Le Lézard
Classified in: Health, Science and technology
Subject: LAW

HITRUST Responds to White House RFI for Harmonization of Cyber Frameworks

HITRUST comments that harmonization through public and private industry partnership requires appropriate assurance for consistent outcomes

FRISCO, Texas, Oct. 30, 2023 /PRNewswire/ -- HITRUST, the information risk management, standards, and certification body, today submitted comments in response to the White House Request for Information (RFI) on Cyber Regulatory Harmonization.

HITRUST Responds to White House RFI for Harmonization of Cyber Frameworks

The Office of the National Cyber Director (ONCD) invited public comments to identify opportunities and challenges to harmonize cybersecurity regulations for critical infrastructure. The RFI aims to create a harmonization framework that represents reciprocity of baseline cyber requirements that are aligned across all critical infrastructure sectors. Harmonization?which the RFI defines as, "a common set of updated baseline regulatory requirements that would apply across sectors"?is a complex, yet achievable undertaking.

Since its founding in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations in the healthcare and public health (HPH) sector, other critical and non-critical industries, and throughout the third-party supply chain in both the U.S. and internationally. Practical and achievable harmonization is fundamental to HITRUST, and the HITRUST CSF is continuously updated with more than 40 authoritative sources, including National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, NIST SP 800-171, International Standards Organization and International Electrotechnical Commission (ISO/IEC) Standard 27001 (ISO/IEC 27001), and Health Insurance Portability and Accountability Act (HIPAA) security requirements.

HITRUST provided feedback to questions on the opportunities and challenges to harmonize cybersecurity regulations based on its 15+ years of experience supporting, reviewing, and certifying thousands of security assessments for healthcare and other critical infrastructure sectors. 

"While voluntary approaches to securing critical infrastructure have resulted in measurable improvement, they have not proven consistent across all critical infrastructure sectors or even within them," said Robert Booker, Chief Strategy Officer, HITRUST. "HITRUST's experiences, and those of the hundreds of security assessor firms with whom we work, demonstrate that the issue for cyber harmonization is not the standards and regulations alone. We suggest that high-quality, robust and consistent assurance mechanisms are equally important, if not more important, to achieving adequate and consistent cybersecurity outcomes for all security regulations. Outcomes are only achieved where results are evaluated and measured."

HITRUST's experience suggest that a harmonization framework requires:

"Quality and transparency from companies issuing security certifications is essential to achieving the stated goals of harmonization and are the foundation of HITRUST assurances," said Booker. "The benefits of cybersecurity from a harmonized framework must include mechanisms for practical implementation, controls to be selected and specifically applied, and implementation maturity to be transparently scored."

For additional perspective visit HITRUST's Harmonization of Cyber Frameworks Executive Summary here.


Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.

For media inquiries:?
Leslie Kesselring
Kesselring Communications for HITRUST
[email protected]


These press releases may also interest you

at 20:34
The Honourable Mark Holland, Minister of Health, will make an announcement related to An Act Respecting Pharmacare. There will be a virtual media technical briefing with Government of Canada officials prior to the press conference. DateFebruary 29,...

at 19:30
The "Protein Expression Market - A Global and Regional Analysis: Focus on Application, End User, Product, Expression System, and Region - Analysis and Forecast, 2023-2033" report has been added to  ResearchAndMarkets.com's offering. The global...

at 19:20
Genomma Lab Internacional, S.A.B. de C.V. (BMV: LABB) ("Genomma Lab" or "the Company"), one of the leading pharmaceutical and personal care product companies in Mexico with an expanding international presence, today announced that MSCI, one of the...

at 19:15
The "Europe Cell and Gene Therapy Manufacturing QC Market: Analysis and Forecast, 2023-2033" report has been added to  ResearchAndMarkets.com's offering. The Europe cell and gene therapy manufacturing Quality Control (QC) market is expected to reach...

at 19:00
More than ever, young girls are being exposed to adult skincare content, and it's creating societal pressure for them to adopt unnecessary anti-ageing skincare regimens before they've even grown up. To view the Multimedia New Release, Please click:...

at 18:57
CalciMedica Inc. (CalciMedica or the Company) , a clinical-stage biopharmaceutical company focused on developing novel calcium release-activated calcium (CRAC) channel inhibition therapies for acute and chronic inflammatory and immunologic diseases,...

News published on and distributed by: