340 results found
-
Messaging Center within MyCSF
MyCSF should have a messaging center to allow individuals with access to an object (customers, assessors, HITRUST) to send and receive messages securely.
Message recipients would receive an email notification that would indicate: You have received a new message from <Entity> regarding <Assessment Object>. Please login to MyCSF and go to your message center to retrieve this message.
Additional Fields:
1. Object – allows selection of object based on those that you have access to.
2. Response Required – Checkbox used for SLA tracking purposes
3. CC – Multiselect restricted to those with access to selected object.
4. Attachment –…3 votes -
Show # of Assigned Users, Inheritance Requests, and Diary Entries in Header
Like there is for the Linked Documents modal, the header of the modal for Assigned Users, Inheritance Requests, and Diary Entries should indicate the count of the respective items.
2 votes -
Ability to store assessment documentation in the customer's cloud environment
An option to configure an assessment's documentation (workpapers, audit evidence) to reside in the client's cloud hosting provider instead of in MyCSF's default storage location, such as:
- Client's box.com
- Client's S3 bucket
- Client's Google drive
- Client's SharePointThis would require the client to grant the MyCSF application access into a specific area in their cloud environment. This would be very beneficial to customers who don't want to allow assessment documentation to leave their controlled environments.
This would also require MyCSF to store assessment documentation in a folder structure that can be navigated with something like Windows…
40 votes -
Ability to upload, access, and edit assessment documentation using something other than the Web interface
MyCSF should support common file handling protocols to manage assessment documentation. This should operate similar to how Web applications such as media servers (Plex, Ombi) and online document repositories (livelink, sharepoint) work... these allow the upload and accessing of files using a alternate protocols such as SAMBA, SCP, and SFTP. Any file and folder changes made using supported protocols are reflected in the Web application front-ends. MyCSF should function in a similar fashion.
If this existed, users wouldn't have to upload each and every file using our Web front-end nor would they have to manually associate each artifact to the…
4 votes -
Ability to automatically associate documents with requirement statements and PRISMA levels during bulk upload using a folder structure
When doing a bulk upload of documents (screenshots, workpapers, etc.) via a compressed zip archive using the bulk upload functionality, users should be able to automatically associate documents with requirement statements and PRISMA levels (e.g., policy) using a defined folder structure within the archive.
The folder structure can be something like this:
-- domain
--- requirement statement ID
---- policy
---- process
---- implemented
---- measured
---- managedDocuments present in these folders would be (a) uploaded, (b) associated with the requirement statement, and (c) tagged to the PRISMA levels
9 votes -
Users should be able to add documents to an assessment using email
Users should be able to add documents (e.g., screenshots, workpapers, validated report agreement, participation letter) by simply emailing a MyCSF email address, similar to what TripIt lets you do with travel itineraries. There should be a way to specify in the email body and/or subject which assessment, CSF requirement statement(s), and PRISMA levels that the document should be linked to.
3 votes -
External assessor timesheet should have drop-downs on the name fields
- Name fields on the external assessor timesheet should be drop-downs pre-populated with all of the assessor’s users who have access to that object (with the option to still manually type in a name if not in MyCSF).
- When selected, the CCSFP numbers should auto-populate as well.
7 votes -
Custom Reporting
Users should have the ability to write custom reports, build custom charts, and save these for later usage. Something similar to Microsoft PowerBI or an equivalent product.
28 votes -
Option to disable test environment notifications.
Allow notifications from test environments to be turned off.
11 votes -
tool tips
Create "tool tips" pop up information showing features in MyCSF. Would be a lightbulb or similar icon highlighting when new functionality is added, and when all tips are viewed, goes to a sleep state. New functionality would cause the indicator to go back to a highlighted state. Should also be searchable like other process documents.
4 votes -
Search all attached documents for keyword(s)
MyCSF should allow users to perform a keyword search throughout all attached documents. While this obviously wont search screenshots and non-OCR'd PDFs, the ability to do a mass search of all uploaded documents in one run would be valuable.
22 votes -
Draft report automatic removal
MyCSF will automatically delete the draft report files 7 days after the final reports are posted.
5 votes -
Data Localization
Ability for an Organization to select what locale (Americas, Europe, and Asia) to where their data is hosted.
4 votes -
Date of Submission should be when HT approves Assessment
Date of Submission should be when HT approves Assessment
9 votes -
Document replace functionality should also replace file's name (not just file contents)
The document replace functionality should also replace document's name (not just document's contents). Right now it appears to replace the document contents but leaves the old document name.
7 votes -
Help Context should be linked
Where we have help pages built (eg: Factors) you should be able to click on the factor and see the help information in a sidebar without having to leave the MyCSF page.
36 votes -
Give assessors an easy way to "reject" evidence linked to a requirement statement by the assessed entity
If a document was identified as associated with a requirement statement or requirement statement's PRISMA attribute(s), the assessor should be given an easy way to flag items as irrelevant to the PRISMA attribute and to the requirement statement. Its common for the customer to link files that may be related to other requirements but not necessarily to the requirement statement at hand.
16 votes -
Auto-associating uploaded evidence based on special strings in filenames
When a file is uploaded evidence into an assessment, MyCSF should be able recognize special strings filename to automatically link the file with control maturity levels and/or requirements.
Some examples:
• A document uploaded with a title of "New hire population [Imp].xlsx" would automatically be linked to the requirement's implemented level.
• A file titled "IT security policies [Pol, Pro].pdf" would automatically be linked to the policy and procedure levels.
• An uploaded document with a title of "Termination samples IMP 3334.0.xlsx" would automatically be linked to the implemented level of the requirement with the CVID of 3334.0.This could…
1 vote -
Custom assessment's library builder needs to be easier to use
The custom assessment's library builder needs to be easier to select and de-select requirements in mass. For example, it needs "Select all visible requirements" and "De-select all visible requirements" buttons. Right now, if I want to include all requirements in in a particular authoritative source I have to click like 100 times.
4 votes -
Creating a custom assessment is not intuitive
The process for creating a custom assessment is not intuitive. Namely, it's tough to figure out how to (1) create a custom library, (2) publish that library, and (3) select that library for an assessment. The only help page available is how to create the custom library but not to publish it or assess against it. The whole process needs (a) to be more intuitive in the tool, (b) more help documentation, and/or (c) both of these things.
4 votes
- Don't see your idea?