Where is HITRUST?

HITRUST has specifically asked us NOT to review their materials.

They are opaque and do not want any outside review of their controls. They specifically do not want organizations that use HITRUST to know where their controls have gaps with the actual laws and rules related to health care and personal information.

Until they request outside review (like Cloud Security Alliance, Shared Assessments, ISF, and many others), they will not be mapped to the UCF.

If there are specific documents that HITRUST covers that you would like added to the UCF, please submit a request.

Have more questions? Submit a request


Powered by Zendesk