Term · 14. International Standards
HITRUST CSF (Common Security Framework) HITRUST
Definition
Healthcare-focused certifiable framework consolidating HIPAA, HITECH, NIST, ISO 27001, PCI DSS, GDPR, and 40+ other authoritative sources into prescriptive controls. Three assessment levels: e1 (essential, 44 controls), i1 (implemented, 182 controls), r2 (risk-based, 197+ tailored controls). HITRUST CSF certification is the de-facto standard for healthcare vendors handling PHI.
- Synonyms
-
- HITRUST Common Security Framework
- Application
- Required by major payers and providers for vendor due diligence in healthcare. IDM/IAM impact: granular role-based access to PHI, audit logging per HIPAA, automated provisioning/deprovisioning, segregation of duties for clinical vs administrative roles, session timeouts.
- Sources
-
- HITRUST Alliance — CSF primary source
Related terms
-
Audit
Independent examination of identity controls, processes, and records to verify compliance with policy and regulatory req …
-
Audit Trail
Chronological record of identity events — authentication, authorization decisions, provisioning actions, configuration c …
-
CCPA / CPRA (California Consumer Privacy Act / Privacy Rights Act) (CCPA)
California state privacy law (CCPA 2018, expanded by CPRA 2020 effective 2023) granting California residents rights over …
-
CMMC (Cybersecurity Maturity Model Certification) (CMMC)
US Department of Defense framework certifying cybersecurity practices of Defense Industrial Base (DIB) contractors handl …
-
Compliance
Adherence to applicable laws, regulations, standards, and internal policies governing identity and access management. Co …
-
Confidentiality
Security principle ensuring data is accessible only to authorized identities. One of the CIA triad (Confidentiality, Int …