317 results found
-
Nist certifications
Flag the assessment as insufficient for a NIST certification prior to being submitted to HITRUST so that the entity and assessor can verify the scores for those requirement statements. Also a list of requirement statements that apply to a NIST certification would be helpful.
3 votes -
Allow offline work and upload to MyCSF for CAPs
Allow offline work and upload to MyCSF for CAPs
16 votes -
Comprehensive Document report
Suggestion to add a document report which can show which document related to Policy, Procedure and evidence. Hence, we can filter out which file(s) was used for evidence and which file(s) were used for P&P.
Thanks2 votes -
Under "Assessment Options," consider rephrasing "Report Processing" in the first question. It is confusing.
Under "Assessment Options" consider rephrasing this question as follows - the "Report Processing" piece being capitalized makes it seem like a specific offering type, which is confusing.
- From: "Will this Assessment be submitted to HITRUST for Report Processing?"
- To: "Will this Assessment be submitted to HITRUST for certification?" or something similar.2 votes -
allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments
Allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments. Currently they can only be tagged as such in validated assessments.
3 votes -
Electronic Signature for Auditors
For timesheets and QA Sheets - it would be best to have this done electronically. Especially since we are remote - it's easier to have Executive and QA use the same document and electronically sign/initial.
4 votes -
User Guide - Make more apparent
Suggestion. It would be helpful if you put a link in the NEED HELP popup that indicates "Click here for User Guide"; And or as a tab at the top of every screen. Every time I have a problem, I try to figure out where the tab is. Because I am thinking of many things at once, I usually contract the Help Desk. Thank you, Anita Harris
3 votes -
Function to allow External Assessors to agree/disagree with inheritance weights
For requirements involving inheritance, there should be a button where the external assessors can either agree with the selected inheritance weight or disagree and suggest a new inheritance weight, similar to what exists for the maturity level scores. Rejecting the weight would send the requirement back to the client.
5 votes -
7 votes
-
help menu
Extremely unhelpful targeted help screens. There were questions asked on the help screen that were not answered in the help section. It linked to the general help area and did not provide any answers. Need better targeted help with real answers to the questions you select.
2 votes -
Requirement statement selections
When a similar requirement statement is applicable for multiple regulatory factors, only have that requirement statement appear once in the scoped assessment, currently they can appear multiple times in an assessment.
2 votesThanks for the feedback. This is addressed in v10.
-
Suggestive Factor Changes
MyCSF should have a mechanism to suggest scoping factor changes based upon a pattern of Not Applicables applied when responding to the Assessment
5 votes -
Why is this a CAP
Within the UI when something is a CAP add a button that would show why something is a CAP. This would need to include the math behind the requirement and/or control reference.
6 votes -
Make unique IDs readily apparent throughout MyCSF and within Reports and Analytics.
Unique IDs should be apparent throughout MyCSF and within all reports and analytic tools. For example, a user should not have the click on the "Expand" button within the Assessment to view the unique IDs. Unique IDs should also be available when linking documents, rather than trying to match up the statement language. All reports and analytic tools should reference unique IDs when presenting material by requirement statement.
46 votes -
Enumerate policy statements and required areas for illustrative procedures
Specifically enumerate all required policy statements and items for each requirement at the policy and procedure level as a checklist. Hiding specific requirements inside the repetitive narrative of the illustrative procedures makes it extremely difficult to parse-out what is required in policy and procedure documentation. While you're at it, remove the repetitive language all together since it's obvious for each control that "ad hoc or well understood blah blah" is already partially acceptable by your rubric and focus on giving more examples of acceptable language or implementations or links to relevant information.
18 votes -
assessor agree
for N/A requirements, change to a single "agree with N/A"
8 votes -
Display scoring weights in use on the assessment page
MyCSF should display the scoring weights that are in use for the assessment object on the assessment page to avoid confusion around which weights are being utilized.
7 votes -
Use different contrasting colors for the two options below, please. Response Status: External Assessor Review Complete Response Status: Ext
Use different contrasting colors for the two options below, please.
Response Status: External Assessor Review Complete
Response Status: External Assessor Review Pending5 votes -
Ability to store assessment documentation in the customer's cloud environment
An option to configure an assessment's documentation (workpapers, audit evidence) to reside in the client's cloud hosting provider instead of in MyCSF's default storage location, such as:
- Client's box.com
- Client's S3 bucket
- Client's Google drive
- Client's SharePointThis would require the client to grant the MyCSF application access into a specific area in their cloud environment. This would be very beneficial to customers who don't want to allow assessment documentation to leave their controlled environments.
This would also require MyCSF to store assessment documentation in a folder structure that can be navigated with something like Windows…
40 votes -
Add an RSS feed for MyCSF notifications
Add an RSS feed for MyCSF notifications appearing in the "Your Notifications" section of MyCSF
3 votes
- Don't see your idea?