Every two minutes Pyrenth checks each control against the running application and updates the list below. No patient health information appears here. The real evidence files a third party assessor reviews sit behind the assessor sign in.
| Control | Framework | Status | Detail |
|---|---|---|---|
| HITRUST-MAP | HITRUST | Pass | Pyrenth federal compliance audit waves present: w1/w2/w3=true, w4_cognito=true; HITRUST CSF cross reference covers HIPAA, NIST 800-53, NIST 800-171, FIPS 140, VA Directive 6500, HSPD-12 PIV, TIC 3.0, CMMC 2.0, Section 508, DFARS 7012, HHS ONC, NIST 800-63B AAL3, FedRAMP Moderate, 42 CFR Part 2 |
| HITRUST-CERT | HITRUST | Not applicable | HITRUST CSF certification deferred until federal payer contract signed; not required for SDVOSB direct VA work |
| HITRUST-ASSESS | HITRUST | Not applicable | Annual assessment deferred until cert path activated |
| HITRUST-AEA | HITRUST | Not applicable | External assessor selection deferred until cert path activated |
| MACIE-PHI-INVENTORY-HIPAA-164-312-B | HITRUST | Not applicable | MACIE_ENABLED env not set; AWS Macie continuous PHI discovery deferred until Phase 2 Kyle enablement gate (3 CLI commands, ~$12 one time + $1.20 per month). Probe MCP pyrenth_macie_phi_discovery_probe ships read only Phase 1 plumbing. |
| HITRUST-09.aa | HITRUST | Not applicable | HITRUST 09.aa satisfied AT STRENGTHENED level via cross walk of NIST 800-53 AU-2 plus AU-12. AuditAction enum plus AuditLogger singleton both present plus above-baseline evidence count = 3 of 3: cloudtrail-multi-region, cloudtrail-customer-kms-encrypted, audit-chain-merkle-verified-ok. |
| HITRUST-06.d | HITRUST | Not applicable | HITRUST 06.d satisfied AT STRENGTHENED level via cross walk of NIST 800-53 SC-28. pgcrypto column level encryption configured plus above-baseline evidence count = 3 of 3: rds-storage-encrypted-customer-cmk, s3-default-encryption-customer-cmk, pgcrypto-column-level-phi-encryption. |