Home > News > featured news > HITRUST i1 Assessment control selection leverages security best practices, threat intelligence

Data Security

HITRUST i1 Assessment control selection leverages security best practices, threat intelligence

HITRUST | December 18, 2021

HITRUST today announced it is addressing the need for a continuously-relevant cybersecurity assessment that aligns and incorporates best practices and leverages the latest threat intelligence to maintain applicability with information security risks and emerging cyber threats, such as ransomware. The design and selection of the controls for the HITRUST Implemented 1-year (i1) Assessment puts it in a new class of information security assessment that is threat-adaptive – designed to maintain relevance over time as threats evolve and new risks emerge, while retiring controls no longer deemed material.

Most existing assessment approaches are not designed to keep pace with current and emerging threats; those that do, rely heavily on broad control requirements that raise questions about suitability of control and consistency of review that ultimately impact reliability of results. In contrast, HITRUST identifies information security controls relevant to mitigating known risks and leverages cyber threat intelligence data to influence the selection – and where necessary, updating – of technically-focused HITRUST CSF requirements included in the HITRUST i1 Assessment. As a result, the HITRUST i1 Assessment includes controls selected to address emerging cyber threats active today.

“The HITRUST i1 Assessment is unique in both selection of controls and the design of its assurance program. Effort towards completion is comparable to other moderate assurance vehicles while delivering a higher level of reliability,” 

Jeremy Huval, HITRUST Chief Innovation Officer

The HITRUST i1 Assessment is the first information security assessment of its kind with attributes not available through other assurance programs:

  • Designed to maintain relevant control requirements to mitigate existing and emerging threats and provide updates as new threats are identified (It is threat-adaptive, prescriptive, and focused on controls relevant to risk)
  • Designed to sunset controls that have lost relevance and have limited assurance value based on effort required to comply or assess
  • Its unique controls selection and assurance program design deliver a higher level of reliability than other moderate assurance options
  • The level of time and effort to complete is comparable to other moderate assurance options in the market
  • Offers a forward-looking, 1-year certification

As the HITRUST i1 was designed around relevant information security risks and emerging cyber threats, it is not surprising it provides coverage for numerous standards, such as NIST 800-171, GLBA Safeguards Rule, HIPAA Security Rule, and Health Industry Cybersecurity Practices (HICP).

HITRUST will evaluate security controls and review threat intelligence data no less than quarterly, and for each subsequent major and minor release of the HITRUST CSF, to ensure the HITRUST i1 Assessment requirement selection remains relevant over time. Guidance documents will also drive enhancements to the HITRUST CSF and HITRUST i1 Assessment control sets as needed. While the HITRUST i1 Assessment is intended to adapt and evolve to maintain relevance, it’s important to note that HITRUST i1 Assessment certified organizations will not be impacted by changes to the HITRUST i1 Assessment control requirements until their next HITRUST assessment cycle.

HITRUST is hosting a webinar at 11 a.m. CT on Thursday, February 3, 2022, to discuss the HITRUST Implemented 1-year (i1) Assessment in more detail. To register, and for more information, click here: Next Generation HITRUST Information Security Assessment Focuses on Continuous Cyber Relevance

About HITRUST
Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies.

Spotlight

Implementieren digitaler Souveränität bei der Cloud-Einführung

Überwindung der Herausforderungen und Komplexitäten beim Aufbau von Souveränität als Teil einer Multi-Cloud-Strategie. 90 % der Unternehmen in Europa und 88 % im Nahen Osten, in der Türkei und in Afrika (META) nutzen heute die Cloud-Technologie, die einen wichtigen Baustein für die digitale Transformation darstellt. In dem Maße,

More featured news

Spotlight

Implementieren digitaler Souveränität bei der Cloud-Einführung

Überwindung der Herausforderungen und Komplexitäten beim Aufbau von Souveränität als Teil einer Multi-Cloud-Strategie. 90 % der Unternehmen in Europa und 88 % im Nahen Osten, in der Türkei und in Afrika (META) nutzen heute die Cloud-Technologie, die einen wichtigen Baustein für die digitale Transformation darstellt. In dem Maße,

Related News

Platform Security, Software Security, Cloud Security

Uptycs Continues Momentum in Helping Customers Achieve Security Operations Excellence with AWS

Globenewswire | July 28, 2023

Uptycs, provider of the first unified CNAPP and XDR platform, today announced it’s now part of the Amazon Web Services (AWS) Public Sector Partner (PSP) Program. The AWS PSP Program helps AWS Partners grow their public sector business through alignment with AWS public sector sales, marketing, funding, capture, and proposal terms. “We are delighted to be working with AWS to solve customers’ cloud security challenges, increase security operations efficiency, and protect developer environments as they move code from their workspaces into AWS production environments,” said Ganesh Pai, CEO and co-founder of Uptycs. Uptycs has built an integration with AWS Control Tower, which simplifies AWS experiences by orchestrating multiple AWS services on a customer’s behalf while maintaining the security and compliance needs of their organization. Leveraging the workflow with AWS Control Tower, Uptycs' deep integration with AWS Systems Manager allows organizations to achieve comprehensive security controls while reducing operational overhead in their Uptycs deployment. “Many organizations, especially in the public sector, are looking for ways to cost-effectively scale their cloud security program. Our integration with AWS Control Tower and AWS Systems Manager, along with our more unified shift up approach, delivers a more efficient way to improve customers’ security posture across cloud environments,” Pai said. Additionally, Uptycs also recently announced the achievement of AWS Security Competency Status, and an integration with the Amazon Security Lake. “Our model is proven to better support cybersecurity teams thanks to what we’ve already achieved for our public sector customers, as well as enterprise and commercial organizations,” Pai said. “Now, we’re even better at helping our customers reduce operational burden, and strengthen their threat detection, remediation, and forensic capabilities.” About Uptycs Uptycs, the first unified CNAPP and XDR platform, reduces risk by prioritizing responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across clouds, containers, servers, and endpoints—all from a single UI. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture. Get started with agentless coverage, then add runtime protection, and advanced remediation and forensics.

Read More

Enterprise Security, Platform Security, Software Security

BigID Unveils Industry-First AI as a Copilot to Navigate and Adapt to the World of Generative AI

PR Newswire | August 09, 2023

BigID, the leading platform for data security, privacy, compliance, and governance, today announced native AI support to copilot organizations' innovation and adoption of generative AI: revolutionizing data management and security. With BigID's AI, organizations can now achieve better data visibility, clarity, and organization to accelerate their ability to improve their data security posture, wherever their data lives. To effectively safeguard critical data, security teams need comprehensive visibility and understanding of their data assets, relying on an updated and comprehensive data inventory. Legacy tools leave organizations with fragmented perspectives, lacking the context needed to identify data requiring protection. BigID accelerates organizations of all sizes to get the most out of AI - and adapt & innovate while they're doing it. Benefits at a Glance: Get Better Data Clarity: Automatically assign easy-to-understand names and business terms to data tables and columns for better insight into sensitivity and business value. Intelligently Organize Your Data: Quickly group similar types of documents and apply human readable titles and descriptions. Accelerate Risk Reduction: Generate summaries of data security posture management, automate risk assessments, and get recommended actions based on the data itself. Govern large language models (LLMs) securely: Reduce risk of adapting AI by flag, tag, and labelling LLM data as safe for use - ensuring these models aren't being trained on personal, sensitive, regulated, or private information. "With BigID's AI-driven automation, customers can now effortlessly navigate their data landscape, prioritize security efforts, and gain a level of clarity that was previously unattainable," said Tyler Young, CISO of BigID. "The world of generative AI brings risk and uncertainty around security - BigID makes it easy to innovate and adapt AI - all while decreasing the attack surface." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com.

