The HITRUST AI Security Assessment: Explained

by: Shreesh Bhattarai 3 mins
feature HITRUST AI Security rectangle 1 0

As artificial intelligence (AI) continues to position itself as an integral part of business operations in 2025, safeguarding AI systems against security threats is essential. Recognizing this need, HITRUST has launched its own AI Security Assessment, offering organizations a robust framework to address the unique challenges of deployed AI technologies.

What is the HITRUST AI Security Assessment?

HITRUST’s AI Cybersecurity Assessment provides a structured approach to evaluate and manage AI-related risks, ensuring secure, transparent, and ethical AI practices for not only healthcare organizations, but for businesses operating across all sectors.

Based on ISO/IEC 23894:2023 and the NIST AI Risk Management Framework, this assessment includes 51 controls for AI governance to ensure comprehensive risk management without disrupting current and ongoing compliance efforts.

Key features of the HITRUST AI Security Assessment include:

  1. Curated security controls: Focused on the distinct challenges posed by AI technologies, these controls are specifically designed to address AI-related vulnerabilities.
  2. AI-specific threat requirements: The assessment leverages insights from authoritative sources to establish security requirements that counter emerging AI threats.
  3. Control inheritance: Organizations can inherit controls from their AI solution providers, streamlining the assessment process and reducing administrative burdens.

The assessment provides a report with strengths and improvement areas, adaptable for various AI stages, supporting self-assessment or HITRUST validation. Certified entities will receive HITRUST e1, i1, or r2 Certification reports and letters, as well as AI Security Certification reports and letters.

Who can get a HITRUST AI Security Assessment?

Although organizations in any industry can conduct a HITRUST AI Security Assessment, there are certain guidelines that must be met to be assessed.

To achieve certification, organizations must meet the following guidelines:

  • Be an AI platform and product provider – this excludes AI developers, users and partners
  • Achieve HITRUST e1, i1, or r2 certification prior to the AI Security Assessment
  • Achieve the following minimum score on applicable assessments:
    • e1 and i1 assessments: 83
    • r2 assessments: 62

Why should organizations pursue a HITRUST AI Security Assessment?

Businesses across all industries are heavily investing in AI as its use expands rapidly. However, AI systems process sensitive data, making them prime targets for cyberattacks.

With new regulations like the EU AI Act, organizations must proactively manage AI risks to ensure compliance and gain a competitive edge as reliance on AI grows.

Ensuring robust security measures is crucial for protecting data integrity, preventing breaches, and maintaining compliance. The HITRUST AI Security Assessment provides a structured framework to address these challenges, fostering trust and resilience in your AI initiatives.

Additionally, organizations using CSF v11.4.0 or newer can now add the “Cybersecurity for AI Systems” compliance factor through the MyCSF platform. This integration, which requires additional report credits and adheres to standard QA reservation protocols for validated reports, seamlessly integrates with existing HITRUST e1, i1, and r2 assessments.

Partnering with A-LIGN for your HITRUST AI cybersecurity needs

A-LIGN provides comprehensive services to guide your organization through the HITRUST AI Security Assessment process, no matter where you are at on your journey.

  1. Advisory services: Our readiness assessments identify gaps and prepare your organization to meet HITRUST requirements efficiently.
  2. Comprehensive assessments: We conduct HITRUST AI Security Assessments, as well as HITRUST AI Risk Management Assessments, and handle submission to HITRUST for certification, streamlining your compliance journey.
  3. End-to-end support: From preparation to certification, we ensure a smooth process, allowing your team to focus on core business activities.

The HITRUST AI Security Assessment helps to safeguard AI technologies against evolving threats. With A-LIGN’s high-quality audit services and unparalleled expertise, you can confidently navigate this process, enhancing your AI security posture and maintaining compliance with global standards.

Contact A-LIGN and one of our compliance experts will be in touch to start your HITRUST AI security journey.

Let's map out your compliance roadmap.

Begin your compliance journey with A-LIGN today.

GET STARTED