340 results found
-
Add some way to identify when a control is required to be sampled.
Peer the test plan requirement, is there any way within MyCSF where the assessor can note this is SAMPLED requirement, so then the client does not submit evidence that cannot be used since the control request sampling?
19 votes -
Automatic Update upon CAP completion
Provide option to automatically update MyCSF score related to CAP (Policy/Procedure/Implementation) for all requirements related to CAP upon selection of "completed" stage.
3 votes -
Standardize role names
Update the role names under Names and Security. As assessors we are often assigned "Assessment Lead" rather than "Assessor". "Subscriber" is used elsewhere to identify those being assessed (e.g., Subscriber Comments). The identifiers should be consistent across the platform. Thanks.
3 votes -
Comprehensive Document report
Suggestion to add a document report which can show which document related to Policy, Procedure and evidence. Hence, we can filter out which file(s) was used for evidence and which file(s) were used for P&P.
Thanks2 votes -
Under "Assessment Options," consider rephrasing "Report Processing" in the first question. It is confusing.
Under "Assessment Options" consider rephrasing this question as follows - the "Report Processing" piece being capitalized makes it seem like a specific offering type, which is confusing.
- From: "Will this Assessment be submitted to HITRUST for Report Processing?"
- To: "Will this Assessment be submitted to HITRUST for certification?" or something similar.2 votes -
CAP Report Additional Information
Customer would like to include the CAP title, Domain, and Requirement statement ID associated with the CAP in the CAP report.
5 votes -
3 votes
-
Add Unique ID
It would be helpful if the unique id is added, next to the Control Gap Identifier, on the report.
8 votes -
1 vote
-
Automatically generate a generic CAP for requirements scored with a deficiency
Have an option to automatically generate a CAP entry for all requirements scored with a gap. CAP name would include (Auto "control name" )
1 vote -
Add an industry benchmark chart into the NIST CSF report
Something like the attached example
1 vote -
New option on compliance pack to contain just sections of the authoritative source within a specified range of average score s
In addition to having the option to include only certain parts of the authoritative source in a compliance pack, the option should also exist to have the compliance pack only include those sections of the authoritative source with an average score falling within a specified range (e.g., below 60, between 60-70, etc.). This will allow for the breaking out of the areas warranting remediation / further review.
1 vote -
Clearer Guidance for CAPs needed for HITRUST QA
When a client goes in and enters in their Corrective Action Plans, I think it would be helpful to have some supplementary guidance within the CAP form that describes what information HITRUST’s Assurance Team is going to expect during QA. As it stands now, there is very little context on what a client needs to provide in the ‘Corrective Action Plan’ box and it leads to some mixed results from the QA team. It would also be nice to understand the scored maturities within the CAP form rather than having to click out of the CAP box to see what…
3 votes -
Add outstanding inheritance requests to the kanban status pop-ups
In the kanban view, the little (i) icons can be moused over to see how many outstanding items exist for the assessed entity, the assessor, or HITRUST. It would be helpful if there was a 4th task "owner" listed to reflect how many outstanding inheritance requests exist which are preventing the assessment from leaving the phase / state. Right now these are all showing up under the assessed entity, but in reality the assessed entity could be waiting for one of their service providers to approve their inheritance requests.
3 votes -
Allow External Assessors to view the Inheritance panel
Currently, only Subscribers can view the dedicated Inheritance screen. This includes the "Download CSV" button allowing for export of Inheritance data. This data is crucial to be available for test plan development for External Assessors outside of MyCSF. Beyond that, Subscribers look to their External Assessors to guide and assist them in using inheritance, which is difficult when we do not have access to that panel. Please consider allowing External Assessor roles to view and export all inheritance information and screens within MyCSF
22 votes -
When I click on the HITRUST CSF Draft Report Approved Button, it doesn't give any indication that it is doing anything.
Provide a popup saying Thank you, your approval has been generated, or something letting the customer know that it worked. We probably clicked on it a dozen times before I called support. Support told me that it "just work that way". Please add some kind of response.
4 votes -
Include requirement number when searching linked documents through Documents tab.
Right now, there is just the requirement statement and many times, if the document is attached in a domain more than once, it isn't even shown in order, so you have to search all around to find the requirement statement rather than just have the requirement number itself carry over into that Linked Statements Document view and easily searchable.
7 votes -
help menu
Extremely unhelpful targeted help screens. There were questions asked on the help screen that were not answered in the help section. It linked to the general help area and did not provide any answers. Need better targeted help with real answers to the questions you select.
2 votes -
Nist certifications
Flag the assessment as insufficient for a NIST certification prior to being submitted to HITRUST so that the entity and assessor can verify the scores for those requirement statements. Also a list of requirement statements that apply to a NIST certification would be helpful.
4 votes -
Requirement statement selections
When a similar requirement statement is applicable for multiple regulatory factors, only have that requirement statement appear once in the scoped assessment, currently they can appear multiple times in an assessment.
2 votesThanks for the feedback. This is addressed in v10.
- Don't see your idea?