🇺🇸 Live Medical Devices & Diagnostics

HITRUST Common Security Framework v11

Certifiable security framework harmonising requirements from regulations and standards including HIPAA, NIST, and ISO 27001. Applies to healthcare organisations and their business associates handling sensitive data.

14

Rules extracted

137

Obligations decomposed

9.8x

Avg obligations per rule

🇺🇸 United States

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

14

Rules

Decomposed

137

Obligations

9.8x

Decomposition ratio

Each rule is decomposed into an average of 9.8 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 137 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in HITRUST CSF v11 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
HITRUST Common Security Framework v11
Regulatory body
HITRUST Alliance
Jurisdiction
🇺🇸 United States
Document type
standard
Effective date
January 1, 2023
Industry
Medical Devices & Diagnostics

Who this applies to

healthcare organizationsfinancial institutionstechnology companiesany organization processing sensitive data

Key requirements

  • 14 control categories
  • 49 control objectives
  • 156 control specifications
  • three assessment types (e1/i1/r2)
  • five maturity levels
  • maps to 50+ authoritative sources
  • risk-based approach
  • ISO 27001 aligned

Frequently asked questions about HITRUST CSF v11

What is HITRUST CSF v11?
Certifiable security framework harmonising requirements from regulations and standards including HIPAA, NIST, and ISO 27001. Applies to healthcare organisations and their business associates handling sensitive data.

Who does HITRUST CSF v11 apply to?
HITRUST CSF v11 applies to healthcare organizations, financial institutions, technology companies, any organization processing sensitive data.

How many obligations does HITRUST CSF v11 contain?
AuditDSS has decomposed HITRUST CSF v11 into 137 atomic obligations from 14 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of HITRUST CSF v11?
The key requirements include: 14 control categories, 49 control objectives, 156 control specifications, three assessment types (e1/i1/r2), five maturity levels, maps to 50+ authoritative sources, risk-based approach, ISO 27001 aligned.

How can I assess my HITRUST CSF v11 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 137 HITRUST CSF v11 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces HITRUST CSF v11?
HITRUST CSF v11 is enforced in United States by HITRUST Alliance.

When did HITRUST CSF v11 come into effect?
HITRUST CSF v11 became effective on January 1, 2023.

What industry does HITRUST CSF v11 apply to?
HITRUST CSF v11 is primarily relevant to the Medical Devices & Diagnostics industry. AuditDSS covers 64 regulations in this industry sector.

Build a HITRUST CSF v11 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for HITRUST CSF v11 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering HITRUST CSF v11 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine HITRUST CSF v11 with other regulations into a single unified compliance pack for your business.

Build HITRUST CSF v11 compliance pack

Already have a policy? Assess it against HITRUST CSF v11

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 137 obligations

Your document is scored against every obligation in HITRUST CSF v11. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Medical Devices & Diagnostics

🇺🇸 Live

Anti-Kickback Statute

38 rules, 1,238 obligations
🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

SOCI Act 2018

10 rules, 32 obligations
🇦🇺 Live

TGA Act 1989

13 rules, 199 obligations

Assess your HITRUST CSF v11 compliance

Upload your document and get a risk-scored gap analysis against 137 HITRUST CSF v11 obligations in under 5 minutes.

Start assessment Browse all regulations