Search
Related topics are listed below.
CAP Management
Analytics » Dashboards » CAPs » CAP Management
View all of the statuses of each Statement that have been issued a ‘CAP Management’ and the maturity scoring from these Statements. CAPs – Find all of the deficiencies you have made in your Assessment and review the CAPs placed by your users within…
User Management
Administration » Organization Consolidation » User Management
If you are an Account Administrator within the HITRUST Portal, you have the ability to manage people’s access and information as well as modify their module license. Portal Administration
License Management
Administration » Organization Consolidation » User Management » License Management
Follow the instructions below to manage a user’s module license: From the User Management table, click the ‘Manage’ button at the end of a user’s row. From the modal, you will have the option to assign license modules. License Management …
Subscriber Management
Administration » Subscriber Management
Depending on the Subscription Level access you have to MyCSF, the Subscriber Management page, is where you can manage and access your account’s ‘People’, ‘API Users’, ‘Custom Security Roles’, ‘Assessments’, ‘Links to HAX’, and ‘IP…
People Management
Administration » People Management
If you are an Account Administrator within your Organization, you have the ability to manage people’s access as well as modify their Assessment permissions. If you are wishing to elevate or decrease a user’s Administrative rights, click here for instructions. Or,…
Attaching the Management Representation Letter
Documents » Attaching the Management Representation Letter
Every Assessment submitted to HITRUST must include a Management Representation Letter executed on your Organization’s Letterhead, signed by the appropriate level of management overseeing the Assessment, and dated the last day of testing. 1. On the sidebar, click the…
Administration
Administration
The Administration page is where you manage your Account(s). If you are an Account Administrator for one or multiple accounts, this is where you can access each account. If you are an Account Administrator for one account, then you will be directed to your…
Managing Your CAP Repository’s Access
Corrective Action Plans (CAPs) » Managing Your CAP Repository’s Access
By Default, only Account Administrators are permitted to both view and edit an Organization’s CAP Repository as well as add/link CAPs to an Assessment. However, an Account Administrator can delegate these privileges to Standard Users within their entity in a few…
Edit Existing User in the Portal
Administration » Organization Consolidation » User Management » Edit Existing User in the Portal
Follow the instructions below to edit an existing user in your Portal Account: From the User Management table, click the edit icon adjacent to the user’s name. From the modal, you will have the option to edit the user’s first name, last name, role, toggle…
Adding a New Person to the Portal
Administration » Organization Consolidation » User Management » Adding a New Person to the Portal
Follow the instructions below to add a new person to your Portal Account: From the Portal Administration page, click the ‘Add Person’ button on the User Management table. From the modal, enter the ‘First Name’, ‘Last Name’, and ‘Email’. Click the…
Configuring a User as a HITRUST CSF practitioner
Internal Assessors » Configuring a User as a HITRUST CSF practitioner
A requirement of the Internal Assessor program is that all users performing Internal Assessor duties must be an active HITRUST CSF Certified Practitioner (CCSFP). In order to have a user validated as a CCSFP, the Account Administrator from your organization must…
Adding a New Person
Administration » Subscriber Management » Adding a New Person
If you are wishing to add a new person to your MyCSF Account, please follow the steps below: From the Homepage, click the ‘Administration’ button at the top Menu bar or below your Subscription Information. From the Subscriber Management page, click the ‘+ Add…
Administrating Organization Accounts
Administration » Organization Consolidation » Administrating Organization Accounts
A green “Admin” button has been added to the HITRUST application landing page (see Figure 1, top right corner). The administration function is only viewable to users with Administrator roles as determined by their Organization. Figure 1: Selecting the…
Adding a New Custom Role
Administration » Subscriber Management » Adding a New Custom Role
If you have a Corporate Level Subscription or above and you are wishing to add a new custom role to your MyCSF Account, please follow the steps below: From the Homepage, click the ‘Administration’ button at the top Menu bar or below your Subscription…
Adding a New API User
Administration » Subscriber Management » Adding a New API User
If you are wishing to add a new API User to your MyCSF Account, please follow the steps below: From the Homepage, click the ‘Administration’ button at the top Menu bar or below your Subscription Information. From the Subscriber Management page, click the ‘+…
Managing Administrative Roles
Administration » People Management » Managing Administrative Roles
