Flag the assessment as insufficient for a NIST certification prior to being submitted to HITRUST so that the entity and assessor can verify the scores for those requirement statements. Also a list of requirement statements that apply to a NIST certification would be helpful.3 votes
There are a variety of quality checks imposed, some that require overrides from the assessor team to continue with submission. One of those should be 'scores are already too low to certify'.
Please add a little flag or warning note at the time of submission to simply say, "You're submitting an assessment for certification, but the scores are too low to certify. Proceed Y/N?"
Our particular case was due to errors in the inheritance process, but it could happen in other scenarios. Best to alert the assessor and confirm that they are not seeking certification.7 votes
- Don't see your idea?