Classified in: Health, Science and technology
Subject: LAW

HITRUST Responds to White House RFI for Harmonization of Cyber Frameworks

HITRUST comments that harmonization through public and private industry partnership requires appropriate assurance for consistent outcomes

FRISCO, Texas, Oct. 30, 2023 /PRNewswire/ -- HITRUST, the information risk management, standards, and certification body, today submitted comments in response to the White House Request for Information (RFI) on Cyber Regulatory Harmonization.

The Office of the National Cyber Director (ONCD) invited public comments to identify opportunities and challenges to harmonize cybersecurity regulations for critical infrastructure. The RFI aims to create a harmonization framework that represents reciprocity of baseline cyber requirements that are aligned across all critical infrastructure sectors. Harmonization?which the RFI defines as, "a common set of updated baseline regulatory requirements that would apply across sectors"?is a complex, yet achievable undertaking.

Since its founding in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations in the healthcare and public health (HPH) sector, other critical and non-critical industries, and throughout the third-party supply chain in both the U.S. and internationally. Practical and achievable harmonization is fundamental to HITRUST, and the HITRUST CSF is continuously updated with more than 40 authoritative sources, including National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, NIST SP 800-171, International Standards Organization and International Electrotechnical Commission (ISO/IEC) Standard 27001 (ISO/IEC 27001), and Health Insurance Portability and Accountability Act (HIPAA) security requirements.

HITRUST provided feedback to questions on the opportunities and challenges to harmonize cybersecurity regulations based on its 15+ years of experience supporting, reviewing, and certifying thousands of security assessments for healthcare and other critical infrastructure sectors.

"While voluntary approaches to securing critical infrastructure have resulted in measurable improvement, they have not proven consistent across all critical infrastructure sectors or even within them," said Robert Booker, Chief Strategy Officer, HITRUST. "HITRUST's experiences, and those of the hundreds of security assessor firms with whom we work, demonstrate that the issue for cyber harmonization is not the standards and regulations alone. We suggest that high-quality, robust and consistent assurance mechanisms are equally important, if not more important, to achieving adequate and consistent cybersecurity outcomes for all security regulations. Outcomes are only achieved where results are evaluated and measured."

HITRUST's experience suggest that a harmonization framework requires:

Approaches where accepted best practices are aligned with reliable assurances
Reciprocity, including reliance on private sector assurances as a critical component of effective harmonization
Accreditation of third party assessors involved in cybersecurity assurance supported by an established and transparent quality system
Reliance expectations that include transparency, scalability, consistency, accuracy, and integrity

"Quality and transparency from companies issuing security certifications is essential to achieving the stated goals of harmonization and are the foundation of HITRUST assurances," said Booker. "The benefits of cybersecurity from a harmonized framework must include mechanisms for practical implementation, controls to be selected and specifically applied, and implementation maturity to be transparently scored."

For additional perspective visit HITRUST's Harmonization of Cyber Frameworks Executive Summary here.

About HITRUST

Since it was founded in 2007, HITRUST has championed programs that safeguard sensitive information and manage information risk for organizations across all industries and throughout the third-party supply chain. In collaboration with privacy, information security, and risk management leaders from the public and private sectors, HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks as well as related assessment and assurance methodologies. For more information, visit www.hitrustalliance.net.

For media inquiries:?
Leslie Kesselring
Kesselring Communications for HITRUST
[email protected]
503-358-1012

SOURCE HITRUST Services Corp.

These press releases may also interest you

22 mar 2025	Certain Habibi's Mediterranean brand dips recalled due to undeclared peanut
	Product: Dips Issue: Food - Allergen ? Peanut Distribution: AlbertaBritish ColumbiaPossibly other provinces and territories See the affected products and product photos for this recall SOURCE Canadian Food Inspection Agency (CFIA)
22 mar 2025	Nature Cell's JointStem Becomes the First Korean Company to Acquire Breakthrough Therapy Designation from the U.S. FDA
	-The first Korean company granted Breakthrough Therapy Designation (BTD) from the U.S. FDA-Clinical trials and results from a three-year follow-up show significant improvements compared to existing treatments-The BTD designation, achieved following...
22 mar 2025	Canadian Dental Care Plan expands to include millions of new eligible Canadians
	Investing in Canadians' health is key to building a stronger Canada. In its first year, the Canadian Dental Care Plan (CDCP) has significantly improved access to affordable dental care. More than 3.4 million Canadians were approved to be part of the...
22 mar 2025	Eatlove brand Organic Almond Butter Cup recalled due to undeclared peanut
	Product: Organic Almond Butter Cup Issue: Food - Allergen ? Peanut Distribution: National Online See the affected products and product photos for this recall SOURCE Canadian Food Inspection Agency (CFIA)
22 mar 2025	Prime Biome Alerts Consumers About Misleading Third-Party Resellers and Reinforces Commitment to Product Integrity
	The official brand behind Prime Biome has issued a public advisory regarding unauthorized third-party resellers misrepresenting the product online. Reports of unverified vendors listing non-official versions of Prime Biome across various platforms...
22 mar 2025	Burrell College of Osteopathic Medicine Celebrates 144 Students Matching into Residencies for the Class of 2025
	Burrell College of Osteopathic Medicine celebrated its Match Day on March 21, 2025, with 144 students securing residencies across various medical specialties, marking a significant milestone for the institution....
	More news about Health...

News published on 30 october 2023 at 08:00 and distributed by:

HITRUST Responds to White House RFI for Harmonization of Cyber Frameworks

These press releases may also interest you

Le Lézard

Others sections

Follow us