MyCSF is a fully integrated, optimized and user-friendly tool that marries the content and methodologies of the HITRUST Common Security Framework (CSF) and the CSF Assurance Program with the technology and capabilities of a governance, risk and compliance (GRC) tool. The new MyCSF tool provides healthcare organizations of all types and sizes with a secure, Web-based solution for accessing the CSF, performing assessments, managing remediation activities, and reporting and tracking compliance.

A qualified organization is any organization employing a function or activity involving the use or disclosure of individually identifiable health information, provided that said organization does not provide security products or services. Additionally, any federal, state, or local agency or department is considered a qualified organization. HITRUST has the right to verify eligibility.

To purchase a MyCSF subscription, select the appropriate listing for your organization type below and follow the ordering process.

MyCSF Subscription: Non-Qualified Organization

MyCSF Subscription: Non-Qualified Organization

The MyCSF subscription for non-qualified organizations is available for $10,000, and it provides 5 named users access to MyCSF View only and HITRUST Central.

  • Price: $10,000.00

Self Assessment Report

Organizations who choose to conduct a self assessment can do so using the MyCSF tool to conduct a baseline assessment.

  • Price: $2,500.00

Basic MyCSF Subscription: Qualified Organization

Basic MyCSF Subscription: Qualified Organization

The Basic MyCSF subscription for qualified organizations is available for $6,550 and it provides 5 named users access to MyCSF, 1 assessment object and 10 support tickets.

  • Price: $6,550.00