Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » HiTRUST » HITRUST CSF Control Categories

HITRUST CSF Control Categories

HITRUST CSF Control Categories are a bit complex, with over 150 individual controls in total. The exact number of controls your company needs to focus on can vary depending on how you define “control” and your specific compliance needs.

HITRUST organizes its framework into 14 distinct Control Categories, each labeled with a unique identifier from 0.0 to 0.13. These are further organized into 49 objectives and then detailed through 156 references. However, the actual controls your company needs to implement depend on the specifications that apply to your business and other compliance requirements.

The various tiers can get complicated, but the key is to focus on the controls relevant to your organization’s security and compliance needs. Here is the list of controls for your reference.

Control Name	Control Objectives	Control Specifications
Information Security Management Program	1	1
Access Control	7	25
Human Resources Security	4	9
Risk Management	1	4
Security Policy	1	2
Organization of Information Security	2	11
Compliance	3	10
Asset Management	2	5
Physical and Environmental Security	2	13
Communications and Operations Management	10	32
Information Systems Acquisition, Development, and Maintenance	6	13
Information Security Incident Management	2	5
Business Continuity Management	1	5
Privacy Practices	7	21

Additional reading

Blogs CCPA

CCPA Compliance Requirements: A Detailed Guide to California’s Data Privacy Law

GDPR was the first compliance law that mandated businesses to adopt processes and policies that aimed to protect the rights of users and ensure the integrity of their personal data. After GDPR, California’s CCPA was able to mandate businesses to adhere to its privacy law at scale. CCPA – California Consumer Privacy Act is a…

Blogs FISMA

FISMA Requirements: List of Official Mandates and Practices

The Federal Information Security Management Act (FISMA) is a United States law that came into effect in 2002. Its goal is to guide federal agencies handling sensitive government information systems to develop, document, implement, and maintain security programs that protect their information systems. FISMA also focuses on developing risk-based policy for cost-effective security. In this…

Blogs

11 Most Common Security Vulnerabilities & Tips To Manage Them [2026]

You have antivirus software installed on all devices in your network, you track access control, you implement MFA, and you regularly back up your data. So, are you confident that your system is 100% secure? To err is human, but lately, we’ve become more dependent on codes and applications, which leaves less room for error,…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales