340 results found
-
Offline Assessment for Interims & Bridges
MyCSF should allow a user to download and use the Offline Assessment for Interim and Bridge Assessment
5 votes -
Add a submission check for failing scores (requires override)
There are a variety of quality checks imposed, some that require overrides from the assessor team to continue with submission. One of those should be 'scores are already too low to certify'.
Please add a little flag or warning note at the time of submission to simply say, "You're submitting an assessment for certification, but the scores are too low to certify. Proceed Y/N?"
Our particular case was due to errors in the inheritance process, but it could happen in other scenarios. Best to alert the assessor and confirm that they are not seeking certification.
7 votes -
Introduce the notion of CHQP (Assessor firm internal QA) start and end times
There are times when the addition of assessor team quality review pushes past the 90-day window. We get backlogged the same way you do. We always adhere to the 90-day window for accepting and reviewing evidence, and we can demonstrate that reasonably. But it would be helpful if there was some flexibility around the submission date. If we plug in the real dates of assessment, and then submit 91 days after we started testing, the system errors due to >90.
Introducing the notion of the defined assessment window of 90 days, and the CHQP review period (stated dates) might help…
3 votes -
Allow offline work and upload to MyCSF for CAPs
Allow offline work and upload to MyCSF for CAPs
16 votes -
Unlock Doc Repository when any Task are created during QA
Unlock Doc Repository when any Task are created during QA
2 votes -
Control Category can be included as part of illustrative procedure or control requirement
Currently we cannot identify the control category for a particular control requirement. Subscribers who opt only for 3 month CSF subscription without reporting functionality, we cannot identify the control category. It would be helpful if the control category is included like other details like - Control unique ID, Level and illustrative procedures.
2 votes -
Enhance CAP Notifications
Assign individual users to a milestone and notify of approaching milestone completion date. This would enhance the functionality of the CAP module to include milestone approach date.
2 votes -
Enumerate policy statements and required areas for illustrative procedures
Specifically enumerate all required policy statements and items for each requirement at the policy and procedure level as a checklist. Hiding specific requirements inside the repetitive narrative of the illustrative procedures makes it extremely difficult to parse-out what is required in policy and procedure documentation. While you're at it, remove the repetitive language all together since it's obvious for each control that "ad hoc or well understood blah blah" is already partially acceptable by your rubric and focus on giving more examples of acceptable language or implementations or links to relevant information.
18 votes -
Autogenerated FedRAMP Low, Medium, and High templates
Capability that allows a user to generate a FedRAMP Low, Moderate, and High templates directly from MyCSF given the Assessment selected the FedRAMP Regulatory Option (v9.4 support)
0 votes -
Autogenerated MARS-E SSP template
Capability that allows a user to generate a MARS-E SSP template directly from MyCSF given the Assessment selected the MARS-E Regulatory Option (v9.4 support)
0 votes -
Add Multi-Select of Requirements for Delegating Responsibilities
There needs to be a half-way point between the requirement statement and domain level for delegating responsibilities. It would be nice to have the ability to select multiple requirement statements within a domain and then delegate those statements rather than completing each one individually.
3 votes -
Column Option for Illustrative Procedures Report
Reporting
Please allow for a column option for the Illustrative Procedures Report. Much like the Assessment Report (Column).8 votes -
APEC CBPRS and PRPS regulatory factors/reports
Allow for targeting assessments against APEC programs
1 vote -
Removing the lower level nested Requirement Statements from an assessment
When you have a level 3 Requirement statement, can the level 1 and level 2 requirement statement for that same control be removed from the assessment? This would remove redundancy, by not having to ask the business for evidence at each level because it would be inclusive in the level 3. This would also lower the number of overall baselines while still covering the control.
13 votes -
Display Message within the tool informing clients of bugs/patches or issues to be proactive and better inform
When issues or bugs happen, it would be helpful to notify clients via notification or Red Flag Message in the tool to inform them. This would show the informed and proactive communication from HITRUST to the Clients to improve their experience within the MyCSF tool.
5 votes -
Save and Close on Document Modal
Please provide an option to both Save and Close the window when linking documents to a requirement statement. Right now, this takes 2 clicks. We have to save the document links before we can close... then we have to close to get back out to the requirement statement to complete our scoring. It's a lot of clicking already to link all the documents. Please take one click away. Thank you!
5 votes -
Custom API Endpoints
Allow a User to choose the Data points that they want returned in an API Call. MyCSF would then automatically develop an API path that returns the hand-picked dataset
4 votes -
Delegation Percentage indicator
delegation percentage graph
1 vote -
Show internal assessor scoring
show indication of who entered customer scoring- customer or internal assessor
1 vote -
Please create a report of an assessment's requirement statements that have no documents linked to it.
Please create a report feature to generate 'completed' requirement statements have have no documentation linked. This will help the internal assessor send out follow up emails to ensure the assessment is ready for the external assessor to review.
1 vote
- Don't see your idea?