Changeflow GovPing Security Framework HITRUST CSF v11.6 Assessment Creation Deadline
Priority review Notice Amended Final

HITRUST CSF v11.6 Assessment Creation Deadline

Favicon for hitrustalliance.net HITRUST News & Advisories
Published December 18th, 2025
Detected March 13th, 2026
Email

Summary

HITRUST has announced deadlines for creating and submitting e1 and i1 assessments using CSF v11.6.0. The ability to create new assessments using v11.6.0 will be disabled on March 31, 2026, and submission will be disabled on June 30, 2026.

View original document View source feed page

What changed

HITRUST is issuing a notice regarding the sunsetting of CSF v11.6.0 for e1 and i1 assessments. Upon the release of CSF v11.7.0 on December 18, 2025, a transition period will begin. During this period, users can create assessments using either v11.6.0 or v11.7.0. However, the creation of new e1 and i1 assessments using v11.6.0 will be disabled effective March 31, 2026.

Organizations utilizing CSF v11.6.0 must ensure their assessments are submitted by June 30, 2026. After this date, any unsubmitted assessments using v11.6.0 or earlier will need to be upgraded to v11.7.0 or later to be submitted to HITRUST. This change impacts entities that have not yet migrated to the latest CSF version for their e1 and i1 assessments.

What to do next

  1. Create new e1/i1 assessments using CSF v11.7.0 or later after March 31, 2026.
  2. Submit all existing e1/i1 assessments created with CSF v11.6.0 or earlier by June 30, 2026.
  3. Upgrade any unsubmitted v11.6.0 or earlier assessments to v11.7.0 or later to enable submission after June 30, 2026.

Source document (simplified)

Resources > News > HAA 2025-006 HITRUST CSF v11.6 Creation Deadline for e1 and i1 Assessments

HAA 2025-006 HITRUST CSF v11.6 Creation Deadline for e1 and i1 Assessments

Impacted Policy/Program Name HITRUST Assurance Program

Advisory Type Assurance Change

HITRUST Framework (CSF)

December 18, 2025

Overview

Upon the release of CSF v11.7.0, HITRUST is announcing the deadline for creating and submitting e1 and i1 assessments using CSF v11.6.0 and earlier.

Details
  • Between the release of v11.7.0 on December 18, 2025 and March 31, 2026, e1 and i1 assessments may be created using either v11.6.0 or v11.7.0.
  • Effective March 31, 2026, the ability to create new e1 and i1 assessments using CSF v11.6.0 will be disabled.
  • Effective June 30, 2026, the ability to submit e1 and i1 assessments using CSF v11.6.0 and earlier will be disabled.
    • Effective as of the release of this advisory, the QA Reservation system will not allow the selection of a submission date after June 30, 2026 when booking a reservation for an e1 or i1 assessment object using v11.6.0 or earlier.
    • As of June 30, 2026, any unsubmitted e1 and i1 assessment objects utilizing v11.6.0 and earlier will be marked with a MyCSF banner indicating that they cannot be submitted to HITRUST for processing. These assessments must be upgraded to v11.7.0 or later in order to be submitted to HITRUST.
e1 and i1 Assessment Change Summary

See HAA 2025-005 CSF Version 11.7.0 Release for the details of changes to the e1 and i1 requirement statements.

Additional Resources

For any additional questions, please contact our Support team or a HITRUST Customer Success Manager (CSM).

You may also be interested in:

Jan 13, 2026

HAA 2026-001 - Assessment Handbook v1.2 Release

Read Now Dec 18, 2025

HAA 2025-005 HITRUST CSF Version 11.7.0 Release

HITRUST Framework (CSF) Read Now Aug 22, 2025

HAA 2025-003 HITRUST CSF Version 11.6.0 Release

HITRUST Framework (CSF) Read Now << Back to News [Next

Advisory](/) >>

Subscribe to get updates,

news, and industry information.

Subscribe

Related changes

Favicon for www.gov.uk Export Licence Transmission Issue Resolved
Routine Mar 14, 2026 ECJU Notices to Exporters Trade & Export
Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.priv.gc.ca Privacy Commissioner concludes Loblaw loyalty program investigation
Priority review Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.priv.gc.ca Global Data Protection Authorities Statement on AI Imagery Privacy
Priority review Mar 13, 2026 Canada OPC News & Actions Government
Favicon for www.priv.gc.ca Privacy Commissioner Recommends Bill C-4 Amendments for Political Party Privacy
Priority review Mar 13, 2026 Canada OPC News & Actions Government

Source

Favicon for hitrustalliance.net
HITRUST News & Advisories hitrustalliance.net/news
Security Framework
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Published
December 18th, 2025
Compliance deadline
June 30th, 2026 (108 days)
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Healthcare providers Technology companies
Geographic scope
National (US)

Taxonomy

Primary area
Data Privacy
Operational domain
Compliance
Topics
Cybersecurity Compliance

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Security Framework alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when HITRUST News & Advisories publishes new changes.

Free. Unsubscribe anytime.