Search
Related topics are listed below.
Assigning a User
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Assigning a User
Assigning a user to an Assessment Statement is a beneficial tool to better manage resources and aggregate a collection of responses. From the Assessment Domain, click on the Assessment Statement you wish to assign. Press the ‘Actions’ button and…
Creating a New Assessment
Pre-Assessment » Creating a New Assessment
If you are an Account Administrator, you’ll be able to simply add a new Assessment directly through the homepage of MyCSF. From the MyCSF Homepage, click the ‘+ Create Assessment’ button on the ‘Assessments’ table found under the Organization panel. You…
Creating a Custom Assessment Library
Homepage » Creating a Custom Assessment Library
Account Administrators are able to create and manage a Custom Assessment using the HITRUST CSF and its Authoritative Sources using HITRUST provided questions. Please follow the steps below on how to create a customized Assessment Library. From the MyCSF Homepage,…
Adding a New API User
Administration » Subscriber Management » Adding a New API User
If you are wishing to add a new API User to your MyCSF Account, please follow the steps below: From the Homepage, click the ‘Administration’ button at the top Menu bar or below your Subscription Information. From the Subscriber Management page, click the ‘+…
Configuring a User as a HITRUST CSF practitioner
Internal Assessors » Configuring a User as a HITRUST CSF practitioner
A requirement of the Internal Assessor program is that all users performing Internal Assessor duties must be an active HITRUST CSF Certified Practitioner (CCSFP). In order to have a user validated as a CCSFP, the Account Administrator from your organization must…
Creating CAPs
Corrective Action Plans (CAPs) » Creating CAPs
There are two ways a CAP can be added to your Organization’s Repository: Either as a result of defining them within one of your Assessments or by adding them directly into the Repository. This topic will cover the latter. From your CAP Repository page (link), you…
User Management
Administration » Organization Consolidation » User Management
If you are an Account Administrator within the HITRUST Portal, you have the ability to manage people’s access and information as well as modify their module license. Portal Administration
Adding a User to an Assessment Domain
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding a User to an Assessment Domain
Assigning a User to an Assessment Domain is a beneficial tool to better manage resources and aggregate a collection of responses. From the Assessment Questionnaire, click on the Assessment Domain you wish to assign. From the Assessment Domain, click on the…
Setting User Access
Pre-Assessment » Creating a New Assessment » Name & Security » Setting User Access
From the Name & Security page, you will be able to set the users associated with this Assessment under the People section. Place your users in the table as either No Access, Assessment Lead, Standard User, Customer Respondent, Read Only, or a Custom Role. You can…
Creating an Offline Assessment
Assessment Questionnaire » Completing an Assessment » Creating an Offline Assessment
An Offline Assessment gives you the ability to complete an Assessment outside of MyCSF using a spreadsheet and seamlessly import it back into the application. If you have a MyCSF Subscription and wish to complete your Assessment offline, follow the instructions below…
Edit Existing User in the Portal
Administration » Organization Consolidation » User Management » Edit Existing User in the Portal
Follow the instructions below to edit an existing user in your Portal Account: From the User Management table, click the edit icon adjacent to the user’s name. From the modal, you will have the option to edit the user’s first name, last name, role, toggle…
Making a Reservation
Reservations » Making a Reservation
Reservations allow you to have more awareness into when your validated assessment will be reviewed by the HITRUST Quality Assurance team. You can set one up seamlessly within your assessment. From the MyCSF Homepage, click on the i1 or r2 validated assessment for…
Adding a New Person
Administration » Subscriber Management » Adding a New Person
If you are wishing to add a new person to your MyCSF Account, please follow the steps below: From the Homepage, click the ‘Administration’ button at the top Menu bar or below your Subscription Information. From the Subscriber Management page, click the ‘+ Add…
Adding a Related Document
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding a Related Document
If you wish to document evidence for an Assessment Statement, use the related documents functionality. You can either reference items previously uploaded or new items that are not yet in your Document repository. From the MyCSF Homepage, click the Assessment…
Adding a Diary Entry
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding a Diary Entry
