As cyber threats grow in sophistication, organizations must adapt their compliance frameworks to provide effective protection. HITRUST’s PRISMA maturity model has been significantly updated to incorporate these threats and puts emphasis on both the Implementation stage and Measured stage to support achieving and maintaining certification.
The most recent update, HITRUST CSF Version 11.6.0, includes enhancements to streamline assessments and integrate new standards. Security leaders should familiarize themselves with the changes to not only maintain compliance, but also, improve their organization’s overall cybersecurity posture.
On August 22, 2025, HITRUST CSF v11.6.0 was released with the following updates:
These updates are designed to simplify the assessment process and better enable organizations to demonstrate compliance with applicable standards and regulations.
The HITRUST PRISMA maturity model assesses organizations across five levels: Policy, Procedure, Implemented, Measured, and Managed. More recent iterations of the model have shifted attention to the implementation and measured levels, indicating a recent serious consideration for the operational and ongoing evaluation of security controls.
Under the implemented level, organizations are expected to effectively deploy and operate security controls. Organizations need to define and document their security controls, but they also need to make sure that their security controls are operating to protect their systems and data (e.g., firewalls are configured; encryption is in place; access is effectively controlled).
The measured level includes a continual evaluation of the performance of the implemented controls. Organizations need to track and report on the effectiveness of their security controls (e.g., reviewing system event logs, vulnerability assessments, and penetration testing). Ongoing evaluation will demonstrate the effectiveness of the security controls to reduce risks and meet compliance.
Artificial Intelligence (AI) and automation are beginning to take a s significantly accelerate the HITRUST certification process in the Implementation and Measured stages. AI tools and automation can assist in the collection of evidence, control performance analysis, significant role in accelerating the HITRUST certification process in the Implementation and Measured stages. AI tools, as well as automation, can assist in the collection of evidence, control performance analysis and reporting features of the HITRUST process.
AI tools can collect logs, settings, and stake state changes for evidence and compliance evaluation, or for external stakeholder submissions. By leveraging AI technology, organizations can reduce the burden of compliance and audit data collection and ensure a uniform approach to compliance and evidence collection across the org organisations can reduce the burden of compliance and audit data collection and ensure a uniform approach to compliance and evidence collection across the organization Reduce the burden of compliance and audit data collection, and ensure a uniform approach to compliance and evidence collection across the organization .
AI can monitor security controls for effectiveness over time, making adjustments as necessary to maintain and improve performance. Machine learning algorithms can identify potential vulnerabilities as well as new and evolving threats, allowing organizations to effectively manage risks in real time.
To meet the updated HITRUST CSF v11.6.0 and successfully navigate Implementation and Measured stages, organizations should consider the following steps:
Review your existing controls against HITRUST CSF Version 11.6.0 to assess if other gaps have been introduced by the change. This will give you a chance to correct the gaps before having to show alignment with the standard.
Put resources into deploying and operating security controls. Documentation is important but implementation is the goal to ensure that controls protect your systems and data.
Use AI tools to automate evidence collection, continued monitoring, and reporting. This will not only streamline compliance, but it will also improve security controls.
Create legacy processes to regularly evaluate control effectiveness and gather evidence of all controls: regularly monitor logs, monthly vulnerability assessments, and periodic penetration testing to ensure controls remain effective.
Work with HITRUST certified assessors who are familiar with the most recent changes to the framework. Experienced assessors can help you navigate the pitfalls and identify areas of improvement during the certification process.
HITRUST CSF Version 11.6.0 is designed to provide and support a new, simplified, more flexible model for compliance related to the cybersecurity program. The emphasis on the Implementation and Measured stages allows organisations to prove that they implemented their security controls, and that they are monitoring and measuring their effectiveness When implemented properly, with AI or automation, organizations can better facilitate the evaluation, monitoring and documentation of these processes, as they continue to face an increasingly changing threat landscape.
Enjoyed reading this blog? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn.
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
More information about our Cookie Policy