Read More

Enterprise Security, Platform Security, Software Security

Safe Security Joins MITRE Engenuity's Center for Threat-Informed Defense

Prnewswire | July 06, 2023

Safe Security, the AI-Driven Cyber Risk Management company, announced today that it has joined the Center for Threat-Informed Defense (Center), operated by MITRE Engenuity, as a Research Sponsor. This partnership will enhance the organization's ability to develop resources to protect against cyberattacks through its unique approach to public interest collaborative research and development (R&D). "We are proud to announce our partnership with the Center as a research sponsor and are excited to share our expertise to drive cybersecurity innovation," said Vidit Baxi CISO and Co-founder at Safe Security. "The Center promotes the co-development of new tools, techniques, and strategies to address challenges in today's highly vulnerable ecosystem. This program allows us to contribute and support global community engagement efforts in understanding and communicating cyber risk. Alongside industry members, we can better articulate and mitigate cyber risks, prioritize specific threat-informed actions to prevent breaches, ultimately contributing to the advancement and improvement of cyber defense." In 2019, MITRE Engenuity was established as a subsidiary of the MITRE Corporation amid a noticeable shift in R&D investments moving towards the private sector. Recognizing that vital industry investments may become overwhelmed in the conceptual phase without proper guidance, the subsidiary aims to ensure effective implementation through nurturing and radical collaboration. Operating within the dynamic cybersecurity landscape, MITRE Engenuity brings together experts, organizations, and investors in a non-competitive environment to foster generational impact for the public good. SAFE's research collaboration will build on the MITRE ATT&CK® framework, forming the foundation for a threat-informed defense approach to counter the latest techniques leveraged by today's most advanced threat actors. The Center also works to provide defenders with a deep understanding of adversary tradecraft and advances in developing countermeasures to prevent, detect, and mitigate modern threats by identifying trends in attacker behavior that can inform the threat intelligence community. Using its AI-fueled cyber risk cloud of clouds platform for predicting and preventing cyber breaches, SAFE evaluates the efficacy of cyber controls by automatically mapping common vulnerabilities and exposures (CVEs) and cyber controls across the kill chain using the MITRE ATT&CK and D3FEND frameworks. This approach enables CISOs to visualize and assess cybersecurity. Predictive data models co-developed with MIT empower CISOs to translate the bits and bytes of cyber risk into dollars and cents, allowing them to communicate these risks to the board effectively and all risk stakeholders. SAFE delivers a data-driven, real-time solution for measuring, managing, and mitigating cyber risk. It gives organizations an aggregated view of enterprise security risk by collating disparate cyber signals for single visibility across their attack surface, technology, people, and third parties. SAFE is dedicated to working with the Center in its continuous efforts to make meaningful contributions to the cybersecurity community, enabling organizations to move from a reactive state to a predictive posture to understand the likelihood of different cyber risk scenarios. "The Center for Threat-Informed Defense serves as a hub for top-tier security teams worldwide to collaborate on identifying and resolving the most pressing challenges confronting cyber defenders," said Jonathan Baker, Co-Founder and Director of the Center for Threat-Informed Defense. "We are thrilled to have Safe Security on board as we strengthen our collective understanding of adversary behaviors and our ability to thwart cyber attacks." About The Center for Threat-Informed Defense The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The center's mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the center builds on MITRE ATT&CK, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the center operates for the public good, outputs of its research and development are available publicly and for the benefit of all. For more information, contact ctid@mitre-engenuity.org. About Safe Security Safe Security is the leader in cyber risk management SaaS platforms. It has redefined cyber risk measurement and management with its real time, data-driven approach that empowers enterprise leaders, regulators, and cyber insurance carriers to understand cyber risk in an aggregated and granular manner. Using SAFE's predictive AI-driven data models, co-developed with MIT, customers are now empowered to translate the bits and bytes of cyber risk into dollars and cents so that they can prioritize their cyber investments to most effectively mitigate their risk and understand the return on security investments. Having raised over $100M, Safe is growing over 200% year over year, consecutively for the last three years and serves some of the largest global enterprises.

