Skip to main content

Rapid7 and HITRUST Partner to Automate Cybersecurity Assurance, Reducing Cost and Complexity Across Regulated Industries

Written by Customer Service on . Posted in Public Companies.

New collaboration integrates Rapid7 platform with HITRUST certification program to help organizations move from periodic audits to continuous compliance

BOSTON, Dec. 02, 2025 (GLOBE NEWSWIRE) — Today, Rapid7, Inc. (NASDAQ: RPD), a leader in threat detection and exposure management, and HITRUST, the leading provider of cybersecurity and AI assurances used in third-party and internal risk, security and compliance management, announced a strategic partnership to help organizations automate compliance and lower the cost of assurance. This new integration brings together Rapid7’s Surface Command, which provides organizations with a complete view of their attack surface, with HITRUST’s assurance framework. Through this new partnership, Rapid7 customers can automatically collect, map, and validate controls against HITRUST standards, reducing audit scope, saving time and resources, and improving overall cyber resilience.

Organizations today face increasing pressure to demonstrate continuous security readiness amid a constantly evolving threat and regulatory landscape. Traditional assurance methods rely on periodic audits and manual evidence collection, which are costly, time-consuming, and quickly outdated. By combining Rapid7’s continuous visibility into security controls with the HITRUST Framework, customers are able to move from periodic audits to continuous, evidence-based validation of their cybersecurity posture, improving their security and governance, and their ability to communicate that to stakeholders.

“Rapid7 solutions already deliver unmatched visibility and context, enabling our customers to proactively prevent and detect security incidents,” said Jon Schipp, senior director of product management at Rapid7. “With this collaboration, we are now able to benchmark customers against HITRUST, ultimately reducing both the cost and burden of compliance while also enabling them to achieve continuous assurance against the comprehensive framework for greater protection from threats.”

“The 2025 HITRUST Trust Report demonstrated that organizations who implement our controls achieve a mere 0.59% averaged annual breach rate – a significant new benchmark in reliable risk mitigation for the industry,” said Blake Sutherland, executive vice president, market engagement at HITRUST. ”This collaboration with Rapid7 maps our controls to their proactive protections, giving joint customers the ability to maintain evidence of compliance, reduce evidence decay and ensure that the utmost security requirements are relevant, reliable and recorded for continuous assurance and even higher level of trust in security postures.”

By working with HITRUST and Rapid7, customers will deploy a robust, continuous assurance program replacing point-in-time, outdated assurance practices. Additional benefits include:

  • Achieve continuous compliance visibility: Rapid7’s Command Platform continuously assesses systems against control drift using the HITRUST Framework requirements which are continuously updated in response to active threats and risk thresholds.
  • Mitigate risk proactively: Integrate vulnerability and exposure management along with threat data aligned to compliance mandates to address the complexity of modern enterprise environments.
  • Reduce audit burden and detect compliance drift: Continuous compliance enables extended certification intervals, reduction in information collection efforts, assurance that controls are maintained beyond scheduled audit engagements and report on drifts in the environment.
  • Facilitate improved cyber insurance: Demonstrate consistent risk management to insurers, leading to lower premiums and streamlined policy renewals.
  • Lower costs: Minimize the resource-intensive process of annual compliance audits and secure cost-effective insurance coverage.

To learn more about working with Rapid7 and HITRUST, visit http://www.rapid7.com/blog/post/pt-rapid7-hitrust-lowers-continuous-assurance-cost-asm.

About Rapid7
Rapid7, Inc. (NASDAQ: RPD) is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. We empower security professionals to manage a modern attack surface through our best-in-class technology, leading-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers unite cloud risk management with threat detection and response to reduce attack surfaces and eliminate threats with speed and precision. For more information, visit our website, check out our blog, or follow us on LinkedIn or X.

Rapid7 Media Relations
Alice Randall
Director, Global Communications
press@rapid7.com
(857) 216-7804

Rapid7 Investor Contact
Matt Wells
Vice President, Investor Relations
investors@rapid7.com
(617) 865-4277

About HITRUST

HITRUST, the leader in cybersecurity assurance used in risk management and compliance, offers certification programs for the application and validation of security, privacy, and AI controls. Informed by over 60 standards and frameworks, the company’s threat-adaptive approach delivers the most relevant and reliable solutions, including multiple selectable and traversable assessments and certifications, an ecosystem of over 100 independent assessment firms, centralized quality reviews, reporting and certification, and a powerful SaaS platform enabling its program and process. For over 18 years, HITRUST has led the assurance industry and today is widely recognized as the most trusted solution to establish, maintain, and demonstrate security capabilities for risk management and compliance.

Press Contact
Leslie Kesselring
Kesselring Communications for HITRUST
leslie@kesscomm.com

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.