Skip to main content
Skip table of contents

HITRUST CWE Coverage

Overview

Health Information Trust Alliance (HITRUST) is a comprehensive framework that plays a significant role in application security, particularly for organizations handling sensitive healthcare data.
HITRUST develops, maintains, and provides broad access to its widely adopted common risk and compliance management frameworks, related assessments, and assurance methodologies.

This article organizes Common Weakness Enumerations (CWEs) relevant to HITRUST.

Each row in the table below outlines a specific compliance standard, categorized by the following columns:

  1. Compliance Standard: The specific category of the standard to which the CWE is mapped.

  2. Languages: Supported programming languages.

  3. CWE-ID: The relevant CWE for this standard, along with a short description.

HITRUST CWE Coverage

Compliance Standard

Languages

CWE-ID

10.b: Input Data Validation (Level 1 Implementation)

  • ABAP

  • ASP Classic/Visual Basic/VBScript

  • Apex

  • C#

  • C# Gen 2

  • C/C++ (Beta)

  • Cobol

  • ColdFusion

  • Go

  • Groovy

  • Java

  • Java Gen 2

  • JavaScript / Node.js

  • JavaScript / TypeScript Gen 2

  • Kotlin

  • Kotlin Mobile

  • PHP

  • PLSQL

  • Python

  • Python Gen 2

  • R

  • Ruby

  • Swift

  • TypeScript

  • VB.Net

  • Xamarin (C#)

  • iOS Objective-C

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

  • CWE-73: External Control of File Name or Path

  • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

  • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

  • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

  • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

  • CWE-346: Origin Validation Error

  • CWE-400: Uncontrolled Resource Consumption

  • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

  • CWE-501: Trust Boundary Violation

  • CWE-502: Deserialization of Untrusted Data

  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

  • CWE-611: Improper Restriction of XML External Entity Reference

  • CWE-643: Improper Neutralization of Data within XPath Expressions ('XPath Injection')

  • CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

  • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

  • CWE-918: Server-Side Request Forgery (SSRF)

  • CWE-943: Improper Neutralization of Special Elements in Data Query Logic

  • CWE-1333: Inefficient Regular Expression Complexity

  • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.