Prove CSF Compliance

Hi all,

So we were just asked if we could prove that we observe a cybersecurity framework. We follow NIST CSF as it's sufficient for our use.

However, how could we prove it short of paying Hitrust $200k? Have you figured this out and, if so, how'd you do it?

We have our SOC2 and there's a lot of overlap so I figured it could fly but I'm not 100% on that.

compliance csf cybersecurity framework hitrust nist nist csf prove prove it soc2