The Diary will enable you to enter comments on each of your Assessment Statements to communicate within your organization or assessor. 1. From the Assessment Domain, click on the Assessment Statement that you wish to input a Diary entry. 2. Click on the ‘Diary…
Approving a Draft Report
Reports » r2 and i1 Assessments » Approving a Draft Report
‘Draft Reports’ are automatically approved 30 days after posting. However, the reports can be manually approved prior to the 30 days, by selecting the ‘Approve HITRUST CSF Report’ button on the ‘CSF Reports’ section, HITRUST will then be notified to…
Rescheduling/Cancelling a Reservation
Reservations » Rescheduling/Cancelling a Reservation
Once a reservation is made on your assessment, you are entitled to modify or cancel it. Follow the steps below to accomplish this. From the MyCSF Homepage, click on the i1 or r2 Validated Assessment for which you’d like to make a reservation. On the left-hand…
Creating and Importing Assessor Evaluation for an Offline Assessment
Assessment Questionnaire » Completing an Assessment » Creating and Importing Assessor Evaluation for an Offline Assessment
When a Validated Assessment has been submitted to an Assessor, you the Assessor has the ability to fill-out your evaluation outside of MyCSF using a spreadsheet and seamlessly import your evaluation back into the application. Follow the instructions below on Creating…
Adding a New Custom Role
Administration » Subscriber Management » Adding a New Custom Role
If you have a Corporate Level Subscription or above and you are wishing to add a new custom role to your MyCSF Account, please follow the steps below: From the Homepage, click the ‘Administration’ button at the top Menu bar or below your Subscription…
Adding CAPs to a Statement
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment » Adding CAPs to a Statement
For Statements that have been identified as a Gap or as requiring a Corrective Action, CAPs can be added directly from an Assessment Domain. In order to do this, it does require the “Can Manage CAPs” permission to be set if you are not an Account Administrator.…
Linking CAPs to a Statement
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment » Linking CAPs to a Statement
For Statements that have been identified as a Gap or as requiring a Corrective Action, CAPs in your Repository can be linked directly from an Assessment Domain. In order to do this, it does require the “Can Manage CAPs” permission to be set if you are not an…
Unlinking CAPs from a Statement
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment » Unlinking CAPs from a Statement
CAPs that you no longer wish to have linked to a Statement can be removed from a Statement in a few clicks. On the Statement, press the “CAP” button to expand the CAP table. Select the CAP you want to have disassociated from the active Statement. Once…
Overriding a Potential Quality Issue
Assessment Questionnaire » Potential Quality Issues » Overriding a Potential Quality Issue
The analysis MyCSF runs to check for Potential Quality Issues may sometimes lead to false positives. Because of this, these occurrences can be overridden and excused from remediation. However, if a Potential Quality Issue is overridden, a detailed rationale must be…
Recreating a Validated Assessment Object
Interim Assessment (r2 only) » Recreating a Validated Assessment Object
Once an Interim Assessment has been provisioned, please note that you will have to answer all the Pre-Assessment and Assessment Questionnaire identical to your CSF Certification. *If you still have access to the Original Certified Assessment Object, you do not need to…
Submit a Domain to an Assessor
Assessment Questionnaire » Submitting an Assessment » Submit a Domain to an Assessor
When you are ready to submit your domain to your assessor for validation, press the link located in the green banner above the Assessment Statements for the Domain that you’ve finished. This link will not become available until all of the Assessment Statements have…
Request a Revision for an Issued Report
Reports » r2 and i1 Assessments » Request a Revision for an Issued Report
If you have discovered a spelling error or any type of inaccuracy in your ‘Draft Report’, you can request a revision by pressing the ‘Request Revision’ button. You will be able to place your comment in a text box that you can send to the HITRUST Assurance…
Adding a New Person to the Portal
Administration » Organization Consolidation » User Management » Adding a New Person to the Portal
Follow the instructions below to add a new person to your Portal Account: From the Portal Administration page, click the ‘Add Person’ button on the User Management table. From the modal, enter the ‘First Name’, ‘Last Name’, and ‘Email’. Click the…
Pre-Assessment
Pre-Assessment
Topics in Pre-Assessment include: Creating a New Assessment and Scoping an Assessment. Organization Information Subtopics Creating a New Assessment Scoping an Assessment
Homepage
Homepage
The Homepage of MyCSF is the starting location for every user that authenticates through the HITRUST Portal. From here, you can easily locate Assessments, Subscription Information, Your Notifications, Custom Libraries and more. Subscription Information …
Completing an Assessment
Assessment Questionnaire » Completing an Assessment
There are many components to completing an assessment. This includes: Answering an Assessment Statement, Assigning Respondents, Related Authoritative Sources, Risk Factors, History Statement Log, Illustrative Procedures, Adding a Document, and CAP Management. …
Subscriber Management
Administration » Subscriber Management
Depending on the Subscription Level access you have to MyCSF, the Subscriber Management page, is where you can manage and access your account’s ‘People’, ‘API Users’, ‘Custom Security Roles’, ‘Assessments’, ‘Links to HAX’, and ‘IP…
How To Request Inheritance Using the Offline Assessment Template
Inheritance » External Inheritance » Inheritance Requestors » How To Request Inheritance Using the Offline Assessment Template
To create inheritance requests using the offline assessment, first generate the offline assessment worksheet using the process outlined in the Creating an Offline Assessment section of the User Guide. Locate and click the “Inheritance” tab in the Offline…
Corrective Action Plans (CAPs)
Corrective Action Plans (CAPs)
Corrective Action Plans (CAPs) you add through MyCSF are inherently associated with your Organization in what is called the CAP Repository. This is done in an effort to allow you to reuse previously entered CAPs, vastly simplifying the management of these Corrective…
Scoping an Assessment
Pre-Assessment » Scoping an Assessment
The scope of the Assessment is the information about your organization that will be used to narrow down the most precise assessment for your compliance and security needs. Fields marked with red asterisks are mandatory. After authenticating through the HITRUST…
MyCSF Compliance and Reporting Packs
Analytics » MyCSF Compliance and Reporting Packs
MyCSF Compliance and Reporting Pack for HIPAA Step 1: Create a readiness, validated, or targeted assessment using v9.5.0 or later which includes the HIPAA breach notification rule and/or HIPAA security rule. Step 2: Go to Analytics > Compliance Packs > Select…
Library Retention
Pre-Assessment » Scoping an Assessment » Library Retention
The Library Retention feature provides visibility into specific changes associated with HITRUST CSF version updates, and allows users to apply those changes to assessment objects created under previous versions of the framework. To begin the update process, open an…
How to Publish (Enable) Assessment Inheritability
Inheritance » External Inheritance » Inheritance Providers » How to Publish (Enable) Assessment Inheritability
From the ‘Name & Security’ pre-assessment page, check the box next to “Published” and click Confirm when prompted to agree to the Inheritance User Terms and Conditions. A published assessment will show a banner icon with a hover-over tooltip next the…
How To Delete Internal Inheritance Requests
Inheritance » Internal Inheritance » How To Delete Internal Inheritance Requests
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button to open the Inheritance Modal. 2. Within the Inheritance Modal, go the ‘Requests’ tab and select ‘Internal’ from the drop-down. 3. Click…
How To Create External Inheritance Requests by Requirement
Inheritance » External Inheritance » Inheritance Requestors » How To Create External Inheritance Requests by Requirement
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button to open the Inheritance Modal window. 2. From the ‘Requests’ tab within the Inheritance Modal, select ‘External’ from the drop-down for the…
How To Create/Apply Internal Inheritance Requests
Inheritance » Internal Inheritance » How To Create/Apply Internal Inheritance Requests
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button (yellow underline) to open the Inheritance window. 2. From the ‘Requests’ tab within the Inheritance window, select ‘Internal’ from the…
Administrating Organization Accounts
Administration » Organization Consolidation » Administrating Organization Accounts
A green “Admin” button has been added to the HITRUST application landing page (see Figure 1, top right corner). The administration function is only viewable to users with Administrator roles as determined by their Organization. Figure 1: Selecting the…
Assigning Internal Assessors to an Assessment
Internal Assessors » Assigning Internal Assessors to an Assessment
If an Internal Assessor Function has been chosen for an Assessment (Link to Enabling Internal Assessors On Your Assessment), the Subscriber People table will be augmented to include a new column that is reserved for Internal Assessors. Those that have been delegated…
How To Delete External Inheritance Requests
Inheritance » External Inheritance » Inheritance Requestors » How To Delete External Inheritance Requests
Follow the same steps in 8.1.3 for deleting internal inheritance requests. 1. Locate the Inheritance Request in the Inheritance modal, then click on the trash can icon to delete. 2. Confirm the removed. 3. The request has been deleted.
