Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary Β» HiTRUST Β» HITRUST CSF Control Categories

HITRUST CSF Control Categories

HITRUST CSF Control Categories are a bit complex, with over 150 individual controls in total. The exact number of controls your company needs to focus on can vary depending on how you define “control” and your specific compliance needs.

HITRUST organizes its framework into 14 distinct Control Categories, each labeled with a unique identifier from 0.0 to 0.13. These are further organized into 49 objectives and then detailed through 156 references. However, the actual controls your company needs to implement depend on the specifications that apply to your business and other compliance requirements.

The various tiers can get complicated, but the key is to focus on the controls relevant to your organization’s security and compliance needs. Here is the list of controls for your reference.

Control NameControl ObjectivesControl Specifications
Information Security Management Program11
Access Control725
Human Resources Security49
Risk Management14
Security Policy12
Organization of Information Security211
Compliance310
Asset Management25
Physical and Environmental Security213
Communications and Operations Management1032
Information Systems Acquisition, Development, and Maintenance613
Information Security Incident Management25
Business Continuity Management15
Privacy Practices721

Additional reading

Information Security Policy – Everything You Should Know

Your Information Security Policy needs to be robust and protect your organization from internal and external threats. Its scope should be exhaustive, yet it should make room for updates and edits and keep pace with the changing business environments and threats. It sets the tone and foundation for how you plan to protect your organization’s…

6 Best SaaS Security Companies : How to Choose Saas Security Companies

In September 2023, a study by ItGovernance found 97 security incidents that compromised 91,127,815 records. And the grand champion of this unfortunate event? Twitter, with 220 million breached records. Quite the headliner, isn’t it? Now, when you dig deeper and do some number crunching, it’s hard not to feel concerned.  Your organization could become a…

How Can You Achieve GDPR Compliance in 2026? A Guide for Businesses

GDPR compliance is vital for organizations operating within the EU. Non-compliance can lead to severe legal and financial consequences, as seen in Austria’s recent ban on Google Analytics. Specifically, Article 44 of the GDPR states that data is not allowed to be transferred beyond the EU or the EEA unless the recipient nation is able…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales