Compliance evidence
HITRUST — domain & certificate controls
Healthcare organizations and their vendors — especially those needing to cover HIPAA, HITECH, PCI, and state laws in one certification.
Authority: HITRUST Alliance
What HITRUST actually requires
HITRUST CSF harmonizes 40+ authoritative sources (HIPAA, NIST, ISO, PCI, GDPR, state regs) into one control framework. The r2 Validated Assessment is the most rigorous level. Certificate health maps to the 'Encryption' and 'Network Security' control categories.
Full name: HITRUST CSF (Common Security Framework).
Controls that touch certificates and domains
These are the 3 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
06.e | Encryption of ePHI in transit | Required implementation for HITRUST-certified healthcare SaaS. |
10.f | Policy on the Use of Cryptographic Controls | Inventory and lifecycle of cryptographic assets including certificates. |
10.g | Key Management | Certificate renewal and revocation are explicit scope. |
What the evidence pack contains
CertRadar’s one-click export for HITRUST includes:
- HITRUST-mapped cert inventory
- Evidence of encryption policy enforcement
- Key lifecycle audit (issuance, renewal, revocation events)
Example domains in HITRUST scope
Representative domains often monitored for HITRUST evidence. Check any of them live:
Ship the HITRUST evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to HITRUST controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist