What frameworks are the HITRUST CSF built upon?

The HITRUST CSF integrates and harmonizes multiple authoritative sources and frameworks, including:

NIST SP 800-53 (security and privacy controls for federal systems).

ISO/IEC 27001/27002 (international information security management standards).

ISO 27799 (information security for healthcare).

HIPAA Omnibus Rule (U.S. healthcare privacy and security requirements).

NIST SP 800-37 (Risk Management Framework) is a methodology, not a control framework, so it is not included.

Extract Reference (HITRUST CSF Overview, CCSFP Guide [0005]):

The CSF integrates requirements from ISO, NIST, HIPAA, and other authoritative sources to create a unified control framework.

Correct responses: NIST SP 800-53, ISO 27799, ISO 27001/2, HIPAA Omnibus Rule.