New Framework Support: HITRUST CSF

Drata now supports the HITRUST CSF (Common Security Framework), a private cybersecurity and risk management framework that integrates requirements from multiple standards, including HIPAA, NIST, ISO, GDPR, PCI DSS, and others.

This widely adopted framework helps organizations demonstrate their commitment to protecting sensitive data, particularly in healthcare, finance, and technology, where regulatory compliance and data protection are essential.

Note: HITRUST e1 and i1 are fully supported with control mapping and all related features. r2 requirements are also available in Drata but are out of scope by default. Select r2 as the assessment level (level picker) and manually add the additional requirements.

With the addition of HITRUST, we’re continuing to expand your options for trust management and compliance at scale:

• Accelerated Compliance: Pre-mapped controls make it easier and faster to align with HITRUST e1 and i1 assessments.

• Tailored Maturity Levels: Choose the HITRUST level that fits your organization’s size, resources, and risk profile.

• Unified Framework Management: Manage HITRUST right alongside other frameworks like SOC 2, ISO 27001, and HIPAA.