©2023 ThreatLocker Inc. All Rights Reserved.

Introduction
HITRUST CSF (Health Information Trust Alliance Common
Security Framework) is a security framework based on
risk and compliance. It provides a set of thirteen baseline
controls for security and privacy that can be leveraged by
any organization.

ThreatLocker® is not a member of the HITRUST External

Assessor program and, therefore, not privy to the exact
specifications referenced by each of the HITRUST Control
Categories and Control Objectives. This document will offer
a general outline of the HITRUST CSF. Topics highlighted are
items typically aligned to ThreatLocker® solutions. For more
specific HITRUST CSF compliance information and to find an
External Assessor, please visit https://hitrustalliance.net/

©2023 ThreatLocker Inc. All Rights Reserved. 2

Outline of HITRUST CSF Control
Categories and Objectives
InfoSec Management Program
1. Access Control
01.1 Business Requests for Access Control
01.2 Authorized Access to InfoSys
01.3 User Responsibilities 9. Communication and Operations
01.4 Network Access Control 09.1 Management
09.2 Documented Ops Procedures
01.5 OS Access Control
09.3 Third Party Service Delivery
01.6 App & Information Access Control
09.4 System Plan. & Acceptance
01.7 Mobile Computing & Telework 09.5 Malicious/Mobile Code Protection
2. Human Resources Security 09.6 Information Backup
02.1 Prior to Employment 09.7 Network Security Management
02.2 During Onboarding 09.8 Media Handling
02.3 During Employment 09.9 Exchange of Information
09.10 E-Commerce Services
02.4 Termination or Change of
09.11 Monitoring
Employment
10. InfoSys Acquisition, Development,
3. Risk Management
and Management
03.1 Risk Management Program
10.1 Security Requirements in InfoSys
4. Security Policy 10.2 Correct Procedures in Apps.
04.1 InfoSec Policy 10.3 Crypto. Controls
10.4 Security of System Files
5. Organization of InfoSec 10.5 Security in Development and
05.1 Internal Organization Support Procedures
05.2 External Parties 10.6 Vulnerability Management
6. Compliance 11. InfoSec Incident Management
06.1 Compliance w/ Legal Requirements 11.1 Incident & Weakness Reporting
06.2 Compliance with Security Policy 11.2 Incident & Improvement
06.3 InfoSys Audit Considerations Management
7. Asset Management 12. Business Continuity
07.1 Responsibility for Assets 12.1 InfoSec Aspects of BCM (Business
07.2 Information Classification Continuity Management)
8. Physical & Environmental Security 13. Privacy Practices
08.1 Secure Areas 13.1 Openness & Transparency
08.2 Equipment Security 13.2 Individual Choice & Participation
13.3 Correction
13.4 Collection, Use, & Disclosure

©2023 ThreatLocker Inc. All Rights Reserved. 3

ThreatLocker® and Access Control
ThreatLocker® Allowlisting, Ringfencing™, Storage Control,
and Network Control, work together to help control access
across a business environment.

Allowlisting
Create policies that permit users access to
only the specific applications they need for
business, based on their responsibilities. All
unapproved applications will be denied by
default.

Ringfencing™
Use Ringfencing™ to create boundaries for
permitted applications to prevent them from
touching files, the registry, communicating
with other applications, and communicating
with the internet. Permit applications access
to only what they need.

Storage Control
ThreatLocker® Storage Control gives IT
professionals control over data storage. Lock
down network shares and external media
to prevent unauthorized access. Maintain
visibility of all file access, whether successful
or not, in the Unified Audit.

Network Control
ThreatLocker® Network Control will control
inbound network traffic, whether computers
are connecting from the office or remotely.

ThreatLocker® and Equipment Security

ThreatLocker® can help to secure all network-connected
equipment. ThreatLocker® Network Control can control all
inbound connections to specific devices based on their IP
address, so even devices without ThreatLocker® Installed,
like a medicine cart, can be protected from unauthorized
digital access.

©2023 ThreatLocker Inc. All Rights Reserved. 4

ThreatLocker®
and Communication
and Operations Management
ThreatLocker® Allowlisting and Network Control
can assist organizations in maintaining secure
operations management.
Allowlisting
Denying by default, ThreatLocker® Allowlisting
helps prevent malware. Scripts can only run after
being permitted. No unknown or unapproved
changes in scripts can run, protecting against
malicious code.
Network Control
ThreatLocker® Network Control is centrally
managed from the ThreatLocker® portal. From
there, only authorized admins can view and/or
edit any Network Control policies to help maintain
a secure network environment.
ThreatLocker® and InfoSec
Incident Management
ThreatLocker® can assist with information security
incident management. ThreatLocker® Allowlisting,
Ringfencing™, Storage Control and Network
Access Control work together to secure the
digital environment, reducing the opportunity for
information security incidents. The ThreatLocker®
Unified Audit keeps a near-real-time record of all
application, file, and network activity occurring in
the environment, including the hostname where
the action occurred and what user was logged
in. For network activity, see the IP address of the
host initiating connection and the IP of where
©2023 ThreatLocker Inc. All Rights Reserved.
ThreatLocker® and InfoSys
Acquisition, Development,
and Management
ThreatLocker® may be able to assist in this
area. ThreatLocker® Allowlisting will prevent
any executable that has not been expressly
permitted. Default deny automatically blocks
any executable not on the allow list, including
scripts and DLLs. For permitted apps, they can
be permitted on a very granular basis, down to
only a single user, only during a certain time.
Ringfencing™ can ensure that applications cannot
make registry changes, talk to the internet,
interact with your files, or interact with other
applications. ThreatLocker® Ops can alert you
that certain vulnerable software is present in your
environment.
it is attempting to connect. In the event of an
incident, the Unified Audit can be leveraged to
assist in forensic analysis. ThreatLocker® Ops can
alert, detect, and respond to behaviors based
on personalized policies. So, while a perceived
threat is blocked by the other ThreatLocker®
modules, Ops can automatically notify you
and act according to the thresholds that have
been implemented by you. ThreatLocker® Ops
policies can also be configured to alert you that
certain vulnerable software is running in your
environment.
5
About Us
ThreatLocker® is a zero trust endpoint protection
platform that improves enterprise-level security
with zero trust controls, including Allowlisting,
Ringfencing™, Elevation, Storage, Network
Control, Configuration Management, and
Operational Alert solutions.

Learn more about ThreatLocker® at

sales@threatlocker.com

+1-833-292-7732

©2023 ThreatLocker Inc. All Rights Reserved. 6