Setting IP Restrictions
Administration » Subscriber Management » Setting IP Restrictions
The IP Whitelist can be used to allow an Organization to specify a permitted range of IP Addresses that can be used to access your Organization’s information. To enable IP restrictions, follow the steps below: From the Homepage, click the ‘Administration’…
Re-validating the Assessment
Interim Assessment (r2 only) » Recreating a Validated Assessment Object » Re-validating the Assessment
As you would in any Validated Assessment, you as the Assessor will need to validate all of the Assessment Questions completed by your Client. You will have to ensure the maturity scores entered are identical to their Original CSF Certification. From the Homepage,…
Managing Administrative Roles
Administration » People Management » Managing Administrative Roles
Follow the instructions below to manage a user’s Administrative Role. From the Homepage, click the ‘Administration’ button at the at the top Menu bar or below your Subscription Information. Click on the name you wish to update. From the People Management…
How To Use the Kanban View To Track Inheritance Requests
Inheritance » External Inheritance » Inheritance Requestors » How To Use the Kanban View To Track Inheritance Requests
The Kanban reporting view can be used to confirm the submitted inheritance requests. Find the Kanban board by: 1. Clicking the Views option in MyCSF and selecting the Kanban View. 2. Then filter for the assessment object name. Hovering over the assessment tile…
How To Submit External Inheritance Requests for Approval
Inheritance » External Inheritance » Inheritance Requestors » How To Submit External Inheritance Requests for Approval
1. From anywhere within the Assessment view, go to the ‘Inheritance’ request page by clicking on the ‘Inheritance’ link located on the left-hand side panel after the ‘Documents’ section. 2. From the ‘Inheritance’ request page, click on the…
How to Unpublish (Disable) Assessment Inheritability
Inheritance » External Inheritance » Inheritance Providers » How to Unpublish (Disable) Assessment Inheritability
From the ‘Name & Security’ pre-assessment page, uncheck the box next to “Published” and click Confirm when prompted. *Note: The system will automatically unpublish an assessment on its date of expiration—for the r2 Certification: the 2-year…
Cloning an Assessment
Pre-Assessment » Creating a New Assessment » Name & Security » Cloning an Assessment
Cloning an Assessment gives you the ability to transfer all maturity scores, comments, and documents from an existing Assessment into a newly created one. If you wish to complete a new Assessment with existing data from a previous Assessment, follow the instructions…
Answering CAPs & Generating an Interim Assessment
Interim Assessment (r2 only) » Recreating a Validated Assessment Object » Answering CAPs & Generating an Interim Assessment
If you had CAPs identified within your Original CSF Certification, you will have to add the same corrective action plan identical to your Original CSF Certification. If you do not have any mandatory Corrective Action Plans, you can immediately generate the Interim…
Unlinking CAPs
Corrective Action Plans (CAPs) » Unlinking CAPs
As your CAPs are to be designed to be associated with the Gaps present within your Assessments, MyCSF provides a simple way through the Repository to unlink a Plan from a Statement. From your CAP Repository page (link), you will see a table cataloging all of the…
Controlling Assessment Roles
Administration » People Management » Controlling Assessment Roles
Follow the instructions below to manage a user’s Assessment Privileges. From the Homepage, click the ‘Administration’ button at the at the top Menu bar or below your Subscription Information. Click on the name of the Assessment you wish to update. From the…
Manually Generating an Interim Assessment
Interim Assessment (r2 only) » Manually Generating an Interim Assessment
If you are coming up on your 1-year Anniversary of your CSF Certification and have a MyCSF Subscription, please note that your Interim Assessment will auto-generate 90 days prior to the Anniversary of the Certification Date of your Original Assessment. If you wish to…
Adding Corrective Action Plans
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding Corrective Action Plans
For Statements where deficiencies are found, you are able to detail Corrective Actions that will help remediate the identified problem. *Note: Only the organization’s user can enter CAPs, the assessor cannot. 1. From the Assessment Domain, click on the…
Time-Based Two Factor Authentication Setup
HITRUST Portal » Configuring Two Factor Authentication » Time-Based Two Factor Authentication Setup