Follow the instructions below to manage a user’s Administrative Role. From the Homepage, click the ‘Administration’ button at the at the top Menu bar or below your Subscription Information. Click on the name you wish to update. From the People Management…
Controlling Assessment Roles
Administration » People Management » Controlling Assessment Roles
Follow the instructions below to manage a user’s Assessment Privileges. From the Homepage, click the ‘Administration’ button at the at the top Menu bar or below your Subscription Information. Click on the name of the Assessment you wish to update. From the…
Creating a New Assessment
Pre-Assessment » Creating a New Assessment
If you are an Account Administrator, you’ll be able to simply add a new Assessment directly through the homepage of MyCSF. From the MyCSF Homepage, click the ‘+ Create Assessment’ button on the ‘Assessments’ table found under the Organization panel. You…
External Inheritance
Inheritance » External Inheritance
External Inheritance allows users to “inherit” assessment results that are shared by the same or different organizational entity. Access and use of external inheritance is subject to the following requirements and available functionality: The owner of the…
Selecting Your Assessment
Homepage » Selecting Your Assessment
After setting your Organization an Assessment table will appear with all of the Assessments within your account. Atop the ‘Assessments’ table, is a donut chart displaying a consolidation of the statuses of your Assessments. Click on portions of the donut chart to…
Documents
Documents
Support the findings in your Assessment with the linking of evidence. A built-in Repository allows for documents to be referenced while scoring an Assessment Statement. 1. From the Assessment Homepage, there is a ‘Documents’ label on the left Sidebar. …
Answering Requirement Statements
Internal Assessors » Answering Requirement Statements
By Default, all Requirement Statements will be inherently owned by Management. If you wish to provide the scoring as an Internal Assessor, you can either designate individual Requirement Statements or entire Assessment Domains as having be addressed by an Internal…
MyCSF Application
MyCSF Application
MyCSF is a full-featured Assessment Application that streamlines the compliance and risk management process. Simplistic in design, the tool efficiently helps manage all of your HITRUST CSF Assessments and Implementations. Homepage of MyCSF
Internal Inheritance
Inheritance » Internal Inheritance
Internal Inheritance allows users to “inherit” assessment results that are shared by the same internal organizational entity. Access and use of internal inheritance is subject to the following requirements and available functionality: The owner(s) of both the…
Assessment Questionnaire
Assessment Questionnaire
After completing the Scope of your Assessment, you can begin answering the questions that have been generated based on your scope. Topics range from: Completing an Assessment, Marking Not-Applicable, Assigning a User, CAP Management, Authoritative Sources, Assessment…
Measure & Managed
Analytics » Reports » Internal Reports » Measure & Managed
Find each Domain name and the Statements for the Measured and Managed Scores that have been taken by management. Measure and Managed After authenticating through the ‘MyCSF Portal’, click on ‘Analytics’ in the top Menu bar. Once pressed, choose…
First Login and Authentication
HITRUST Portal » Logging in to the HITRUST Portal » First Login and Authentication
If this is your first-time logging into the HITRUST Portal, follow the steps below to locate and change the temporary password associated with your MyCSF Account. Locate the email with the subject line: “HITRUST Login Registration – Account Lead Created” from…
Default Scoring Profile
Pre-Assessment » Scoping an Assessment » Default Scoring Profile
This option allows you to pre-score the maturity values for the Assessment. This is a desirable function for your organizations who have established trends within their Assessment. The Default Scoring Profile values defined will be applied to all Not Started…
Linking Statements and Documents
Assessment Questionnaire » Completing an Assessment » Creating an Offline Assessment » Linking Statements and Documents
If you have documents in your Document Repository and/or have added new documents in the excel spreadsheet, you have the ability to link them to your Assessment Statements. *Please note that Account Admins, Assessment Leads, and Assessors can do the below. 1. From…
Viewing an Assessment
Pre-Assessment » Creating a New Assessment » Viewing an Assessment
From the Hompage of MyCSF, you can view any Assessment that has been generated. To view an Assessment, please follow the steps below to access and view an Assessment within your MyCSF Account. From the Homepage, there is an ‘Assessments’ table that includes…
Corrective Action Plans (CAPs)
Corrective Action Plans (CAPs)
Corrective Action Plans (CAPs) you add through MyCSF are inherently associated with your Organization in what is called the CAP Repository. This is done in an effort to allow you to reuse previously entered CAPs, vastly simplifying the management of these Corrective…
Scoping an Assessment
Pre-Assessment » Scoping an Assessment
