 30 minutes after discovery of the risk.

11962.01bNYDOHSystem.3 - The organization
1. disables accounts of users posing a significant risk within 60 minutes of discovery of the risk.

Both of these are in the same assessment and the 30 minute timeframe is more strict. If we use the 30 minute timeframe, that gives us coverage to satisfy both.

HITRUST is built to limit the amount of assessing against many frameworks by having them all built in. Having duplication of controls feels like we are still assessing against many frameworks rather than it being streamlined.