HITRUST News & Advisories

HITRUST Assessment Handbook v1.2 Updates Released

HITRUST has released version 1.2 of its Assessment Handbook, introducing updates to procedures for evidence generation, testing expectations, reporting, and inheritance eligibility. These changes will be enforced for assessments submitted on or after April 15, 2026.

HITRUST CSF v11.7.0 Release Notes

HITRUST has released version 11.7.0 of its Common Security Framework (CSF), effective December 18, 2025. This update includes new authoritative sources, consolidation of requirement statements, and modifications to the e1 and i1 assessment baselines.

HITRUST CSF v11.6 Assessment Creation Deadline

HITRUST has announced deadlines for creating and submitting e1 and i1 assessments using CSF v11.6.0. The ability to create new assessments using v11.6.0 will be disabled on March 31, 2026, and submission will be disabled on June 30, 2026.

HITRUST CSF v11.6 Assessment Creation Deadline

HITRUST has announced that effective August 22, 2025, all new e1 and i1 assessments must be created using CSF v11.6.0. Existing assessments using v11.5.1 can still be submitted, with a future deadline to be announced.

HITRUST 2025 H2 Threat Analysis on AI Tactics and Assessments

HITRUST released its 2025 H2 Cyber Threat Adaptive Report, indicating that its e1, i1, and r2 assessments effectively mitigate top attack techniques, including AI-driven tactics. The report analyzed threat indicators, intelligence articles, and breaches, mapping data to the MITRE ATT&CK framework.