Rapid7 integrates Surface Command with HITRUST to automate cybersecurity compliance

Rapid7, Inc. has integrated its Surface Command platform with the HITRUST assurance framework to support organizations in shifting from periodic audits to continuous compliance validation. This collaboration aims to automate compliance processes, potentially reducing audit burdens and enhancing cybersecurity management.

Organizations encounter evolving threats and regulatory demands requiring constant security readiness. Conventional assurance practices, reliant on manual evidence gathering and scheduled audits, often result in inefficiencies and outdated assessments. The integration offers continuous observation of security controls, enabling ongoing verification aligned with HITRUST standards.

Surface Command equips organizations with comprehensive visibility into their attack surfaces. Paired with HITRUST's framework, Rapid7 customers gain capabilities to collect, map, and validate controls automatically. This approach assists in identifying control drift, managing vulnerabilities, and aligning cyber exposure data with compliance requirements.

The collaboration has produced tools permitting automatic collection, mapping, and validation of cybersecurity controls against established HITRUST standards. This functionality aims to reduce audit scope and resource consumption while maintaining updated compliance evidence.

Jon Schipp, senior director of product management at Rapid7, said, “Rapid7 solutions already deliver unmatched visibility and context, enabling our customers to proactively prevent and detect security incidents. With this collaboration, we are now able to benchmark customers against HITRUST, ultimately reducing both the cost and burden of compliance while also enabling them to achieve continuous assurance against the comprehensive framework for greater protection from threats.” Blake Sutherland, executive vice president, market engagement at HITRUST, said, “The 2025 HITRUST Trust Report demonstrated that organizations who implement our controls achieve a mere 0.59% averaged annual breach rate - a significant new benchmark in reliable risk mitigation for the industry. This collaboration with Rapid7 maps our controls to their proactive protections, giving joint customers the ability to maintain evidence of compliance, reduce evidence decay and ensure that the utmost security requirements are relevant, reliable and recorded for continuous assurance and even higher level of trust in security postures.”

The organizations presented that customers moving forward can deploy continuous assurance programs replacing prior point-in-time audits, facilitating sustained compliance visibility, proactive risk mitigation, audit burden reduction, and improved cyber insurance interactions. These efforts intend to promote cost efficiencies by minimizing resource demands associated with traditional compliance routines.