Armor customers benefit from inherited HITRUST CSF controls just by securing their data workloads and applications with our HITRUST CSF-certified solutions. This means streamlined audits and cost savings for organizations without robust cloud security programs.
Click on the tabs below to see key HITRUST CSF controls addressed by our solutions:
| Armor Security Services | HIPAA/HITECH Controls | HITRUST CSF v8 Controls Required for Certification | Risk Mitigation |
| Intrusion Detection | Security best practice – implied control under 164.306(A) | 09.m | Malicious allowed traffic |
| Internal Network Vulnerability Scanning | Included in §164.308(a)(1) | 10.m | Exploits due to missing patches/updates; improper network firewall configuration |
| File Integrity Monitoring | §164.312(e) | 09.ab, 10.h | Monitoring unauthorized changes to critical files |
| OS Patching/Updating | Security best practice implied control under 164.306(A) | 10.m | OS weaknesses Malware Protection |
| Malware Protection | §164.308(a)(5)(ii)(B) | 09.ab(HT4), 10.h | Compromise due to virus/malware infection |
| Log Management | §164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b) | 09.aa, 09.ab, 09.ac | Detection of malicious activity |
*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.
| Armor Security Services | HIPAA/HITECH Controls | HITRUST CSF v8 Controls Required for Certification | Risk Mitigation |
| IP Reputation Filtering | §164.308(a)(1)(ii)(A) | 09.m | Activity from known bad sources |
| DDoS Mitigation | Security best practice implied control under 164.306(A) | 09.m, 09.h (included in Level 2 implementation) | Loss of availability due to high volume of malicious activity |
| Web Application Firewall | Security best practice – implied control under 164.306(A) | 09.m | Application layer flaws and exploits |
| Intrusion Detection | Security best practice implied control under 164.306(A) | 09.m | Malicious allowed traffic |
| Network Firewall (Hypervisor-Based) | Security best practice implied control under 164.306(A) | 01.m, 01.o, 01.w, 09.m | Unwanted network connectivity |
| Secure Remote Access (Two-factor authentication) | §164.312(d), §164.312(a)(2)(iii) | 01.j, 05.i, 09.s | Unauthorized remote use of administrative access |
| Secure Remote Administrative Access | §164.312(d) | 01.j, 05.i, 09.m, 09.s | Disclosure of administrative credentials |
| OS Patching/Updating | Security best practice implied control under 164.306(A) | 10.m | OS weaknesses Malware Protection |
| Malware Protection | §164.308(a)(5)(ii)(B) | 09.ab, 10.h | Compromise due to virus/malware infection |
| Log Management | §164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b) | 09.aa, 09.ab, 09.ac | Detection of malicious activity |
| Physical Security | §164.310(a)(2)(i), §164.310(a)(2)(ii), §164.310(a)(2)(iii), §164.310(a)(2)(iv) | 08.b, 08.d, 08.j, 09.ab, 09.q | Physical theft or compromise of data |
*Please note that the above table does not represent all HITRUST controls nor those covered by Armor. View the full compliance matrix for additional information.
Leverage our HIPAA compliance expertise to overcome any compliance challenge. We provide 24/7/365 hands-on support for your internal teams tasked with managing HIPAA-regulated data and compliance. Relying on our proven security talent is the most direct way to increase your cloud security proficiency without adding to headcount or purchasing and integrating DIY tools.
Our talent and best-of-breed security technologies culminate in a heightened level of cloud security and compliance that only we can deliver.
Learn more about extending your security team.
