316 results found
-
Under "Assessment Options," consider rephrasing "Report Processing" in the first question. It is confusing.
Under "Assessment Options" consider rephrasing this question as follows - the "Report Processing" piece being capitalized makes it seem like a specific offering type, which is confusing.
- From: "Will this Assessment be submitted to HITRUST for Report Processing?"
- To: "Will this Assessment be submitted to HITRUST for certification?" or something similar.2 votes -
CAP Report Additional Information
Customer would like to include the CAP title, Domain, and Requirement statement ID associated with the CAP in the CAP report.
5 votes -
3 votes
-
Add Unique ID
It would be helpful if the unique id is added, next to the Control Gap Identifier, on the report.
8 votes -
1 vote
-
Automatically generate a generic CAP for requirements scored with a deficiency
Have an option to automatically generate a CAP entry for all requirements scored with a gap. CAP name would include (Auto "control name" )
1 vote -
Add an industry benchmark chart into the NIST CSF report
Something like the attached example
1 vote -
New option on compliance pack to contain just sections of the authoritative source within a specified range of average score s
In addition to having the option to include only certain parts of the authoritative source in a compliance pack, the option should also exist to have the compliance pack only include those sections of the authoritative source with an average score falling within a specified range (e.g., below 60, between 60-70, etc.). This will allow for the breaking out of the areas warranting remediation / further review.
1 vote -
Clearer Guidance for CAPs needed for HITRUST QA
When a client goes in and enters in their Corrective Action Plans, I think it would be helpful to have some supplementary guidance within the CAP form that describes what information HITRUST’s Assurance Team is going to expect during QA. As it stands now, there is very little context on what a client needs to provide in the ‘Corrective Action Plan’ box and it leads to some mixed results from the QA team. It would also be nice to understand the scored maturities within the CAP form rather than having to click out of the CAP box to see what…
3 votes -
Add outstanding inheritance requests to the kanban status pop-ups
In the kanban view, the little (i) icons can be moused over to see how many outstanding items exist for the assessed entity, the assessor, or HITRUST. It would be helpful if there was a 4th task "owner" listed to reflect how many outstanding inheritance requests exist which are preventing the assessment from leaving the phase / state. Right now these are all showing up under the assessed entity, but in reality the assessed entity could be waiting for one of their service providers to approve their inheritance requests.
3 votes -
Allow External Assessors to view the Inheritance panel
Currently, only Subscribers can view the dedicated Inheritance screen. This includes the "Download CSV" button allowing for export of Inheritance data. This data is crucial to be available for test plan development for External Assessors outside of MyCSF. Beyond that, Subscribers look to their External Assessors to guide and assist them in using inheritance, which is difficult when we do not have access to that panel. Please consider allowing External Assessor roles to view and export all inheritance information and screens within MyCSF
22 votes -
When I click on the HITRUST CSF Draft Report Approved Button, it doesn't give any indication that it is doing anything.
Provide a popup saying Thank you, your approval has been generated, or something letting the customer know that it worked. We probably clicked on it a dozen times before I called support. Support told me that it "just work that way". Please add some kind of response.
4 votes -
Include requirement number when searching linked documents through Documents tab.
Right now, there is just the requirement statement and many times, if the document is attached in a domain more than once, it isn't even shown in order, so you have to search all around to find the requirement statement rather than just have the requirement number itself carry over into that Linked Statements Document view and easily searchable.
7 votes -
help menu
Extremely unhelpful targeted help screens. There were questions asked on the help screen that were not answered in the help section. It linked to the general help area and did not provide any answers. Need better targeted help with real answers to the questions you select.
2 votes -
Nist certifications
Flag the assessment as insufficient for a NIST certification prior to being submitted to HITRUST so that the entity and assessor can verify the scores for those requirement statements. Also a list of requirement statements that apply to a NIST certification would be helpful.
3 votes -
Requirement statement selections
When a similar requirement statement is applicable for multiple regulatory factors, only have that requirement statement appear once in the scoped assessment, currently they can appear multiple times in an assessment.
1 voteThanks for the feedback. This is addressed in v10.
-
No Active Subscriber Error Message
The No Active Subscribers error message should be more specific concerning the actual error. It currently displays when a user is not assigned to any assessments or when the subscriber account has expired. A more descriptive error message would prevent confusion and assist is resolving the actual issue earlier without client frustration.
1 vote -
Report to show the scoring breakdown of partially inherited requirement statements
Clients should be able to pull a report to show the scoring breakdown of partially inherited requirement statements. The client can better prioritize their remediation plans by knowing what their portion of the score was.
For example, a client may have partially inherited a score of 100% from a service provider with a weight of 75%. The client has not implemented this requirement in the portion of the environment that they are responsible for, so the remaining 25% of the score is 0%. Once the inheritance calculation occurs, the weighted average score that will appear in MyCSF and in their…
4 votes -
7 votes
-
allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments
Allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments. Currently they can only be tagged as such in validated assessments.
3 votes
- Don't see your idea?