HITRUST uses control framework-based risk analysis for release-level updates to the HITRUST CSF control library; however, we also us a patent-pending approach referred to as cyber threat adaptive (CTA) to help identify significant changes in the threat environment for additional analysis and, if needed, the modification of existing controls and/or the addition of new ones to address these changes.124 Our intent is to help ensure the control library remain relevant with extant and emerging threats so organizations can implement controls and conduct assessments as efficiently and effectively as possible and support the provision of practical and highly reliable assurances to stakeholders.
124 Cline, B., Huval, J., and Russel, A. (2023). Threat Activity Statistical Analysis Driven Adaptation of a Control Specification. Patent Pending.