307 results found
-
Add outstanding inheritance requests to the kanban status pop-ups
In the kanban view, the little (i) icons can be moused over to see how many outstanding items exist for the assessed entity, the assessor, or HITRUST. It would be helpful if there was a 4th task "owner" listed to reflect how many outstanding inheritance requests exist which are preventing the assessment from leaving the phase / state. Right now these are all showing up under the assessed entity, but in reality the assessed entity could be waiting for one of their service providers to approve their inheritance requests.
3 votes -
Allow External Assessors to view the Inheritance panel
Currently, only Subscribers can view the dedicated Inheritance screen. This includes the "Download CSV" button allowing for export of Inheritance data. This data is crucial to be available for test plan development for External Assessors outside of MyCSF. Beyond that, Subscribers look to their External Assessors to guide and assist them in using inheritance, which is difficult when we do not have access to that panel. Please consider allowing External Assessor roles to view and export all inheritance information and screens within MyCSF
21 votes -
When I click on the HITRUST CSF Draft Report Approved Button, it doesn't give any indication that it is doing anything.
Provide a popup saying Thank you, your approval has been generated, or something letting the customer know that it worked. We probably clicked on it a dozen times before I called support. Support told me that it "just work that way". Please add some kind of response.
4 votes -
Include requirement number when searching linked documents through Documents tab.
Right now, there is just the requirement statement and many times, if the document is attached in a domain more than once, it isn't even shown in order, so you have to search all around to find the requirement statement rather than just have the requirement number itself carry over into that Linked Statements Document view and easily searchable.
7 votes -
help menu
Extremely unhelpful targeted help screens. There were questions asked on the help screen that were not answered in the help section. It linked to the general help area and did not provide any answers. Need better targeted help with real answers to the questions you select.
2 votes -
Nist certifications
Flag the assessment as insufficient for a NIST certification prior to being submitted to HITRUST so that the entity and assessor can verify the scores for those requirement statements. Also a list of requirement statements that apply to a NIST certification would be helpful.
3 votes -
Requirement statement selections
When a similar requirement statement is applicable for multiple regulatory factors, only have that requirement statement appear once in the scoped assessment, currently they can appear multiple times in an assessment.
1 voteThanks for the feedback. This is addressed in v10.
-
No Active Subscriber Error Message
The No Active Subscribers error message should be more specific concerning the actual error. It currently displays when a user is not assigned to any assessments or when the subscriber account has expired. A more descriptive error message would prevent confusion and assist is resolving the actual issue earlier without client frustration.
1 vote -
Report to show the scoring breakdown of partially inherited requirement statements
Clients should be able to pull a report to show the scoring breakdown of partially inherited requirement statements. The client can better prioritize their remediation plans by knowing what their portion of the score was.
For example, a client may have partially inherited a score of 100% from a service provider with a weight of 75%. The client has not implemented this requirement in the portion of the environment that they are responsible for, so the remaining 25% of the score is 0%. Once the inheritance calculation occurs, the weighted average score that will appear in MyCSF and in their…
4 votes -
7 votes
-
allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments
Allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments. Currently they can only be tagged as such in validated assessments.
3 votes -
15 votes
-
Revise CSF controls to be in line with working from home practices.
Current CSF controls do not take into account new remote working due to pandemic. The current CSF controls are not accurately reflecting current working environment and controls.
3 votes -
User Guide - Make more apparent
Suggestion. It would be helpful if you put a link in the NEED HELP popup that indicates "Click here for User Guide"; And or as a tab at the top of every screen. Every time I have a problem, I try to figure out where the tab is. Because I am thinking of many things at once, I usually contract the Help Desk. Thank you, Anita Harris
3 votes -
Help popup window color is not enough to read
Dear Team,
Background is in grey and letters in RED color, Really not able to read it, request you to change letters into white color or some visible color combination on all the HELP pop windows.
Thanks
11 votes -
Returned Requirements Reporting
User activity - would like the ability to pull reporting on assessments of returned requirements and if possible other related user activity.
1 vote -
Offline Inheritance Template / Bulk Inheritance Import via Excel
MyCSF should have a capability that allows user to fill-out an Excel spreadsheet so that users can import it into their Assessment without having to do it one-by-one within the interface.
17 votes -
Electronic Signature for Auditors
For timesheets and QA Sheets - it would be best to have this done electronically. Especially since we are remote - it's easier to have Executive and QA use the same document and electronically sign/initial.
4 votes -
Automated Sample Test Plan
The process by which we as assessors take to determine what controls need sample testing is time-consuming and tedious. Since all the information is in MyCSF - why not make it much easier for us and develop the test plan automatically based on scope and factors? At least give us a list of which controls need testing and we can place that in the excel spreadsheet format.
9 votes -
Assigning External Assessor access
Now that Engagement Executive is being formally defined in the object, can we give that user the ability to grant assessor access to those defined in the assessor list? Today, we must reach out to the client each time to get additional access.
15 votes
- Don't see your idea?