Compliance with the HITRUST CSF framework is critical to keeping sensitive data safe, regardless of the various security risks your organization may face. Although the HITRUST Alliance recently announced the release of HITRUST CSF v10, the framework has not been released. Read on to learn when you can expect its release—and how to prepare for it.
When to Expect the Release of HITRUST CSF V10
If you rely on the HITRUST CSF to secure your digital real estate, you may be wondering when the latest update, HITRUST CSF V10, will be released. After all, HITRUST CSF compliance will streamline the implementation of your cybersecurity controls and optimize your security posture.
Below, we’ll break down everything you need to know about the release of HITRUST CSF v10:
- Potential dates to anticipate the release of HITRUST version 10
- Changes to expect in HITRUST v10
While awaiting the release of HITRUST CSF v10, it is critical to remain compliant with the current HITRUST version with the help of a HITRUST CSF partner.
Anticipated Dates for the Release of HITRUST CSF v10
As one of the most frequently updated frameworks, the CSF provides comprehensive, risk-based security to organizations within and adjacent to healthcare. Therefore, it is no surprise that many organizations eagerly await the release of HITRUST CSF v10.
One of the first announcements about CSF v10 was back in 2019, targeting a Q4 2020 release.
Then, in 2021, the HITRUST Alliance announced that HITRUST version 10 would be released in the same year—to no avail. One update indicated the new version of the framework would be available in the second half of the year. Later, HITRUST CSF v10 was to be expected in 2022.
A more recent announcement in a live demo pointed to a set of updates that would enable more organizations to conduct HITRUST self-assessments under CSF v10. But, since then, the HITRUST Alliance has not provided specific dates for the release of HITRUST CSF v10.
Nonetheless, you can expect HITRUST version 10 to be released sooner rather than later.
There is a pressing need for a comprehensive and intuitive framework to support the security needs of organizations within and adjacent to healthcare. Until then, the current HITRUST CSF, version 9.6, remains a resource to help you effectively mitigate threats to your digital assets.
Assess your HITRUST compliance
Changes to Expect in HITRUST Version 10
Although there isn’t any formal communication from the HITRUST Alliance regarding the specific changes in HITRUST CSF v10, you can expect the framework to address pressing security risks more comprehensively. One way to anticipate upcoming changes to the HITRUST version 10 is to reference the framework’s evolution since its inception.
Development of the Current Version of HITRUST CSF—v9.6
The HITRUST CSF is the first of its kind of security framework that brings together control requirements from various frameworks under one umbrella to “assess once, report many.”
When it was established, the HITRUST CSF was designed to:
- Streamline compliance requirements from different regulatory frameworks such as:
- PCI DSS to safeguard the integrity of cardholder data (CHD)
- HIPAA to keep protected health information (PHI) safe
- NIST to implement a risk-based security management approach
- ISO to standardize security assessments
- Offer flexibility across compliance levels, such that any organization, regardless of size, industry, or operational capacity could benefit from CSF assessments and certification
- Provide the option for rigorous, risk-based regulatory assessments
During the transition from HITRUST v9.5.2 to the current version 9.6, critical changes to the framework included:
- Adjustments to requirements and procedures in preparation for the recently released HITRUST Implemented, 1-year (i1) Validated Assessment
- Updates to NIST requirement mappings (e.g., NIST SP 800-53 Rev 4)
Therefore, you can expect HITRUST CSF v10 to include adjustments to security controls that will protect your organization from threats, regardless of the industry in which you operate.
Other Expected Updates to HITRUST CSF v10
The HITRUST Alliance had previously mentioned the upcoming CSF v10 will be more flexible when managing security risk and overall compliance. Currently, organizations can leverage the HITRUST reservation system to submit HITRUST CSF Validated Assessments, an initiative termed “Reservation-Based Quality Assurance.” The flexibility of this system is expected to continue with the release of the HITRUST CSF v10, streamlining planning and submission.
Besides changes to maturity requirements, you can expect version 10 of the HITRUST CSF to include optimized assurance that delivers reliable results with each validated assessment.
Considering the frequent changes to control requirements with the release of each HITRUST CSF version, you can expect version 10 to be no different in that regard. Your sensitive digital assets will likely be more secure from all kinds of security threats. The best way to prepare for the release of HITRUST CSF v10 is to work with a HITRUST CSF partner to strengthen your current controls and prepare the path to transition to CSF v10.
Optimize Your Current HITRUST Controls
As you await the release of HITRUST CSF V10, now might be a good time to optimize your current HITRUST CSF controls. By partnering with a HITRUST CSF compliance specialist, your will be HITRUST ready—bolstering your security posture in the long term!
To learn more and get started, contact RSI Security today!