Find Your Specialist


Contact Us

    Go Back

    HITRUST v9.4 Updates Include Enhanced Community Specific Requirements

    The anticipated release of HITRUST CSF version 9.4 was announced on June 22nd, 2020. The HITRUST CSF is regularly updated to stay abreast of evolving security and privacy requirements, including new global laws and regulations. Updating the framework also helps meet the needs of organizations that belong to a smaller community, such as a subset of an industry group, a State Agency, or a cooperative sharing agreement. HITRUST is committed to providing a framework to fit any organization in the world and they will continue to update the HITRUST CSF on a regular basis.

    Key Changes

    The HITRUST CSF v9.4 release includes (via CSF v9.4 Summary of Changes):

    • Incorporation of regulatory requirements from the U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC) v1.0
    • Clarification and enhancement of certain illustrative procedures to ensure alignment with the corresponding authoritative sources
    • Inclusion of community-specific authoritative sources, currently referred to as Supplemental Requirements or Community Supplemental Requirements (CSR)
    • Miscellaneous corrections to requirement statements and guidance

    There are changes to three requirement statements and eighty-nine of the v9.3 illustrative procedures.

    These updates help ensure alignment with the corresponding authoritative sources.

    The Department of Defense (DoD) requires that all organizations that serve in a vendor capacity to the federal government must be certified against the CMMC framework. Version 9.4 of the HITRUST CSF has incorporated these regulatory requirements to aid organizations that need CMMC certification. While many of the existing requirements in the HITRUST CSF can be used to achieve CMMC certification, four CMMC specific requirements have been added to the framework.

    Thirteen community-specific authoritative sources have been added to the framework. These new requirements are available within MyCSF to organizations who are members of the community in which inclusion is a requirement or by organizations curious about these new requirements which are only available in 9.4 assessment objects.

    With the deployment of version 9.4, HITRUST continues its commitment to making the HITRUST CSF the most comprehensive, recognized framework that is both industry and regulation agnostic.

    To learn more about HITRUST Certification, visit Frazier & Deeter’s HITRUST page or reach out to our HITRUST team.

    Related Articles

    Privacy Overview

    When you use or access the Site, we use cookies, device identifiers, and similar technologies such as pixels, web beacons, and local storage to collect information about how you use the Site. We process the information collected through such technologies, which may include Personal Information, to help operate certain features of the Site (e.g., to prevent online poll participants from voting more than once), to enhance your experience through personalization, and to help us better understand the features of the Site that you and other users are most interested in.

    You can enable or disable our use of cookies per category.
    Always Enabled

    Essential cookies enable you to navigate our Site and use certain features, such as accessing secure areas of our Site and using other features of our service that require us to keep track of certain information as you navigate from page to page. Although some of these cookies are “required” to enable certain functionality, you can disable them in the browser, but doing so will limit your ability to use the features supported by such cookies.

    Functionality cookies are cookies that support features of the Site, such as remembering your preferences.

    These cookies collect information about how you use our Site, including which pages you go to most often and if they receive error messages from certain pages. These cookies are only used to improve how our Site functions and performs.

    From time-to-time, we may engage third parties that track individuals who visit our Site. These third parties may track your use of the Site for purposes of providing us with certain marketing automation features (to help us improve our outreach to current and prospective clients) and providing you with targeted advertisements.