317 results found
-
Adding a "LINKAGE" sheet in uploaded Excel workbooks tells MyCSF where to link the sheet throughout the assessment
Linking evidence throughout an assessment is time-consuming. To make it a tiny bit easier, and specifically when adding an Excel file as evidence, MyCSF should look for a LINKAGE worksheet in the uploaded workbook. If found, MyCSF should use the contents of that LINKAGE sheet to know where to link the workbook throughout the assessment.
The contents of the linkage sheet could be as simple as:
• column A: BUID or CVID of the requirement to link the workbook to
• column B: Link to the Policy level (Yes/No)
• column C: Link to the Process level (Yes/No)
• column…1 vote -
Display unsent External Inheritance Requests in Assessor view also
Can you add the External Inheritance status to the main page for the Assessor view also? The status is displayed on our client's view and it would be good to have the same status in the Assessor view so that we can track and ensure our clients indeed submitted the inheritance requests to the external entity.
6 votes -
support needed
having errors when clicking on details view for myCSF HITRUST controls and details. Please advise if you can see that in logs and how I can document the error.
1 vote -
Ability to inherit just the policy level (or just the policy and process levels)
Add the ability to inherit specific control maturity levels (e.g., just policy, just policy and process). This will be very helpful for internal inheritance, for situations where the same policies are used by the whole organization.
1 vote -
Group assessments
Group assessments by year
3 votes -
Assessors shouldn't have to do anything on "not started" CAPs at interim
It would be nice that if a CAP is not started that MyCSF would be aware of such and not expect the assessor to do anything at interim. This would include attaching documentation since there is technically nothing for them to review. It is not user friendly to have to attach a document because the old score warrants it when there has not been any work done it.
2 votes -
Add some way to identify when a control is required to be sampled.
Peer the test plan requirement, is there any way within MyCSF where the assessor can note this is SAMPLED requirement, so then the client does not submit evidence that cannot be used since the control request sampling?
19 votes -
Feedback Forum Usability
Feedback Forum Access not intuitive - trying to get to the main feedback forum page but there is no link and accessing the feedback feature does not allow the user to actually navigate to the broader feedback forum itself. Usability overall for Feedback and CAPs is an issue that results in highly inefficient time usage.
1 vote -
Allow External Assessors to view the Inheritance panel
Currently, only Subscribers can view the dedicated Inheritance screen. This includes the "Download CSV" button allowing for export of Inheritance data. This data is crucial to be available for test plan development for External Assessors outside of MyCSF. Beyond that, Subscribers look to their External Assessors to guide and assist them in using inheritance, which is difficult when we do not have access to that panel. Please consider allowing External Assessor roles to view and export all inheritance information and screens within MyCSF
22 votes -
michael.frederick@hitrustalliance.net
When an interim is generated it should also pull the documentation that was linked into the document library for the assessment and show the names of the documents within the expanded control requirement statement window. This will allow for all work to be done from within the interim versus having to hop between it and its associated full assessment. It would not link the documents, just pull them into the library and provide the listing. Links can be added once documents are updated for most current version.
4 votes -
When viewing the linked documents for a particular Requirement Statement, each document should show the date that it was linked .
When viewing the linked documents for the Requirement Statements, each document should show the date that it was linked without having to go through the document repository especially in situations where we request for additional evidence from the assessor. From some assessments I have done so far, I noticed the assessors do not make reference to the newly linked documents so we have to go to the repository to check the date for all documents to see if any was added outside their testing period. This would really help to save time during QA review.
6 votes -
Drop Down for Contact and Interviewed Names
Have the ability to have once place where interviewed names would be captured and then when populating the control artifacts, you have the ability to select from a drop down of pre-populated names and titles, instead of having to type each persons name and title for each and every control. This would save time.
2 votes -
Preserve state when tree-traversing to Linked Documents for the Upper-Left 'Back-Arrow' Button
Having traversed four tree levels from the Assessment Selection level to a particular Linked Document in MyCSF and (subsequently) reviewed it, use of the Back-Arrow Button in the upper left of the window results in being immediately returned to the Assessment selection level (i.e. back four levels; out of the Assessment altogether) rather then the more intuitive expectation of stepping back one level at a time in the reverse of how one arrived at the Linked Document. Additionally, the "Close" button (which does follow the more expected path of closing the document and beginning the step-wise reverse traversal) may not…
1 vote -
Copy mapping from evidence items to others.
When uploading evidence for controls often one piece of evidence is used for multiple controls or there are multiple evidence items supporting the same control stage (policy, procedure, implemented). The ability to copy the mapping from one item to another would be a huge time saver.
4 votes -
1 vote
-
Report for Illustrative Measurements
Figuring out how to demonstrate and measure proof of compliance was a steep learning curve. The illustrative measurements were extremely helpful, but I spent a lot of time having to dig for them and reformatting them to make them more readable and easier to search. Being able to sort the measurements by unique ID, CSF objective, and system/organizational would be a powerful feature.
3 votes -
Notification could be in RED Color?
NO VALIDATED ASSESSMENT REPORT CREDITS AVAILABLE ASSESSMENT DOMAINS - This notification could be in RED Color?
1 vote -
Sort Corrective Actions Plans By Completion Date
You should be able to sort CAPs by their Scheduled Completion Date.
3 votes -
15 votes
-
On Org Home page view, place an "Inheritance" badge icon next to assessment(s) published for External Inheritance
Similar to the Certification badge icon, create and place new "Inheritance" badge on Org Home page to quickly identify which of the assessment(s) listed have been published for External Inheritance with a hover-over pop-up dialogue box with either of the following content: "Enabled on [Effective Date]" or "Disabled on [Effective Date]".
8 votes
- Don't see your idea?