The HITRUST Common Security Framework (HITRUST CSF) is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.
|Information Protection Program||Processes should be in place to ensure confidentiality, integrity, and availability of sensitive data. This includes the information security management system.|
|Endpoint Protection||This refers to anti-virus/anti-malware configurations, firewalls, intrusion detection systems, software updates, patches, and more. It includes requirements common to laptops, workstations, storage (e.g., NAS), and servers.|
|Portable Media Security||This control domain includes mobile storage (e.g., USB drives, CD-ROMs, DVD-ROMs, backup tapes).|
|Configuration Management||This includes all aspects of configuration management (e.g., configuration item identification, configuration status accounting, change control, and configuration audit), as well as environments used for development and testing.|
|Vulnerability Management||This includes vulnerability scanning and patching, antivirus/anti-malware and network/host-based penetration detection systems, and updates.|
|Network Protection||This includes all aspects of perimeter and internal network security, such as network-based application-level firewalls and intrusion detection systems, DDOS protection, and IP reputation filtering.|
|Transmission Protection||This includes web and network connections, such as those for VPN, email, and chat.|
|Password Management||This control covers issues that involve the use of traditional passwords.|
|Access Control||This control includes all aspects of access control other than the use of traditional passwords.|
|Audit Logging and Monitoring||This refers to controls for audit logging and monitoring.|
|Incident Management||These controls relate to incident monitoring and detection activities, incident response, and breach reporting.|
|Business Continuity and Disaster Recovery||This covers all aspects of contingency, business continuity, and disaster recovery, like planning, implementation, testing.|
|Data Protection and Privacy||The control is set to address the organization's compliance and privacy program and related controls.|
To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.