After successfully authenticating to the HITRUST Portal, you will be directed to the HITRUST Portal Landing page. Follow the steps below on how to properly configure time-based two factor authentication. From the HITRUST Portal, click the link “Setup how you want…
View the Illustrative Procedures
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » View the Illustrative Procedures
r2 Assessment: Use the Illustrative Procedures to help clarify the necessary components to accurately score the statement. From the MyCSF Homepage, click the Assessment name you would like to view. From the Assessment Domain, click on the Assessment Statement of…
First Login and Authentication
HITRUST Portal » Logging in to the HITRUST Portal » First Login and Authentication
If this is your first-time logging into the HITRUST Portal, follow the steps below to locate and change the temporary password associated with your MyCSF Account. Locate the email with the subject line: “HITRUST Login Registration – Account Lead Created” from…
Resetting MyCSF Password
HITRUST Portal » Resetting MyCSF Password
If you have forgotten your MyCSF password, please follow the steps below: From the HITRUST Portal, click the ‘Reset Password’ link adjacent to the ‘Login’ button. Enter your email address associated to your MyCSF Account and click the ‘Reset’…
Managing Your CAP Repository’s Access
Corrective Action Plans (CAPs) » Managing Your CAP Repository’s Access
By Default, only Account Administrators are permitted to both view and edit an Organization’s CAP Repository as well as add/link CAPs to an Assessment. However, an Account Administrator can delegate these privileges to Standard Users within their entity in a few…
View the Assessment Statement Log
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » View the Assessment Statement Log
Keep track of the users who have answered an Assessment Statement by accessing the Assessment Statement Log. MyCSF archives who modified a statement and when they did it. From the Assessment Domain, click on the Assessment Statement you wish to view the…
View the Authoritative Sources
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » View the Authoritative Sources
If you’re interested in the standards and regulations that comprise an Assessment Statement, use the Authoritative Sources link under the More Info dropdown. From the Assessment Domain, click on the Assessment Statement you wish to view the Authoritative…
Attaching the Organizational Overview and Scope
Documents » Attaching the Organizational Overview and Scope
Uploading the details on the ‘Scope of Your Assessment’ along with the information regarding your ‘Company Profile’ can be placed here. 1. On the sidebar, click the ‘Organizational Overview & Scope label to be rushed to the Organizational Overview & Scope…
Attaching the QA Checklist
Documents » Attaching the QA Checklist
The HITRUST CSF Assessor Quality Checklist is a required Document that must be signed by the Engagement Executive and Assessor QA Resource for all Validated Assessments. 1. On the sidebar, click the ‘QA Checklist’ label to be rushed to the QA Checklist page.…
Deleting an Assessment
Pre-Assessment » Creating a New Assessment » Name & Security » Deleting an Assessment
Deleting an Assessment will be permanently removed from MyCSF. Only Account Admins and Assessment Leads have the privilege to delete an Assessment. The status of the Assessment must be ‘Not Started’ or ‘Answering Assessment’, as well as not submitted to the…
Users
Analytics » Dashboards » Assessments » Assessments » Users
View all of the users that been ‘Assigned a Statement’ and take a look if a user has completed or has not started the Statements assigned to him/her. Assessments – View your Assessment Result in detail and view the maturity scores by Statements in each…
Downloading Documents in Bulk
Documents » Downloading Evidence » Downloading Documents in Bulk
If you have a MyCSF Subscription, downloading documents in bulk is now available to do within an Assessment. Please follow the instructions below on how to bulk download documents within an Assessment. On the sidebar, click the ‘Documents’ icon to be…
License Management
Administration » Organization Consolidation » User Management » License Management
Follow the instructions below to manage a user’s module license: From the User Management table, click the ‘Manage’ button at the end of a user’s row. From the modal, you will have the option to assign license modules. License Management …
Submitting an Assessment
Assessment Questionnaire » Submitting an Assessment
Whether submitting a Self-Assessment or a Validated Assessment by your assessor organization, the Assessment Questionnaire can be submitted either by each fully completed domain (Validated only) or by completing the entire Assessment (Self-Assessment/Validated…
