307 results found
-
Comment fields for each control maturity level
When populating an assessment, MyCSF should offer comment fields for each control maturity level instead of just having one big comment field for the whole requirement. See attached pic.
3 votes -
Display scoring weights in use on the assessment page
MyCSF should display the scoring weights that are in use for the assessment object on the assessment page to avoid confusion around which weights are being utilized.
7 votes -
Add reporting of user activity
Add reporting of user activity. Specifically provide reporting of returned requirements (user activity reporting) for an assessment. Providing the ability to specific a date range and see the user specific activities on each requirement (history).
3 votes -
Add 'Maturity Domains Deficient' column to CAP Report for subscribers and assessors
The CAP Report that Subscribers and Assessors can download should include a column to indicate which maturity domains (policy, process, or implemented) are deficient. This will help subscribers and assessors review CAPs to ensure that the corrective actions are addressing all deficient levels.
3 votes -
Option to NOT include attachments from previous certification in the next assessment object
When creating a new assessment object AFTER already having been certified (i.e., in a re-certification scenario), MyCSF should have an option to include or NOT include the documentation linkages present in the previous assessment object.
26 votes -
Real-Time CAP Report
Create a Report that can identify any mandatory Corrective Actions using the existing scores of the Statements in an Assessment
3 votes -
Field for HITRUST to explain why a submission was reverted
When HITRUST reverts an submitted assessment back to either an assessor or to the subscriber, MyCSF should have a field available for HITRUST to state why the assessment was reverted. This field should be required, and this field's contents should be made visible to the subscriber and assessor.
3 votes -
Offline Assessment for Interims & Bridges
MyCSF should allow a user to download and use the Offline Assessment for Interim and Bridge Assessment
5 votes -
Add a submission check for failing scores (requires override)
There are a variety of quality checks imposed, some that require overrides from the assessor team to continue with submission. One of those should be 'scores are already too low to certify'.
Please add a little flag or warning note at the time of submission to simply say, "You're submitting an assessment for certification, but the scores are too low to certify. Proceed Y/N?"
Our particular case was due to errors in the inheritance process, but it could happen in other scenarios. Best to alert the assessor and confirm that they are not seeking certification.
7 votes -
Introduce the notion of CHQP (Assessor firm internal QA) start and end times
There are times when the addition of assessor team quality review pushes past the 90-day window. We get backlogged the same way you do. We always adhere to the 90-day window for accepting and reviewing evidence, and we can demonstrate that reasonably. But it would be helpful if there was some flexibility around the submission date. If we plug in the real dates of assessment, and then submit 91 days after we started testing, the system errors due to >90.
Introducing the notion of the defined assessment window of 90 days, and the CHQP review period (stated dates) might help…
3 votes -
Allow offline work and upload to MyCSF for CAPs
Allow offline work and upload to MyCSF for CAPs
16 votes -
Unlock Doc Repository when any Task are created during QA
Unlock Doc Repository when any Task are created during QA
2 votes -
Control Category can be included as part of illustrative procedure or control requirement
Currently we cannot identify the control category for a particular control requirement. Subscribers who opt only for 3 month CSF subscription without reporting functionality, we cannot identify the control category. It would be helpful if the control category is included like other details like - Control unique ID, Level and illustrative procedures.
2 votes -
Enhance CAP Notifications
Assign individual users to a milestone and notify of approaching milestone completion date. This would enhance the functionality of the CAP module to include milestone approach date.
2 votes -
Enumerate policy statements and required areas for illustrative procedures
Specifically enumerate all required policy statements and items for each requirement at the policy and procedure level as a checklist. Hiding specific requirements inside the repetitive narrative of the illustrative procedures makes it extremely difficult to parse-out what is required in policy and procedure documentation. While you're at it, remove the repetitive language all together since it's obvious for each control that "ad hoc or well understood blah blah" is already partially acceptable by your rubric and focus on giving more examples of acceptable language or implementations or links to relevant information.
18 votes -
Autogenerated FedRAMP Low, Medium, and High templates
Capability that allows a user to generate a FedRAMP Low, Moderate, and High templates directly from MyCSF given the Assessment selected the FedRAMP Regulatory Option (v9.4 support)
0 votes -
Autogenerated MARS-E SSP template
Capability that allows a user to generate a MARS-E SSP template directly from MyCSF given the Assessment selected the MARS-E Regulatory Option (v9.4 support)
0 votes -
Add Multi-Select of Requirements for Delegating Responsibilities
There needs to be a half-way point between the requirement statement and domain level for delegating responsibilities. It would be nice to have the ability to select multiple requirement statements within a domain and then delegate those statements rather than completing each one individually.
3 votes -
Column Option for Illustrative Procedures Report
Reporting
Please allow for a column option for the Illustrative Procedures Report. Much like the Assessment Report (Column).8 votes -
APEC CBPRS and PRPS regulatory factors/reports
Allow for targeting assessments against APEC programs
1 vote
- Don't see your idea?