316 results found
-
[BL] Root-level view for Control Reference within CSF Library
root-level view for control reference that opens up into the 156 control references and then opens up into the requirement statements listed under each control reference..
*Looking something like this: *
+ Control References
--- 00.a Information Security Management Program
--+ 01.a Access Control Policy
------- An access control policy shall be established documented and reviewed based on business and security requirements for access.
------- There shall be a formal documented and implemented user registration and de-registration procedure for granting and revoking access.If I understand correctly the problem with going through the category view is that control references may…
1 vote -
[BL] Weekly CAP SSRS Report
Automated Weekly Job to send HAX administrators CAP information within MyCSF. Delivery done in SSRS Report.
1 vote -
[BL] Submitted Date in Sidebar
Update the submitted by attribute on the sidebar to also log the date it was submitted.
1 vote -
[BL] Unique ID added to Linked Statements Modal
Include the Unique ID with the Statements list within the Linked Statements component
1 vote -
[BL] Reminders to Assessors of open tasks
As part of the Kanban board MyCSF will display the number of times the tool has notified the external assessor that a QA task is pending with them over a time period (eg: 4 notifications sent over 8 weeks). This metric will be visible to HITRUST the customer and the external assessor. Also is predicated on the tool sending messages that a QA task has been assigned to the external assessor (NOT notifications).
2 votes -
[BL] Update "Process" to "Procedure"
We have definitions for procedure and process in the glossary and they have separate meanings. Currently the tool shows the policy process implemented measure and manage instead of procedure.
27 votes -
[BL] Redact Comments from Inheritance
Capability to mask the Client and Assessor comments from being shared in an applied Inheritance Request.
A potential capability that lets them add an inheritance comment to a Statement and that is shared instead
5 votes -
[BL] Submit Statements in unfinished Domains
Functional change that allows a user to submit Statements in a domain that isn't fully answered yet. This would go for both Responses for Assessor and QA as well.
0 votes -
[BL] Edit/Delete Diary Entries
Feature allowing a user to edit or remove a diary entry
10 votes -
[BL] Control Reference labeled on Statements
Can we add an enhancement to add the control reference to the requirement statements layout. Like the below. People have a hard time of telling what the requirements are related to without the name. Example is the constant confusion on 09.x and 09.y controls. They are all e-commerce and online transaction but some of them do not have either of those terms within the statement so people think it is just a standalone control.
09.x Electronic Commerce Services
!1579275197061-0.png!11 votes -
[BL] Status Link in HITRUST Reports
Include a URL on the Cover Letter of the Report to verify a Report's validity and certification status
4 votes -
[BL] Assessor Warning when assigned subscriber role
When a user belonging to an Assessment's Assessor is assigned a subscriber role, a warning message should be thrown to the user setting the permission that this user will not be allowed to do any validation work if this role is assigned.
12 votes -
[BL] Policy Management Module
Policy Management capabilities in MyCSF with linking
1 vote -
[BL] Statements in Response Needed for Assessor should be able to modify Inheritance Weight
Statements reverted to the client from Assessor should be able to adjust the inheritance weights.
2 votes -
[BL] Schedule Delivery of Analytics Reports
The ability to set up a scheduler that enables a user or organization to define what report(s) are emailed to a user and when this occurs. In lieu of the actual Report being emailed, a reminder can be sent instead with a quick link to access the report(s).
1 vote -
[BL] Access Control Report
There should be a report in MyCSF to print the internal and external users (Name & Security information) with access to the assessment object.
1 vote
- Don't see your idea?