Wipfli logo
Back to Articles

HITRUST® and the cloud

Papador_Jason
Jason J. Papador
Aug 20, 2020
1 min read

When it comes to the cloud, do you meet HITRUST CSF requirements?

The HITRUST CSF® is one of the most widely adopted security and privacy frameworks. As a HITRUST Authorized External Assessor, Wipfli helps businesses and organizations assess their compliance with security and privacy control requirements, as well as create corrective action plans (CAPs) that align with HITRUST CSF.

A subject that frequently comes up during our work with clients is cloud computing services — in particular, whether Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) and other third-party tools offer features that can help address the assurances required across the 19 HITRUST CSF Assessment domains.

In this whitepaper, we’re going to cover four specific areas related to the HITRUST CSF and the cloud:

  1. Cloud platform compliance, shared responsibility and how different cloud solutions compare
  2. Endpoint protection, portable media security and mobile device security
  3. Audit logging and monitoring
  4. Configuration management and vulnerability management

In each section, we’ll share some of the useful tools and features we’ve encountered while performing HITRUST CSF Assessments that can help with compliance.

Click here to download the whitepaper.

Author(s)

Papador_Jason
Jason J. Papador
Consultant
View Profile

Let’s talk about enhancing your risk and compliance management.

Securing your data
How we helped one organization undertake both HITRUST and SOC audits successfully.
See their story

TOP PICKS

Sarah Williams
Sarah K. Williams 05/09/2025
Third-party attestations and surprise exams: A practical guide for registered investment advisors
Read full story
Stephanie Jennings
Stephanie Jennings 04/23/2025
Training: The foundation of excellence
Read full story
Cristina Deschaine 04/10/2025
Back to basics: Fiduciary account reviews
Read full story