HITRUST CSF

The HITRUST CSF is a prescriptive control framework with three assessment tiers: e1 (essentials, ~44 controls), i1 (implemented, ~182 controls), and r2 (risk-based, scaled, often 300+ requirement statements). Widely required by U.S. healthcare payers and increasingly adopted outside healthcare for unified compliance.