The HITRUST Common Security Framework (HITRUST CSF) is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient approach to regulatory compliance and risk management.

Information Protection Program
Processes should be in place to ensure confidentiality, integrity, and availability of sensitive data. This includes the information security management system.
Endpoint Protection
This refers to anti-virus/anti-malware configurations, firewalls, intrusion detection systems, software updates, patches, and more. It includes requirements common to laptops, workstations, storage (e.g., NAS), and servers.
Portable Media Security
This control domain includes mobile storage (e.g., USB drives, CD-ROMs, DVD-ROMs, backup tapes).
Configuration Management
This includes all aspects of configuration management (e.g., configuration item identification, configuration status accounting, change control, and configuration audit), as well as environments used for development and testing.
Vulnerability Management
This includes vulnerability scanning and patching, antivirus/anti-malware and network/host-based penetration detection systems, and updates.
Network Protection
This includes all aspects of perimeter and internal network security, such as network-based application-level firewalls and intrusion detection systems, DDOS protection, and IP reputation filtering.
Transmission Protection
This includes web and network connections, such as those for VPN, email, and chat.
Password Management
This control covers issues that involve the use of traditional passwords.
Access Control
This control includes all aspects of access control other than the use of traditional passwords.
Audit Logging and Monitoring
This refers to controls for audit logging and monitoring.
Incident Management
These controls relate to incident monitoring and detection activities, incident response, and breach reporting.
Business Continuity and Disaster Recovery
This covers all aspects of contingency, business continuity, and disaster recovery, like planning, implementation, testing.
Data Protection and Privacy
The control is set to address the organization's compliance and privacy program and related controls.

To View the Compliance Programs available visit Compliance in your Aqua CSPM Console, and select Defaults or Custom to filter the programs displayed, you can also expand the program control details using the Expand Settings toggle.