The scope of the Assessment is the information about your organization that will be used to narrow down the most precise assessment for your compliance and security needs. Fields marked with red asterisks are mandatory. After authenticating through the HITRUST…
Adding CAPs to a Statement
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment » Adding CAPs to a Statement
For Statements that have been identified as a Gap or as requiring a Corrective Action, CAPs can be added directly from an Assessment Domain. In order to do this, it does require the “Can Manage CAPs” permission to be set if you are not an Account Administrator.…
Linking CAPs to a Statement
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment » Linking CAPs to a Statement
For Statements that have been identified as a Gap or as requiring a Corrective Action, CAPs in your Repository can be linked directly from an Assessment Domain. In order to do this, it does require the “Can Manage CAPs” permission to be set if you are not an…
Completing an Assessment
Assessment Questionnaire » Completing an Assessment
There are many components to completing an assessment. This includes: Answering an Assessment Statement, Assigning Respondents, Related Authoritative Sources, Risk Factors, History Statement Log, Illustrative Procedures, Adding a Document, and CAP Management. …
HITRUST’s Criteria for Submission
Assessment Questionnaire » Submitting an Assessment » HITRUST’s Criteria for Submission
If you have completed all of the Assessments Statements in either your Self or Validated Assessment to HITRUST, please verify that the below is covered before submitting it. 1. Ensure that the following Required Documents have been uploaded with the correct dates as…
Resetting MyCSF Password
HITRUST Portal » Resetting MyCSF Password
If you have forgotten your MyCSF password, please follow the steps below: From the HITRUST Portal, click the ‘Reset Password’ link adjacent to the ‘Login’ button. Enter your email address associated to your MyCSF Account and click the ‘Reset’…
Creating a Custom Assessment Library
Homepage » Creating a Custom Assessment Library
Account Administrators are able to create and manage a Custom Assessment using the HITRUST CSF and its Authoritative Sources using HITRUST provided questions. Please follow the steps below on how to create a customized Assessment Library. From the MyCSF Homepage,…
How To Create/Apply Internal Inheritance Requests
Inheritance » Internal Inheritance » How To Create/Apply Internal Inheritance Requests
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button (yellow underline) to open the Inheritance window. 2. From the ‘Requests’ tab within the Inheritance window, select ‘Internal’ from the…
Cloning an Assessment
Pre-Assessment » Creating a New Assessment » Name & Security » Cloning an Assessment
Cloning an Assessment gives you the ability to transfer all maturity scores, comments, and documents from an existing Assessment into a newly created one. If you wish to complete a new Assessment with existing data from a previous Assessment, follow the instructions…
CAPs
Analytics » Dashboards » CAPs
The CAPs function is prepared by your Assessor Organization and the Assessor as applicable, and will also serve to describe a ‘Corrective Action Plan (CAP)’. These measurements describe the plan to correct deficiencies identified during the Assessment for…
Deleting an Assessment
Pre-Assessment » Creating a New Assessment » Name & Security » Deleting an Assessment
Deleting an Assessment will be permanently removed from MyCSF. Only Account Admins and Assessment Leads have the privilege to delete an Assessment. The status of the Assessment must be ‘Not Started’ or ‘Answering Assessment’, as well as not submitted to the…
Setting IP Restrictions
Administration » Subscriber Management » Setting IP Restrictions
The IP Whitelist can be used to allow an Organization to specify a permitted range of IP Addresses that can be used to access your Organization’s information. To enable IP restrictions, follow the steps below: From the Homepage, click the ‘Administration’…
Time-Based Two Factor Authentication Setup
HITRUST Portal » Configuring Two Factor Authentication » Time-Based Two Factor Authentication Setup
After successfully authenticating to the HITRUST Portal, you will be directed to the HITRUST Portal Landing page. Follow the steps below on how to properly configure time-based two factor authentication. From the HITRUST Portal, click the link “Setup how you want…
Answering an Assessment Statement
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement
There are many components to completing an assessment. This includes: Answering a Statement, Assigning a Respondent, Related Authoritative Sources, Risk Factors, History Assessment Log, Illustrative Procedures, Adding Documents, and CAP Management. r2 Assessment: …
Creating an Offline Assessment
Assessment Questionnaire » Completing an Assessment » Creating an Offline Assessment
An Offline Assessment gives you the ability to complete an Assessment outside of MyCSF using a spreadsheet and seamlessly import it back into the application. If you have a MyCSF Subscription and wish to complete your Assessment offline, follow the instructions below…