Glossary of Compliance
Compliance Glossary
Our list of curated compliance glossary offers everything you to know about compliance in one place.
HITRUST CSF Control Categories
HITRUST CSF Control Categories are a bit complex, with over 150 individual controls in total. The exact number of controls your company needs to focus on can vary depending on how you define “control” and your specific compliance needs.
HITRUST organizes its framework into 14 distinct Control Categories, each labeled with a unique identifier from 0.0 to 0.13. These are further organized into 49 objectives and then detailed through 156 references. However, the actual controls your company needs to implement depend on the specifications that apply to your business and other compliance requirements.
The various tiers can get complicated, but the key is to focus on the controls relevant to your organization’s security and compliance needs. Here is the list of controls for your reference.
| Control Name | Control Objectives | Control Specifications |
| Information Security Management Program | 1 | 1 |
| Access Control | 7 | 25 |
| Human Resources Security | 4 | 9 |
| Risk Management | 1 | 4 |
| Security Policy | 1 | 2 |
| Organization of Information Security | 2 | 11 |
| Compliance | 3 | 10 |
| Asset Management | 2 | 5 |
| Physical and Environmental Security | 2 | 13 |
| Communications and Operations Management | 10 | 32 |
| Information Systems Acquisition, Development, and Maintenance | 6 | 13 |
| Information Security Incident Management | 2 | 5 |
| Business Continuity Management | 1 | 5 |
| Privacy Practices | 7 | 21 |
Additional reading
What Cloudflare Got Right, and Other Hyperscalers Got Wrong
HIPAA Certification Cost [Updated 2026 + Free Checklist]
Article 20 GDPR Right to Data Portability
Sprinto: Your growth superpower
Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.
