An organization uses system administrators to measure firewall configuration security. Assuming the seven Measured criteria are met, a Tier 4 strength would be an appropriate starting point to determine the Measured compliance rating.
TheMeasured maturity levelevaluates whether organizations actively monitor the effectiveness of controls. HITRUST definesseven criteriafor Measured, including metrics, data collection, analysis, reporting, and corrective action tracking. If these seven criteria are fully met, scoring can begin atTier 4 strength, reflecting a mature measurement process. In the example, system administrators are responsible for measuring firewall configuration security, and if they meet all seven criteria (such as reviewing firewall rules, analyzing logs, reporting deviations, and initiating remediation), the Measured compliance level can start at Tier 4. The assessor may then adjust scoring based on coverage and frequency, but the baseline is Tier 4 once all criteria are satisfied. This ensures consistent evaluation of advanced maturity levels across controls.
[References:HITRUST Scoring Rubric – “Measured Criteria and Tiers”; CCSFP Practitioner Guide – “Evaluating Measured and Managed Levels.”, , , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit