Press release

HITRUST Enhances Best in Class Information Risk and Compliance Assessment Platform

Sponsored by Businesswire

HITRUST, a leading data protection standards development and certification organization, today announced a significant new release of its information risk and compliance assessment SaaS platform. HITRUST is continually innovating MyCSF® to help streamline and simplify how organizations assess information risk and manage compliance. The October 2019 release features a redesigned user interface, capability to create custom assessments tailored to specific regulatory or control requirements, streamlined workflows throughout the third-party assurance process, and sharing of assessments with third parties through the HITRUST Assessment XChange™.

MyCSF was designed from the start as an information risk assessment and compliance tool and engineered to streamline assessing, reporting, and remediating information risk and compliance. In addition the platform can be used to build a robust ISRM program, lending insight into an organization’s security posture and areas of improvement, benchmarking against the scores of similar organizations.

New features include:

  • Custom Assessments: Tailor assessments to fit an organization’s needs, selecting some or all of the controls in any of 44 authoritative sources that are mapped and harmonized in the HITRUST CSF, including ISO 27XXX, NIST 800-53, NIST Cybersecurity Framework, NIST 800-171, PCI, HIPAA, HITECH, GDPR, FFIEC, and CCPA. Customizations could include assessing against one or multiple authoritative sources, regulatory factors, or control requirements without having to add CSF baseline controls.
  • Custom Roles: Create and define access control permissions tailored to the organization.
  • Redesigned User Interface: Modern, sleek, and streamlined interface enables intuitive and faster workflow.
  • Integration to Third-Party Assurance Process: MyCSF fully supports the HITRUST CSF Assurance Program including assessment entry, assessor assignments, and submission. It also includes role assignment and workflows for the recently added Internal Assessor role, allowing internal audit and other departments to aid in the CSF Assessment process.
  • Enhanced Shared Responsibility Support: Updated functionality within MyCSF supports the HITRUST Shared Responsibility Program for inheriting controls from cloud and other service providers, streamlining the assessment and working process.
  • Integration with HITRUST Assessment XChange Portal: Makes sharing risk assessment data with third parties simple, secure, and efficient. Satisfies and streamlines customer requests to provide CSF Assessment Reports as well as customer communications concerning Corrective Action Plans (CAPs), Interim Assessments, and more.
  • Enhanced API: MyCSF also offers expanded API functions for integration with GRC and other systems.

For more information, including the MyCSF data sheet, go to

For more information on the HITRUST Assessment XChange, go to


Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies.

For more information, visit