301 results found
-
GAP Report
When generating a GAP report those controls that are associated with a CAP should be identified in the report as CAP required not just as a GAP.
8 votes -
Add Illustrative Procedures to the Assessment Report (Column)
Add CVID & Illustrative Procedures to the Assessment Report (Column)
5 votes -
Business Associate Domain 19
Can there be an additional risk factor question for business associates that asks whether they have any responsibility for handling ePHI/PHI requests from end users/consumers (e.g. disclosures, restrictions in writing)?
Domain 19 has many requirements that are focused on covered entities, and if a BA can confirm they would never be involved in the handling of ePHI requests from end users/consumers I think it would remove several requirements that wind up being N/A and would provide clarity during QA.
3 votes -
Add Assessment Date
Please add a Date column to the assessment list.
6 votes -
Apply all button when uploading evidence
When uploading similar evidence to different controls you are presented with 3 options:
"replace this document", "Link to the existing document", & "skip this document"
It would be nice if there was an apply all option that you could click if you plan to link to existing documents for everything you are uploading as opposed to having to click that button 10+ times.
2 votes -
Unable to save the progress
Unable to save the progress after uploading the documents. The Response Status: External assessor review pending. Please link evidence to the implemented level
1 vote -
Evaluative Elements Report
Create a report that shows a list of the Evaluative Elements for each requirement statement similar to the Illustrative Procedures report - this will help both assessors and assessed entities with ensuring that they are meeting the EEs when working in offline testing workbooks without clicking into each requirement statement within MyCSF.
13 votes -
Cross-organization notifications display names of other clients when looking at MyCSF
Assessor view - when looking at Client ABC's homepage, notifications from Client XYZ appear on the page. To avoid potential confidentiality issues (when screen-sharing, for instance), would recommend removing notifications from organizations other than the one currently selected
1 vote -
Add DNV to Mapping
Add DNV mapping.
3 votes -
HITRUST QA Tasks for External Assessor
It would be helpful to be able to export to excel HITRUST QA tasks with the Assessment Task pop-up details, including the full text of the latest HITRUST Comment and corresponding BUID for the control.
1 vote -
External assesors reporting
Grant the ability for external assessors to generate and use reports for their demo environment. This will allow to identify different applicable requirements based on changes on specific factor information.
1 vote -
Add a Person
How do I add a person under people management
1 vote -
Marking a Control Automatically Complete Prematurely
The control should not be marked as completed until there is 1) N/A marked 2) 100% inheritance marked or 3) where the control is applicable (partially or in whole) AND inheritance is 0-75%, linked documents applied with subscriber comments.
Controls are being marked completed (automatically by the system) when Inheritance is applied, even if the inheritance is less that 100%. The subscriber still needs to add their control testing for their portion of the control. The control should be deemed incomplete until they have linked documents and subscriber comments. Otherwise the status wheel is an inaccurate representation of the status…
1 vote -
Email Notification Configuration Options
Ability to configure email communications from myCSF to tailor emails such as inheritance requests. More granular notifications and email subjects / recipients for the emails is desired.
1 vote -
Include the HITRUST requirement ID in the Reports
Please re-configure the Reports under Analytics to ensure that Requirement ID is part of the data pull. We manage this work at a requirement level and currently, every report that we run we have to do a cross-reference to pull in the requirement ID.
23 votes -
Validated Report Agreement for CAPs
After the validated report agreement is signed by subscriber please allow for the green check mark to be generated. Subscriber should not have to wait for HITRUST to countersign the validated report agreement for a green checkmark to be generated. This delays the ability to generate caps.
4 votes -
New User Support Access Role
Create another access role - "User Support" that grants view all access with the ability to upload documentation and scoring (without delegation rights). Preferably with the option to track who updated scoring.
2 votes -
Authoritative sources -Standards and Frameworks
When will the authoritative sources be updated to the most current versions, i.e.: CMM 3.0 to 4.0x, ISO 27001- 2013 to 2022?
1 vote -
Not able to download Offline Assessment
I am not able to download Offline Assessment
I need this to save my assessment on a higher priority.
1 vote -
Unable to save the progress.
Unable to save the progress after uploading the documents.
2 votes
- Don't see your idea?