We are pleased to announce that, until further notice, HITRUST Academy will be providing Certified CSF Practitioner (CCSFP) classes in a virtual classroom environment. HITRUST is committed to providing the highest quality training experience and has designed a virtual training program consistent with those expectations.
This virtual training environment will be your only option for participating in a CCSFP class through December 31, 2020.
If you have registered for an onsite class that was canceled or suspended, we will either automatically reschedule you to a virtual class during the same week or contact you to assist in rescheduling to a different week if your original date is not available. There will be no fee or penalty for changing dates*.
To enroll in a course, click here.
To read the related FAQs, click here.
The Certified CSF Practitioner Course includes in-depth instruction on risk management practices, and how to implement the CSF and utilize the methodology to perform assessments and validate compliance. The curriculum is supported by case studies, hands-on learning and real-world application of the knowledge learned.
This course is delivered in three components: (1) online pre-work via the HITRUST Academy learning management system, (2) classroom instruction conducted virtually and (3) online Practitioner exam.
- Overview of key players and how they interconnect
- Analysis and discussion of trends within industry relating to privacy and security (e.g., challenges and constraints, top concerns and initiatives)
- Overview of the regulatory landscape that affects organizations (e.g., compliance agencies, standards, regulations)
- Review of market dynamics and the challenges facing industry
- Introduction to HITRUST and the CSF
- Discussion of risk management and its relation to the CSF
- Review of the CSF Assurance Program
Virtual Classroom Topics
- Thorough review of the structure of the CSF, including the control categories, objectives, and control references, multiple levels of implementation requirements, risk factors and authoritative sources cross referenced
- Detailed explanation of MyCSF, including a review of each component and case studies with hands-on use of each component
- Overview of the CSF Assurance Programs as a means of managing and communicating security internally and with third parties (e.g., business partners, customers, vendors)
- Introduction to the tools and methodology for utilizing the CSF
- Discussion of best practices for adoption and performing an assessment
- Explanation of the differences between CSF Validated and CSF Certified assessments and their value to an organization
- A review of the requirements for CSF certification
To properly access and utilize the course materials and tools used in the course, students must provide their own computer, equipped with either the Chrome, Edge, Safari (except on Windows), or Firefox browser, and Adobe Reader software. (Note: Internet Explorer is not supported on the Academy platform.)
The course is required for individuals working as part of a HITRUST Authorized External Assessor organization that wishes to provide HITRUST and CSF-related services. It is also for those organizations that plan to leverage the framework and process internally.
The cost for the Certified CSF Practitioner Course is $3,000. The Practitioner Exam is included in the course price provided it is completed within 2 weeks of the class end date of the session attended. After that time, an individual who has attended the class may take the exam no later than 30 days after their class end date for a $500 fee. Additional information regarding exam retakes, is available here.
To enroll in the course each individual must have an account on the HITRUST Academy. Seats are available on a first-come, first serve basis and guaranteed only when payment in full has been received (or coupon code applied in the case of those paying through the invoice process).
Approximately 20 days before the class start date, enrolled students are given access to the online pre-work module (takes 2-3 hours to complete). The pre-work must be completed prior to arriving for the classroom component. Those who do not complete required pre-work will not be allowed to take the certification exam and will not receive a refund for the course. Experience in IT compliance or audit is helpful.
Attendees must pass the Practitioner Exam to become a Certified CSF Practitioner (CCSFP). The CCSFP certification is valid subject to remaining current with required training. Practitioners are required to complete an online, annual refresher course each of the two years following classroom component completion and attend the full class again the third year to maintain the CCSFP certification. The training is due no later than the end of the month that corresponds with the certification’s original anniversary date.
Continuing Professional Education Credit
Participants who complete the Certified CSF Practitioner Course and pass the Exam are eligible for 27 hours to be applied toward continuing professional education (CPE) credit. Certificates will include the CPE hours and are available on an individual’s HITRUST Academy account.
Payment and Change Policies
Detailed information regarding payment, cancellations, refunds, transfers, substitutions, or exam retakes is available here.