Read More

Platform Security, Software Security, Cloud Security

Uptycs Continues Momentum in Helping Customers Achieve Security Operations Excellence with AWS

Globenewswire | July 28, 2023

Uptycs, provider of the first unified CNAPP and XDR platform, today announced it’s now part of the Amazon Web Services (AWS) Public Sector Partner (PSP) Program. The AWS PSP Program helps AWS Partners grow their public sector business through alignment with AWS public sector sales, marketing, funding, capture, and proposal terms. “We are delighted to be working with AWS to solve customers’ cloud security challenges, increase security operations efficiency, and protect developer environments as they move code from their workspaces into AWS production environments,” said Ganesh Pai, CEO and co-founder of Uptycs. Uptycs has built an integration with AWS Control Tower, which simplifies AWS experiences by orchestrating multiple AWS services on a customer’s behalf while maintaining the security and compliance needs of their organization. Leveraging the workflow with AWS Control Tower, Uptycs' deep integration with AWS Systems Manager allows organizations to achieve comprehensive security controls while reducing operational overhead in their Uptycs deployment. “Many organizations, especially in the public sector, are looking for ways to cost-effectively scale their cloud security program. Our integration with AWS Control Tower and AWS Systems Manager, along with our more unified shift up approach, delivers a more efficient way to improve customers’ security posture across cloud environments,” Pai said. Additionally, Uptycs also recently announced the achievement of AWS Security Competency Status, and an integration with the Amazon Security Lake. “Our model is proven to better support cybersecurity teams thanks to what we’ve already achieved for our public sector customers, as well as enterprise and commercial organizations,” Pai said. “Now, we’re even better at helping our customers reduce operational burden, and strengthen their threat detection, remediation, and forensic capabilities.” About Uptycs Uptycs, the first unified CNAPP and XDR platform, reduces risk by prioritizing responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across clouds, containers, servers, and endpoints—all from a single UI. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture. Get started with agentless coverage, then add runtime protection, and advanced remediation and forensics.

Read More

Enterprise Security, Platform Security, Software Security

BigID Unveils Industry-First AI as a Copilot to Navigate and Adapt to the World of Generative AI

PR Newswire | August 09, 2023

BigID, the leading platform for data security, privacy, compliance, and governance, today announced native AI support to copilot organizations' innovation and adoption of generative AI: revolutionizing data management and security. With BigID's AI, organizations can now achieve better data visibility, clarity, and organization to accelerate their ability to improve their data security posture, wherever their data lives. To effectively safeguard critical data, security teams need comprehensive visibility and understanding of their data assets, relying on an updated and comprehensive data inventory. Legacy tools leave organizations with fragmented perspectives, lacking the context needed to identify data requiring protection. BigID accelerates organizations of all sizes to get the most out of AI - and adapt & innovate while they're doing it. Benefits at a Glance: Get Better Data Clarity: Automatically assign easy-to-understand names and business terms to data tables and columns for better insight into sensitivity and business value. Intelligently Organize Your Data: Quickly group similar types of documents and apply human readable titles and descriptions. Accelerate Risk Reduction: Generate summaries of data security posture management, automate risk assessments, and get recommended actions based on the data itself. Govern large language models (LLMs) securely: Reduce risk of adapting AI by flag, tag, and labelling LLM data as safe for use - ensuring these models aren't being trained on personal, sensitive, regulated, or private information. "With BigID's AI-driven automation, customers can now effortlessly navigate their data landscape, prioritize security efforts, and gain a level of clarity that was previously unattainable," said Tyler Young, CISO of BigID. "The world of generative AI brings risk and uncertainty around security - BigID makes it easy to innovate and adapt AI - all while decreasing the attack surface." About BigID BigID enables organizations to know their enterprise data and take action for data-centric security, privacy, compliance, and governance. Customers deploy BigID to proactively discover, manage, protect, and get more value from their regulated, sensitive, and personal data across their data landscape. BigID has been recognized for its data intelligence innovation as a 2019 World Economic Forum Technology Pioneer, named to the 2021 Forbes Cloud 100, the 2021 Inc 5000 as the #19th fastest growing company and #1 in Security, the 2021 and 2022 Deloitte 500, and an RSA Innovation Sandbox winner. Find out more at https://bigid.com.

