Armor Helps Simplify HIPAA Compliance
HITRUST CSF-Certified Solutions
Armor is certified by HITRUST whose framework is designed to simplify HIPAA compliance requirements by providing prescriptive compliance guidelines.
Inherited Compliance Controls
Our technology was built to address the risk-based nature of HIPAA compliance.
HIPAA Compliance Support
Our security team provides 24/7/365 support to help you overcome any compliance challenge.
Security-driven Compliance
True cloud security means compliance is an outcome of a security program, not its goal. Our approach to security does just that—proactive cybersecurity powered by the experts in our 24/7/365 Security Operations Center.
It wasn’t just about achieving HITRUST CSF certification, though that was the original intention. Now it’s about moving beyond certification and becoming a security thought leader in the healthcare industry.

Compliance Standards We Support






Inherited HITRUST CSF Controls
Armor customers benefit from inherited HITRUST CSF controls just by securing their data workloads and applications with our certified solutions. This means streamlined audits and cost savings for organizations.
Click on the tabs below to see key HITRUST CSF controls addressed by our solutions:
Armor Anywhere - HITRUST CSF Compliance Matrix
Armor Security Services | HIPAA/HITECH Controls | HITRUST CSF v8 Controls Required for Certification | Risk Mitigation |
Intrusion Detection | Security best practice – implied control under 164.306(A) | 09.m | Malicious allowed traffic |
Internal Network Vulnerability Scanning | Included in §164.308(a)(1) | 10.m | Exploits due to missing patches/updates; improper network firewall configuration |
File Integrity Monitoring | §164.312(e) | 09.ab, 10.h | Monitoring unauthorized changes to critical files |
OS Patching/Updating | Security best practice implied control under 164.306(A) | 10.m | OS weaknesses |
Malware Protection | §164.308(a)(5)(ii)(B) | 09.ab(HT4), 10.h | Compromise due to virus/malware infection |
Log & Data Management | §164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b) | 09.aa, 09.ab, 09.ac | Detection of malicious activity |
Armor with Secure Hosting - HITRUST CSF Compliance Matrix
Armor Security Services | HIPAA/HITECH Controls | HITRUST CSF v8 Controls Required for Certification | Risk Mitigation |
IP Reputation Filtering | §164.308(a)(1)(ii)(A) | 09.m | Activity from known bad sources |
DDoS Mitigation | Security best practice implied control under 164.306(A) | 09.m, 09.h (included in Level 2 implementation) | Loss of availability due to high volume of malicious activity |
Web Application Firewall | Security best practice – implied control under 164.306(A) | 09.m | Application layer flaws and exploits |
Intrusion Detection | Security best practice implied control under 164.306(A) | 09.m | Malicious allowed traffic |
Network Firewall (Hypervisor-Based) | Security best practice implied control under 164.306(A) | 01.m, 01.o, 01.w, 09.m | Unwanted network connectivity |
Secure Remote Access (Two-factor authentication) | §164.312(d), §164.312(a)(2)(iii) | 01.j, 05.i, 09.s | Unauthorized remote use of administrative access |
Secure Remote Administrative Access | §164.312(d) | 01.j, 05.i, 09.m, 09.s | Disclosure of administrative credentials |
OS Patching/Updating | Security best practice implied control under 164.306(A) | 10.m | OS weaknesses |
Malware Protection | §164.308(a)(5)(ii)(B) | 09.ab, 10.h | Compromise due to virus/malware infection |
Log & Data Management | §164.308(a)(1)(ii)(D), §164.308(a)(5)(ii)(C), §164.312(b) | 09.aa, 09.ab, 09.ac | Detection of malicious activity |
Physical Security | §164.310(a)(2)(i), §164.310(a)(2)(ii), §164.310(a)(2)(iii), §164.310(a)(2)(iv) | 08.b, 08.d, 08.j, 09.ab, 09.q | Physical theft or compromise of data |
Armor Compliance Expertise: HIPAA
Armor is HITRUST CSF certified. We are HIPAA compliance experts. In fact, HITRUST chose us to secure their MyCSF application. Plus, you’re compliant the day you entrust your security needs with Armor.
Our talent and best-of-breed security technologies culminate in a heightened level of cloud security and compliance that only Armor can deliver.
- Our CISO Is Your CISO: Extend your cloud security roster with proven security talent. We streamline audits and assessments with hands-on expertise and guidance through any HIPAA and HITRUST CSF cloud compliance challenge.
- Certifiable Cyber Security Experts: The individuals in our Security Operations Center and compliance team have industry-leading certifications.
- Proven Cloud Security Results: Our Security Operations Center analyzes over 224M events and handles over 80 incidents daily.