NDB offers fixed-fee HITRUST i1 Validated Assessments for healthcare and related organizations throughout North America.
HITRUST i1 Validated Assessment Key Points
- Its intent is to be a threat-adaptive assessment focused on best security practices, with a more rigorous approach to evaluation, which is suitable for moderate assurance requirements.
- It includes coverage and uses the following standards and sources as its foundation: NIST SP 800-171, HIPAA Security Rule, GLBA Safeguards Rule, U.S. Department of Labor EBSA Cybersecurity Program Best Practices, Health Industry Cybersecurity Practices (HICP).
- There are 219 pr-set controls (i.e., static controls)
- No tailoring is allowed.
- The certifiable assessment is good for one (1) year.
According to HITRUST, "Since the HITRUST i1 Assessment is designed around relevant information security risks and emerging cyber threats, it includes a combination of good security hygiene controls and best-practice controls from the HITRUST CSF framework."