Changeflow GovPing Security Framework HITRUST CSF v11.6 Assessment Creation Deadline
Priority review Notice Amended Final

HITRUST CSF v11.6 Assessment Creation Deadline

Favicon for hitrustalliance.net HITRUST News & Advisories
Published August 22nd, 2025
Detected March 13th, 2026
Email

Summary

HITRUST has announced that effective August 22, 2025, all new e1 and i1 assessments must be created using CSF v11.6.0. Existing assessments using v11.5.1 can still be submitted, with a future deadline to be announced.

View original document View source feed page

What changed

HITRUST has mandated that as of August 22, 2025, all new e1 and i1 assessments, including i1 rapid assessments, must be created using the HITRUST CSF v11.6.0 framework. This change disables the creation of new assessments using the older v11.5.1 version within the MyCSF platform.

Organizations currently using CSF v11.5.1 for existing e1 and i1 assessments will still be able to submit them after the August 22, 2025 deadline. However, HITRUST will provide at least 90 days' notice before establishing a final submission deadline for assessments created with versions v11.0.0 through v11.5.1. Compliance officers should ensure their teams are aware of this transition and begin creating new assessments with v11.6.0.

What to do next

  1. Ensure all new e1 and i1 assessments are created using HITRUST CSF v11.6.0 from August 22, 2025.
  2. Monitor for future announcements regarding the submission deadline for existing assessments using older versions (v11.0.0 - v11.5.1).

Source document (simplified)

Resources > News > HAA 2025-004 HITRUST CSF v11.5 Creation Deadline for e1 and i1 Assessments

HAA 2025-004 HITRUST CSF v11.5 Creation Deadline for e1 and i1 Assessments

Impacted Policy/Program Name HITRUST Assurance Program

Advisory Type Assurance Change

HITRUST Framework (CSF)

August 22, 2025

Overview

Upon the release of CSF v11.6.0 all new e1 and i1 assessments must be created using CSF v11.6.0.

Details
  • Effective August 22, 2025, the ability to create new e1 and i1 assessment objects, including i1 rapid assessments, in MyCSF using CSF v11.5.1 has been disabled. All new e1, i1, and rapid assessments must be created using CSF v11.6.0.
  • Existing e1 and i1 assessments using CSF v11.5.1 can continue to be submitted after August 22, 2025. HITRUST will announce the submission deadline for e1 and i1 assessments using v11.0.0 through v11.5.1 a minimum of 90 days in advance.
e1 and i1 Assessment Change Summary

No changes have been made to the e1 and i1 assessment requirement statements between v11.5.1 and v11.6.0.

Additional Resources

For any additional questions, please contact our Support team or a HITRUST Customer Success Manager (CSM).

You may also be interested in:

Jan 13, 2026

HAA 2026-001 - Assessment Handbook v1.2 Release

Read Now Dec 18, 2025

HAA 2025-006 HITRUST CSF v11.6 Creation Deadline for e1 and i1 Assessments

HITRUST Framework (CSF) Read Now Dec 18, 2025

HAA 2025-005 HITRUST CSF Version 11.7.0 Release

HITRUST Framework (CSF) Read Now << Back to News [Next

Advisory](/) >>

Subscribe to get updates,

news, and industry information.

Subscribe

Related changes

Favicon for www.gov.uk Export Licence Transmission Issue Resolved
Routine Mar 14, 2026 ECJU Notices to Exporters Trade & Export
Favicon for www.gov.uk Humanitarian Assistance Exception Notification for Petroleum Products
Priority review Mar 13, 2026 OFSI All Publications Trade & Export
Favicon for www.apra.gov.au APRA Releases Quarterly ADI Statistics for December 2025
Routine Mar 13, 2026 news-and-publications Government
Favicon for www.cisa.gov CISA Adds Two Exploited Vulnerabilities to KEV Catalog
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.cisa.gov CISA: Ignition Software Vulnerable to Code Execution
Priority review Mar 13, 2026 CISA ICS-CERT Advisories Government
Favicon for www.gao.gov GAO Report on DOD Cybersecurity Maturity Model Certification Program
Priority review Mar 13, 2026 GAO Reports & Testimonies Government Accountability

Source

Favicon for hitrustalliance.net
HITRUST News & Advisories hitrustalliance.net/news
Security Framework
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
Various
Published
August 22nd, 2025
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Healthcare providers Technology companies
Geographic scope
National (US)

Taxonomy

Primary area
Cybersecurity
Operational domain
Compliance
Topics
Information Security Compliance

Browse Categories

Federal Courts 26 State Courts 91 Securities Regulation 6 Financial Regulation 43 Consumer Protection 5 Drug Safety 45 Data Protection 21 Competition 2 Attorneys General 3 Insurance Regulation 5 Trade & Export 36 Legislation 42 Energy Regulation 13 Environment 3 Labor & Employment 2 Tax 1

Get Security Framework alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when HITRUST News & Advisories publishes new changes.

Free. Unsubscribe anytime.