Another method to perform the control mapping process is using AI-Assisted mapping. This functionality uses generative AI to identify possible HITRUST CSF mappings, by comparing the language present in the HITRUST CSF to the inputs you provide in the form of webpages to scrape, online PDFs to scrape, or keywords to compare against.
Note that the mapping suggestions produced through generative AI may not be accurate and must therefore be fully reviewed before being accepted as final. This method is effective but is only as good as the information being fed into PSD.
AI-assisted mappings are identified through “job runs” which are launched on demand. To create an AI mapping job run for an offering, perform the following:
- Login to the PSD Admin Homepage.
- Select the pencil icon next to the offering you would like to map against.
Pictured: Use the pencil icon (right side of this screenshot, next to the “Published” / “Unpublished” badge) at the offering level to access the offering’s mappings and associated functionality.- Select “AI-assisted Mappings” from the horizontal menu.
Pictured: The AI-assisted Mappings page for an offering.- The “Job Name” field will auto-populate with a report name such as “AI Assisted Run – 2024-08-15T14:56:28.852Z”.
- (Optional) Add the URLs of each webpage that you would like PSD to consider in this AI-assisted mapping run. Note that PSD will scrape the contents of all text of each provided URL for use in the mapping run. The webpage contents are not retained when the mapping run is complete.
- (Optional) Add the URLs of each internet-accessible PDF that you would like PSD to consider in this AI-assisted mapping run. Note that PSD will scrape the contents of all text of each provided PDF for use in the mapping run. The PDF contents are not retained when the mapping run is complete.
- Add the text statements (i.e., keywords, search terms, and/or full paragraphs) that you would like PSD to consider in this AI-assisted mapping run. This can include the full description of your offering or can be something as simple as the terms “penetration test” and “vulnerability scan” for a professional service offering inclusive of these two activities.
- Once the desired fields are populated, select the “Start AI Mapping Job” button to perform the mapping. Note that the AI-assisted job run may take a few minutes to complete.
- Once the job run is completed, select the “View Results” button to show the results of the AI-Assisted mapping.
Pictured: Example results of an AI-assisted mapping job run. Each row is a requirement statement that can be expanded by clicking on the row.- In the modal displaying the job run results, click on each requirement statement’s row to expand it in order to read and evaluate the appropriateness of mapping the requirement statement to the offering.
Pictured: An expanded requirement statement row within the AI-assisted mapping run result.- Press the “Add Mapping” button for all requirement statements that are appropriate to map to the offering. If mappings are added using this method, the “Rationale” field must be manually updated, and the associated control maturity levels must be identified before publishing.