Blog

The HITRUST CSF Assessment Process and Beyond

by Sarah Harvey / December 19, 2022

What is the HITRUST Maturity Model? So far in this webinar series, you’ve learned who HITRUST is, what the HITRUST CSF is, how to scope your environment, and which risk factors affect your defined scope. In this webinar, Jessie Skibbe outlines HITRUST’s Maturity Model for control scoring, the assessment process, report options and timeline projections, and some strategies for maintaining compliance. HITRUST Maturity Model You will be required to…

Episode 6 – Understanding HITRUST – Top 5 HITRUST FAQs

by Joseph Kirkpatrick / February 7, 2023

As many organizations are new to the HITRUST CSF, we receive a lot of questions regarding HITRUST CSF compliance. Certified HITRUST CSF Practitioner, Jessie Skibbe, has presented to us the top five frequently asked questions about HITRUST. Here are her answers: Top 5 Frequently Asked Questions about HITRUST I was just told that I need to be HITRUST certified by December 31, 2017. What should I do? First, don’t panic,…

Episode 5 – 5 Things You Need to Get Started with HITRUST Compliance

by Joseph Kirkpatrick / February 7, 2023

HITRUST is becoming a buzzword around the healthcare industry. Many business associates are being asked by clients to obtain HITRUST CSF certification. Many business associates are looking for a way to demonstrate compliance with HIPAA laws and maintain a competitive advantage in the industry. If you are brand new to HITRUST CSF and aren’t quite sure where to start, take a look at these five things your organization should do…

PCI Requirement 5.4 – Ensure Security Policies and Procedures are Known to all Affected Parties

by Randy Bartels / February 7, 2023

PCI Requirement 5 states, “Protect all systems against malware and regularly update anti-virus software or programs.” For this requirement, we’ve discussed the 5 sub-requirements and topics such as anti-virus solutions, malware protection, commonly affected systems, and the evolving threat landscape. Meeting PCI Requirement 5 will protect your organization from being infected by malware attacks. But, as we’ve learned, it’s not enough just to learn and talk about these things. All…

PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered

by Randy Bartels / February 7, 2023

Now that there is an anti-virus solution installed and running in your environment, we need to keep it that way. PCI Requirement 5.3 states, “Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period.” There may be situations when you need to disable the anti-virus mechanism for a very short period…

The HITRUST CSF Assessment Process and Beyond

Episode 6 – Understanding HITRUST – Top 5 HITRUST FAQs

Episode 5 – 5 Things You Need to Get Started with HITRUST Compliance

PCI Requirement 5.4 – Ensure Security Policies and Procedures are Known to all Affected Parties

PCI Requirement 5.3 – Ensure Anti-Virus Mechanisms are Active and Can’t be Altered

Categories

Newsletter

Learn what you need to get started with our Audit Readiness Guide.