Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
HITRUST CSF Control Categories
HITRUST CSF Control Categories are a bit complex, with over 150 individual controls in total. The exact number of controls your company needs to focus on can vary depending on how you define “control” and your specific compliance needs.
HITRUST organizes its framework into 14 distinct Control Categories, each labeled with a unique identifier from 0.0 to 0.13. These are further organized into 49 objectives and then detailed through 156 references. However, the actual controls your company needs to implement depend on the specifications that apply to your business and other compliance requirements.
The various tiers can get complicated, but the key is to focus on the controls relevant to your organization’s security and compliance needs. Here is the list of controls for your reference.
| Control Name | Control Objectives | Control Specifications |
| Information Security Management Program | 1 | 1 |
| Access Control | 7 | 25 |
| Human Resources Security | 4 | 9 |
| Risk Management | 1 | 4 |
| Security Policy | 1 | 2 |
| Organization of Information Security | 2 | 11 |
| Compliance | 3 | 10 |
| Asset Management | 2 | 5 |
| Physical and Environmental Security | 2 | 13 |
| Communications and Operations Management | 10 | 32 |
| Information Systems Acquisition, Development, and Maintenance | 6 | 13 |
| Information Security Incident Management | 2 | 5 |
| Business Continuity Management | 1 | 5 |
| Privacy Practices | 7 | 21 |
Additional reading
More Money =/= More Security. A Conversation on Budget with Christophe Fuolon
A Quick Walk-Through of NIST CSF Maturity Levels and Models
What is Cybersecurity Strategy Due Diligence? How to Automate ?
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
