Scribd
Upload
121 views19 pages

HITrust - AI Elements in HITRUST CSF v11.2.0 (2024)

HITrust__AI Elements in HITRUST CSF v11.2.0 (2024)

Uploaded by

Pam Blue
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
121 views19 pages

HITrust - AI Elements in HITRUST CSF v11.2.0 (2024)

HITrust__AI Elements in HITRUST CSF v11.2.0 (2024)

Uploaded by

Pam Blue
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

AI Elements in HITRUST CSF v11.2.

0
02/28/24
HITRUST AI Initiative Overview
HITRUST AI Initiative Overview

HITRUST AI Initiative
HITRUST is leading the way with an industry first AI Assurance program, which will result in a certification
and easily consumable insight report. Working with industry leaders, we have adopted emerging AI
frameworks and tailored control requirements to work within MyCSF as part of an existing assessment of
information security controls to reduce overall effort, and provide a level of assurance over AI risk in
addition to sound security practices.

This presentation will show you how to use the CSF and/or MyCSF to begin utilizing AI risk management
controls in your organization, and stage for success as new deliverables such as a HITRUST AI certification
and insight reports are brought out.

Additionally, AI security controls will be introduced for later versions of the HITRUST CSF as those controls
are identified and solidified among AI pioneers.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


HITRUST AI Initiative Overview

HITRUST CSF v11.20 AI Authoritative Sources


Currently, AI mappings to the following are included
• NIST AI RMF 1.0
• ISO 23894
• Also included as relevant AI mapping are controls from ISO 31000

Overall, there are over 300 AI relevant mappings, with up to 50 unique requirements included when
selecting the AI compliance factor in MyCSF assessments.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using the HITRUST CSF to Identify AI Controls
Using the HITRUST CSF to Identify AI Controls

HITRUST CSF AI Control Identification


The HITRUST CSF version 11.20 download package contains a PDF of the CSF, in addition to an authoritative
source cross reference and introduction document. Organizations can easily download the HITRUST CSF and
utilize the framework free of charge for qualified organizations whose primary use will be to use the
framework for their organization.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using the HITRUST CSF to Identify AI Controls

Downloading the HITRUST CSF


Downloading the HITRUST CSF is easy.
• Go to our website hitrustalliance.net
• Follow the prompts from the top
navigation to Download the CSF

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using the HITRUST CSF to Identify AI Controls

Understanding the CSF to Identify AI Controls

Starting with the authoritative


source cross reference, navigate
along the bottom tabs to the
“NIST AI RMF 1.0”.
This tab will contain the NIST AI
RMF control areas mapped to
HITRUST controls. Take note of
the “HITRUST Control Reference”
in column B.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using the HITRUST CSF to Identify AI Controls

Using the CSF to Identify AI Controls


Next, search the control
reference in the HITRUST CSF
PDF to see the relevant control
text. There may be multiple
strengths of control, use the
guidance in the CSF to determine
strength based on organizational,
system, or regulatory factors.
Control reference 3a
shown here.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using HITRUST MyCSF to Identify AI Controls
Using HITRUST MyCSF to Identify AI Controls

Using MyCSF – AI Compliance Factor on r2 Assessment


Organizations using an r2
assessment or a targeted
assessment on v11.2 or later can
choose to include the currently
available controls identified by
HITRUST and referencing NIST
and ISO AI specifications.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using HITRUST MyCSF to Identify AI Controls

Using MyCSF – AI Control Preview


These controls are available for
review prior to inclusion in your
assessment by selecting the
“Preview Changes” function in
MyCSF.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using HITRUST MyCSF to Identify AI Controls

Using MyCSF – AI Control Preview


MyCSF will provide a quick view
of the control changes in your
selection, and if selected, you
can apply the changes to your
assessment. It also allows you
to download a complete listing
of the new requirements and
mappings.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using HITRUST MyCSF to Identify AI Controls

MyCSF – Control Preview Spreadsheet

This view shows the added, removed, or modified control requirements


and mappings based on the AI factor inclusion.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using HITRUST MyCSF to Identify AI Controls

MyCSF – Generate a Targeted AI Assessment


Customers interested in only
the AI controls from various
frameworks can include them
in a specially configured
“Targeted, Current State (tC)”
assessment. Configuration
options shown here.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using HITRUST MyCSF to Identify AI Controls

MyCSF – Generate a Targeted AI Assessment


Customers interested in only
the AI controls from various
frameworks can include them
in a specially configured
“Targeted, Current State (tC)”
assessment. Configuration
options shown here.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using HITRUST MyCSF to Identify AI Controls

MyCSF – Generate an AI Scorecard


Customers completing a MyCSF
assessment can see how they
are performing relative to the
AI controls included in the
assessment. Navigate
to "Analytics" and click on the
"reports" tab as shown
here. Select the "Authoritative
Source Report Cards."

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Using HITRUST MyCSF to Identify AI Controls

MyCSF – See Results with an AI Scorecard


Use the drop down menus to
select your assessment
containing the AI requirements,
and then select the AI source
"NIST AI RMF 1.0" or others.
This will show completed
scoring and status of those
relevant AI requirement
statements.

© 2024 HITRUST Services Corp. CONFIDENTIAL AND PROPRIETARY


Thank you

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy