The HITRUST Common Security Framework (HITRUST CSF) is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management. The HITRUST Alliance is a not-for-profit organization, founded in 2007, “born out of the belief that information protection should be a core pillar of, rather than an obstacle to, the broad adoption of health information systems and exchanges.” HITRUST also leads many efforts in awareness, education, and advocacy related to information protection. In addition, HITRUST's framework has since been developed to be non-industry specific.

The HITRUST CSF consists of 14 Control Categories (see below), 19 Domains, 49 Control Objectives, 156 Control References, and 3 Implementation Levels. The HITRUST CSF was built on the primary principles of ISO 27001/27002 and has evolved to align with a wide range of regulations, standards, and business requirements. These include HIPAA, PCI-DSS, NIST 800-53, NIST Cybersecurity Framework, COBIT, GDPR, and more.

HITRUST CSF Control Categories

00.0   Information Security Management Program
01.0  Access Control 
02.0  Human Resources Security              
03.0  Risk Management             
04.0  Security Policy           
05.0  Organization of Information Security    06.0  Compliance         
07.0  Asset Management 
08.0  Physical and Environmental Security 
09.0  Communications and Operations Management
10.0  Information Systems Acquisition, Development and Maintenance 
11.0  Information Security Incident Management 
12.0  Business Continuity Management 
13.0  Privacy Practices 


  • You have a customer requiring HITRUST compliance

  • You're looking to improve your overall security posture through a recognized, reputable and certifiable framework

  • You're looking to establish governance over your risk management and information security programs

  • You're looking to differentiate your organization through adoption of an efficient, flexible and scalable standard

  • You want a framework that:

    • Harmonizes and maps existing controls and requirements from standards, regulations, business, and third-party requirements, including:

      • HIPAA, NIST 800-53, PCI-DSS, ISO 27001/2, COBIT, GDPR, etc.

    • Scales controls based on the size, type, and complexity of your organization

    • Is non-industry specific

  • The HITRUST CSF Assurance Program enables trust in information protection through an efficient and manageable approach

    • The comprehensiveness of the requirement statements for the assessed entity is based on multiple levels within the HITRUST CSF as determined by defined risk factors

Learn more detailed information on the available HITRUST Reporting methods


Other Useful Links

SOC 2 + Examinations



case studies

big problem:
Ransomware attack halted a global manufacturer's operations.
big thinking:
Recover and secure the system – fast – save $1 million in ransom.
big problem:
High tax burden for family-owned franchisor.
big thinking:
Comprehensive planning for a 15% tax reduction.

our thoughts on

SECURE Act: Modification of Required Minimum Distribution Rules for Designated Beneficiaries (Section 401)

Based on the new provisions of the SECURE Act, there are now much more restrictive rules surrounding a required minimum distribution (RMD) to designated

read more >

Application to Receive Funding for On-Road and Class 8 Fleet Vehicle Projects in Pennsylvania Now Available!

As you know from our previous articles (Volkswagen Environmental Mitigation Trust Fund), Volkswagen is obligated to fund various environmental trusts for

read more >

Financial Fitness: Setting SMART Goals

This article was originally published in Wedgewood Life magazine and is reprinted with their permission. Happy New Year! As the calendar flips and a New

read more >

Good News Regarding Excess Business Losses For Your Pass-Through Construction Business

If you own a construction business, you know all too well that one or more bad contracts can make or break the financial results for the year. If you were

read more >

Financial Fitness - Are my personal finances on the right track?

This article was originally published in Wedgewood Life magazine and is reprinted with their permission. This is a frequently asked question by my clients

read more >

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office

One PPG Place, Suite 1700
Pittsburgh, PA 15222

p:412.261.3644     f:412.261.4876

Map of Columbus Office

65 East State Street, Suite 2000
Columbus, OH 43215

p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102