Assessment Questionnaire
Assessment Questionnaire
After completing the Scope of your Assessment, you can begin answering the questions that have been generated based on your scope. Topics range from: Completing an Assessment, Marking Not-Applicable, Assigning a User, CAP Management, Authoritative Sources, Assessment…
View the Risk Factors
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » View the Risk Factors
Review the Risk Factors that apply to an Assessment Statement. Remember you can change the scope of your assessment if the information does not look correct or if an environment change has occurred by going to **Administrative & Scoping in the Nav bar. From…
Viewing Potential Quality Issues
Assessment Questionnaire » Potential Quality Issues » Viewing Potential Quality Issues
There are two ways within MyCSF to view the Potential Quality Issues raised within your Assessment. The first manner is observing them on a Statement while inside an Assessment Domain. The second option is to view all of the Potential Quality Issues in a consolidated…
Changing MyCSF Password
HITRUST Portal » Changing MyCSF Password
If you wish to change your MyCSF password, please follow the steps below: From the HITRUST Portal, click the ‘Change Password’ link on the top right corner. Enter your desired password twice and click the ‘Change Password’ button. Please note that the…
How To View Internally-Inherited Assessment Scores
Inheritance » Internal Inheritance » How To View Internally-Inherited Assessment Scores
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button to open the Inheritance Modal. 2. Within the Inheritance Modal, click on the ‘Scoring’ tab. The first line shows the internal assessment from which…
How To View Externally-Inherited Assessment Scores
Inheritance » External Inheritance » Inheritance Requestors » How To View Externally-Inherited Assessment Scores
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button to open the Inheritance Modal. 2. Within the Inheritance Modal, click on the ‘Scoring’ tab. The first line shows the external assessment from which…
Logging in to the HITRUST Portal
HITRUST Portal » Logging in to the HITRUST Portal
Follow the steps below on how to login to the HITRUST Portal: Using an Internet Browser, go to the web address https://portal.mycsf.net. A page will load that requires you to enter your Email Address and Password. Once entered, click the ‘Login’…
Attaching Partner Agreement
Documents » Attaching Partner Agreement
The ‘Partner Agreement’ is made by and between the ‘Participant’ and HITRUST Services Corporations. 1. On the sidebar, click the ‘Partner Agreement’ label to be rushed to the Partner Agreement page. 2. Click on the ‘See a Template’ link to download…
Benchmarking
Analytics » Dashboards » Metrics » Benchmarking
This option enables a user to search through data that has been collected for relevant Validated Assessments to allow our users to do a quick comparison check against their industry standards. Metrics – The ‘Metrics’ section compiles industry data…
How To Apply Approved External Inheritance Requests
Inheritance » External Inheritance » Inheritance Requestors » How To Apply Approved External Inheritance Requests
1. From anywhere within the Assessment view, go to the ‘Inheritance’ request page by clicking on the ‘Inheritance’ link located on the left-hand side panel after the ‘Documents’ section. 2. From the ‘Inheritance’ request page, click on the…
Viewing an Assessment
Pre-Assessment » Creating a New Assessment » Viewing an Assessment
From the Hompage of MyCSF, you can view any Assessment that has been generated. To view an Assessment, please follow the steps below to access and view an Assessment within your MyCSF Account. From the Homepage, there is an ‘Assessments’ table that includes…
Modifying CAPs
Corrective Action Plans (CAPs) » Modifying CAPs
For CAPs that have already been created, MyCSF allows you to easily make changes to this CAP either to record progress or refine the information currently documented. From your CAP Repository page (link), you will see a table cataloging all of the CAPs belonging to…
Attaching the Management Representation Letter
Documents » Attaching the Management Representation Letter
Every Assessment submitted to HITRUST must include a Management Representation Letter executed on your Organization’s Letterhead, signed by the appropriate level of management overseeing the Assessment, and dated the last day of testing. 1. On the sidebar, click the…
Attaching Test Plans
Documents » Attaching Test Plans
Mandatory after April 1, 2019 for all Validated Assessments, thorough Test Plans must be submitted to meet the HITRUST Requirements covering the testing of all required controls. Test plans should document with signatures, the Engagement Executive, QA Resource, and…
