HITRUST Password Requirements

The Health Information Trust Alliance, also known as HITRUST, is an organization that created the Common Security Framework (CSF). The HITRUST Alliance is a non-profit organization with a program set up to standardize compliance requirements amongst many industries. A few examples of compliance standards that have been included are: federal legislation (ARRA and HIPAA), federal agency rules and guidance (NIST, FTC and CMS), state legislation (Nevada, Massachusetts and Texas), and industry frameworks (PCI and COBIT). All of these separate compliance standards can now be normalized under one umbrella compliance standard known as HITRUST.

The nFront Password Filter can help with these password requirements located in the CSF:
• 01.d User Password Management
• 01.f Password Use
• 01.r Password Management System

A few key points of password related standards with HITRUST are:
• Require a password change every 90 days
• Privileged Account passwords must change every 60 days
• Prohibit the recycling of the last 4 passwords
• Require a minimum of 4 characters to be changed from old to new password
• Passwords must not be vulnerable to any dictionary attack
• Prohibit the use of consecutive identical characters in passwords

Get prepared for your HITRUST audit today by fulfilling the password requirements. All task items will need to be completed in order to obtain a HITRUST certification for your organization. For a complete list of the HITRUST requirements, please visit their website.

Twitter Digg Delicious Stumbleupon Technorati Facebook Email

Comments are closed.