Skip to content

HITRUST Assessment Handbook - Exposure Draft

The Assessment Handbook defines the requirements for organizations assessing their information protection programs against the HITRUST CSF through a readiness or validated assessment. The assessment handbook is intended to provide guidance and expectations of the assessment process to the HITRUST community.

HITRUST has published an exposure draft of the Assessment Handbook and invites all stakeholders to review and submit feedback by July 7, 2023.

The Assessment Handbook is not yet final and will not be enforced during the exposure draft review period. HITRUST will continue to enforce the existing guidance published within the HITRUST website (www.hitrustalliance.net).

HITRUST Assessment Handbook - Exposure Draft

Categories

JUMP TO ANOTHER FORUM

(thinking…)

Provide comments here

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

3 results found

  1. Spelling Error

    A12 inheritance FAQs and examples - “Is it possible to inherit from a Risk-based, 2-year (r2) type of HITRUST Assessment into an Implemented, 1-year (i1) or Essentials, 1-year (e1) HITRUST Assessment (and vice versa)?” spelling error - However, when inheriting from an “inheritable” i1 ore1 into an “inheriting” r2, only...

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  15. Reporting & Maintaining a HITRUST Certification  ·  Admin →

  2. Glossary of Terms

    Appendix A (adding under last section since Appendix isn't available as category) – Will the HITRUST glossary of terms and acronyms be contained within the Appendix? For example: is 90-day ‘fieldwork period’, 90-day implementation period defined?

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  15. Reporting & Maintaining a HITRUST Certification  ·  Admin →

  3. Additions to section 15

    • Pg. 81, Second paragraph, update formatting for "a62": "...domain to score at least a62 to achieve certification.

    -Pg. 83, 15.3.9, update formatting for "e1validated": "...domain to score at least a62 to achieve certification..."

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    0 comments  ·  15. Reporting & Maintaining a HITRUST Certification  ·  Admin →