HITRUST has recently released the latest update to their framework. It has bumped from v8 to v8.1.
Included in the 8.1 documentation package (available here: HITRUST Alliance | HITRUST CSF | Information Risk Management) is a summary of changes to the HITRUST rules and regulations from v8 to v8.1 (HITRUST CSF v8_1 Summary of Changes - FINAL.PDF).
It would be great if the Eramba compliance package for HITRUST would be updated to 8.1 as well.
As a follow up, I just received an email today outlining HITRUST’s CSF roadmap for 2017.
There are two HITRUST CSF releases scheduled in 2017. A minor release—CSF v8.1—that was made available on February 6, 2017, and a major release—CSF v9—which is scheduled for July 2017. Among several minor enhancements, the HITRUST CSF v8.1 release updates content and mappings for PCI DSS v3.2 and MARS-E v2. A more detailed explanation of the updates in the v8.1 release can be found in the HITRUST CSF v8.1 Summary of Changes (included as part of the complete HITRUST CSF download).
8.1 is the latest update that has been released. 9.0 won’t be until July.
As far as the 8.1 documents go, HITRUST has not provided a spreadsheet in the free ZIP file of documents. They did, however, provide a document that contains a summary of changes.
CSFv8_1Introduction.pdf
HITRUST_2017_CSF_v8.1_Stds_and_Regs_X-Ref_FINAL.XLSX - Mapping to other rules/regulatory frameworks
HITRUST CSF v8_1 Summary of Changes - FINAL.PDF - Summary of Changes from 8.0 to 8.1
HITRUST CSF v8_1.pdf - Full 8.1 ruleset