Wipfli logo
Back to Articles

HITRUST® and the cloud

Papador_Jason
Jason J. Papador
Aug 20, 2020
1 min read

When it comes to the cloud, do you meet HITRUST CSF requirements?

The HITRUST CSF® is one of the most widely adopted security and privacy frameworks. As a HITRUST Authorized External Assessor, Wipfli helps businesses and organizations assess their compliance with security and privacy control requirements, as well as create corrective action plans (CAPs) that align with HITRUST CSF.

A subject that frequently comes up during our work with clients is cloud computing services — in particular, whether Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) and other third-party tools offer features that can help address the assurances required across the 19 HITRUST CSF Assessment domains.

In this whitepaper, we’re going to cover four specific areas related to the HITRUST CSF and the cloud:

  1. Cloud platform compliance, shared responsibility and how different cloud solutions compare
  2. Endpoint protection, portable media security and mobile device security
  3. Audit logging and monitoring
  4. Configuration management and vulnerability management

In each section, we’ll share some of the useful tools and features we’ve encountered while performing HITRUST CSF Assessments that can help with compliance.

Author(s)

Papador_Jason
Jason J. Papador
Consultant, Wipfli Advisory LLC
View Profile

Let’s talk about enhancing your risk and compliance management.

Securing your data
How we helped one organization undertake both HITRUST and SOC audits successfully.
See their story

TOP PICKS

Matthew Hovis
Matthew Hovis 10/30/2025
New SAR guidance: Should you change your structuring practices?
Read full story
Rhonda Coggins
Rhonda Coggins 09/24/2025
What do financial institutions need to know about the ‘guaranteeing fair banking’ executive order?
Read full story
Robert Zondag
Robert H. Zondag 09/18/2025
Podcast: Maximize tech and talent with smarter insurance filing
Listen now