313 results found
-
Offline Assessment: Confirmation that an upload is occurring and a progress bar
Confirmation that an upload is occurring and a progress bar.
2 votes -
Allow us to download v.9.6
We see 9.6 in the dropdown box but I cannot select it.
1 vote -
Remove Duplicate Controls Based on Which is More Stringent
MyCSF needs to have a job that runs which ranks the controls on a level of strictness and removes duplicate controls that are less strict when they provide the same coverage. Often times, we see multiple of the same controls (with just a timeframe changed, more requirements than one another, etc.). Removing duplication would help speed up certification.
Ex: 1141.01bCMSSystem.12 - The organization
1. disables accounts of users posing a significant risk immediately, not to exceed 30 minutes after discovery of the risk.11962.01bNYDOHSystem.3 - The organization
1. disables accounts of users posing a significant risk within 60 minutes of…3 votes -
Scope of the Assessment - Description on Access
Description of how the Systems are Accessed by all parties should be a separate column and not embedded in the Description portion. It is not intuitive that Access is part of the Description. Access is a separate attribute and should be treated as such.
1 vote -
QA and Support Work together
It would be helpful for Tasks to come back in a state that can be edited. Most of the time the QA sends something back that needs edited, and the Control is locked. When you attempt to get with support to help you fix it, it is a prolonged process with a lot of back and forths and delayed responses. QA and Support need to work together if the tasks are going to come back where Support needs to be engaged.
1 vote -
2 votes
-
System Documentation Definition
Define System Documentation in the Glossary of Terms
1 vote -
Need to be able to Designate to Others within the offline assessment and be able to import it into MyCSF.
The Offline Assessment spreadsheet needs a column for "Designate to Others" and to be able to import it back into MyCSF without emailing the user.
1 vote -
Glitch: When updating score dropdown, if Save is clicked just after, the score is not preserved
Glitch: When updating score dropdown, if Save is clicked just after, the score is not preserved
2 votes -
Include Inheritance reports in the Analytics tab.
It would be beneficial to include the ability to export a list of all inheritance and their associated properties for an object to a CSV/Excel document from the Analytics report tab.
3 votes -
Suggested User Guide links do not lead to correct page
When the "need help?" popup shows up and suggests related pages from the MyCSF User Guide, the links just go to the User Guide landing page rather than the specific page that addresses the question.
2 votes -
Pre-Populate Information in Assessor Timesheet
Populate the Engagement Executive & CHQP on the Assessor Timesheet based on what is entered on Name & Security page. Additionally, have a dropdown for names of assessors and auto-populate CCSFP numbers when selected.
2 votes -
Unable to save the progress
Unable to save the progress after uploading the documents. The Response Status: External assessor review pending. Please link evidence to the implemented level
2 votes -
Cross-organization notifications display names of other clients when looking at MyCSF
Assessor view - when looking at Client ABC's homepage, notifications from Client XYZ appear on the page. To avoid potential confidentiality issues (when screen-sharing, for instance), would recommend removing notifications from organizations other than the one currently selected
3 votes -
HITRUST QA Tasks for External Assessor
It would be helpful to be able to export to excel HITRUST QA tasks with the Assessment Task pop-up details, including the full text of the latest HITRUST Comment and corresponding BUID for the control.
3 votes -
External assesors reporting
Grant the ability for external assessors to generate and use reports for their demo environment. This will allow to identify different applicable requirements based on changes on specific factor information.
1 vote -
Add a Person
How do I add a person under people management
2 votes -
Business Associate Domain 19
Can there be an additional risk factor question for business associates that asks whether they have any responsibility for handling ePHI/PHI requests from end users/consumers (e.g. disclosures, restrictions in writing)?
Domain 19 has many requirements that are focused on covered entities, and if a BA can confirm they would never be involved in the handling of ePHI requests from end users/consumers I think it would remove several requirements that wind up being N/A and would provide clarity during QA.
5 votes -
Marking a Control Automatically Complete Prematurely
The control should not be marked as completed until there is 1) N/A marked 2) 100% inheritance marked or 3) where the control is applicable (partially or in whole) AND inheritance is 0-75%, linked documents applied with subscriber comments.
Controls are being marked completed (automatically by the system) when Inheritance is applied, even if the inheritance is less that 100%. The subscriber still needs to add their control testing for their portion of the control. The control should be deemed incomplete until they have linked documents and subscriber comments. Otherwise the status wheel is an inaccurate representation of the status…
1 vote -
Add Illustrative Procedures to the Assessment Report (Column)
Add CVID & Illustrative Procedures to the Assessment Report (Column)
7 votes
- Don't see your idea?