HITRUST® and the cloud
When it comes to the cloud, do you meet HITRUST CSF requirements?
The HITRUST CSF® is one of the most widely adopted security and privacy frameworks. As a HITRUST Authorized External Assessor, Wipfli helps businesses and organizations assess their compliance with security and privacy control requirements, as well as create corrective action plans (CAPs) that align with HITRUST CSF.
A subject that frequently comes up during our work with clients is cloud computing services — in particular, whether Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP) and other third-party tools offer features that can help address the assurances required across the 19 HITRUST CSF Assessment domains.
In this whitepaper, we’re going to cover four specific areas related to the HITRUST CSF and the cloud:
- Cloud platform compliance, shared responsibility and how different cloud solutions compare
- Endpoint protection, portable media security and mobile device security
- Audit logging and monitoring
- Configuration management and vulnerability management
In each section, we’ll share some of the useful tools and features we’ve encountered while performing HITRUST CSF Assessments that can help with compliance.