Performing an Interim Review Assessment
Interim Assessment (r2 only) » Performing an Interim Review Assessment
If you are coming up on your 1-year Anniversary of your CSF Certification, you will need to perform an Interim Assessment. The Interim Assessment is to ensure that the scope of your CSF Certification is still valid. From the Homepage, click on the Assessment with…
Downloading the Report
Reports » bC Assessments » Downloading the Report
Once your bC Report is available for download, you will receive an automated notification from HITRUST like the one shown below: Follow the steps below to download your report: From the MyCSF Homepage, click on the Assessment name of the report you would like to…
Phone-Based Two-Factor Authentication Setup
HITRUST Portal » Configuring Two Factor Authentication » Phone-Based Two-Factor Authentication Setup
After successfully authenticating to the HITRUST Portal, you will be directed to the HITRUST Portal Landing page. Follow the steps below on how to properly configure SMS and Voice two factor authentication. From the HITRUST Portal, click the link “Setup how you…
Enabling Internal Assessors On Your Assessment
Internal Assessors » Enabling Internal Assessors On Your Assessment
After your Internal Assessor application has been approved, the Name and Security page on your Organization’s Assessment will be altered to include a checkbox allowing you to mark your Assessment as having been tested by Internal Assessors. When selected, you will be…
Answering an Assessment Statement
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement
There are many components to completing an assessment. This includes: Answering a Statement, Assigning a Respondent, Related Authoritative Sources, Risk Factors, History Assessment Log, Illustrative Procedures, Adding Documents, and CAP Management. r2 Assessment: …
Configuring Two Factor Authentication
HITRUST Portal » Configuring Two Factor Authentication
The HITRUST Portal supports the use of SMTP, SMS, Phone Call, and Time-Based Authenticator Apps to receive the One Time Passcodes (OTP) necessary to finish the log-in process. By default, all accounts are automatically provisioned with the SMTP option active. If you…
Organization Consolidation
Administration » Organization Consolidation
User accounts are consolidated at the Organization level in the HITRUST application landing page. The consolidation helps eliminate redundant accounts at the application module level, and ensures all user accounts are associated with one Organization based on their…
Metrics
Analytics » Dashboards » Metrics
The ‘Metrics’ section compiles industry data that is associated to your organization and reflects averages, standards, and patterns, to their security testing. Users can make quick comparisons on where their organization stands along with any discernment…
11.1.1. Downloading the Report
Reports » r2 and i1 Assessments » 11.1.1. Downloading the Report
Once your HITRUST CSF Report is available for download, you will receive an automated notification from HITRUST, like the one below. Your report will be available in the draft state for 30 days to allow you ample time for review. Follow the steps below to download…
Benchmarking
Analytics » Dashboards » Metrics » Benchmarking » Benchmarking
Review each domains Avg Maturity Scores and find the averages between two or more Assessments and the industry Benchmark. Benchmarking – This option enables a user to search through data that has been collected for relevant Validated Assessments to allow our…
Statistics
Analytics » Dashboards » Metrics » Benchmarking » Statistics
Compare the top 10th or bottom 90th percentile of any one of your Assessments as well as the Avg Maturity Averages for each of your domains. Benchmarking – This option enables a user to search through data that has been collected for relevant Validated…
Submitting External Assessor Reverted Controls Back to the External Assessor
Assessment Questionnaire » Submitting an Assessment » Submitting External Assessor Reverted Controls Back to the External Assessor
When an External Assessor reverts an Assessment Statement back to their client, the returned Assessment Statement will display a “Response Needed for External Assessor” status. To address these Assessment Statements, you as the client will need to do the…
Name & Security
Pre-Assessment » Creating a New Assessment » Name & Security
The Name & Security page is where you will be able to see the administrative information pertaining to the Assessment. You can navigate to this page while filling out this assessment whenever you like. 1. After authenticating through the MyCSF Portal, click on your…