Assess your readiness for HITRUST CSF certification across all three levels — e1 (Essentials), i1 (Implemented), and r2 (Risk-Based). Built for healthcare SaaS founders, digital health companies, and health IT vendors who need to demonstrate security to enterprise buyers.
HITRUST Certification Levels
44 controls. Entry-level. Addresses fundamental cybersecurity hygiene. Fastest to achieve (~6-12 months). Best for early-stage healthcare SaaS entering enterprise sales.
182 controls. Mid-tier. Required by most healthcare enterprise buyers. Addresses HIPAA and broader security controls. ~12-18 months to certify.
375+ controls. Full HITRUST framework. Required by payers, large health systems, and federal healthcare programs. ~18-24 months. Most rigorous certification in healthcare.
Which HITRUST level are you targeting? Controls shown in Step 2 will be filtered accordingly.
Select all data types your system processes or stores.
Select frameworks already in place — HITRUST CSF inherits from many of these.