Read More

Enterprise Security, Platform Security, Software Security

Safe Security Joins MITRE Engenuity's Center for Threat-Informed Defense

Prnewswire | July 06, 2023

Safe Security, the AI-Driven Cyber Risk Management company, announced today that it has joined the Center for Threat-Informed Defense (Center), operated by MITRE Engenuity, as a Research Sponsor. This partnership will enhance the organization's ability to develop resources to protect against cyberattacks through its unique approach to public interest collaborative research and development (R&D). "We are proud to announce our partnership with the Center as a research sponsor and are excited to share our expertise to drive cybersecurity innovation," said Vidit Baxi CISO and Co-founder at Safe Security. "The Center promotes the co-development of new tools, techniques, and strategies to address challenges in today's highly vulnerable ecosystem. This program allows us to contribute and support global community engagement efforts in understanding and communicating cyber risk. Alongside industry members, we can better articulate and mitigate cyber risks, prioritize specific threat-informed actions to prevent breaches, ultimately contributing to the advancement and improvement of cyber defense." In 2019, MITRE Engenuity was established as a subsidiary of the MITRE Corporation amid a noticeable shift in R&D investments moving towards the private sector. Recognizing that vital industry investments may become overwhelmed in the conceptual phase without proper guidance, the subsidiary aims to ensure effective implementation through nurturing and radical collaboration. Operating within the dynamic cybersecurity landscape, MITRE Engenuity brings together experts, organizations, and investors in a non-competitive environment to foster generational impact for the public good. SAFE's research collaboration will build on the MITRE ATT&CK® framework, forming the foundation for a threat-informed defense approach to counter the latest techniques leveraged by today's most advanced threat actors. The Center also works to provide defenders with a deep understanding of adversary tradecraft and advances in developing countermeasures to prevent, detect, and mitigate modern threats by identifying trends in attacker behavior that can inform the threat intelligence community. Using its AI-fueled cyber risk cloud of clouds platform for predicting and preventing cyber breaches, SAFE evaluates the efficacy of cyber controls by automatically mapping common vulnerabilities and exposures (CVEs) and cyber controls across the kill chain using the MITRE ATT&CK and D3FEND frameworks. This approach enables CISOs to visualize and assess cybersecurity. Predictive data models co-developed with MIT empower CISOs to translate the bits and bytes of cyber risk into dollars and cents, allowing them to communicate these risks to the board effectively and all risk stakeholders. SAFE delivers a data-driven, real-time solution for measuring, managing, and mitigating cyber risk. It gives organizations an aggregated view of enterprise security risk by collating disparate cyber signals for single visibility across their attack surface, technology, people, and third parties. SAFE is dedicated to working with the Center in its continuous efforts to make meaningful contributions to the cybersecurity community, enabling organizations to move from a reactive state to a predictive posture to understand the likelihood of different cyber risk scenarios. "The Center for Threat-Informed Defense serves as a hub for top-tier security teams worldwide to collaborate on identifying and resolving the most pressing challenges confronting cyber defenders," said Jonathan Baker, Co-Founder and Director of the Center for Threat-Informed Defense. "We are thrilled to have Safe Security on board as we strengthen our collective understanding of adversary behaviors and our ability to thwart cyber attacks." About The Center for Threat-Informed Defense The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The center's mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the center builds on MITRE ATT&CK, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the center operates for the public good, outputs of its research and development are available publicly and for the benefit of all. For more information, contact ctid@mitre-engenuity.org. About Safe Security Safe Security is the leader in cyber risk management SaaS platforms. It has redefined cyber risk measurement and management with its real time, data-driven approach that empowers enterprise leaders, regulators, and cyber insurance carriers to understand cyber risk in an aggregated and granular manner. Using SAFE's predictive AI-driven data models, co-developed with MIT, customers are now empowered to translate the bits and bytes of cyber risk into dollars and cents so that they can prioritize their cyber investments to most effectively mitigate their risk and understand the return on security investments. Having raised over $100M, Safe is growing over 200% year over year, consecutively for the last three years and serves some of the largest global enterprises.

Read More

More featured news