HITRUST Updates October 2023
HITRUST updates the CSF, its control framework, at least annually to help ensure the CSF addresses current cybersecurity risks. On October 10, 2023, HITRUST announced the latest version v11.2. which includes requirement statement consolidation to help reduce overlap within the CSF and updating the related authoritative sources for the controls.
Additionally as part of the update of the CSF HITRUST has announced the retirement of all versions of the CSF prior to 11.1 for the r2 (Risk-based, 2-year Validated Assessment) and 11.2 for the e1 (Essentials, 1-year Validated Assessment ) and i1 (Implemented, 1 year assessment). The retirement dates are outlined below:
|Assessment Type||Versions Retired||Last day to create an assessment under retiring versions||Last day to submit an assessment under retiring version|
|r2||9.5 through 9.6.2||6/30/24||4/30/25|
|r2 and i1||11.1||10/10/23||TBD|
HITRUST has previously announced the retirement of all versions of my CSF prior to versions 9.5 with a final submission date for all existing assessments under prior versions of December 31, 2024.
If you are currently in the process of doing an assessment to HITRUST, CompliancePoint would recommend continuing with your current version. However, if you are just beginning your HITRUST journey or have an assessment that will be due for renewal after the dates above we recommend working with your assessor to ensure that you have considered the impact of the changes in the CSF as the v11 framework has significant changes from prior versions.
Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.