49 results found
-
Make unique IDs readily apparent throughout MyCSF and within Reports and Analytics.
Unique IDs should be apparent throughout MyCSF and within all reports and analytic tools. For example, a user should not have the click on the "Expand" button within the Assessment to view the unique IDs. Unique IDs should also be available when linking documents, rather than trying to match up the statement language. All reports and analytic tools should reference unique IDs when presenting material by requirement statement.
46 votes -
Add some way to identify when a control is required to be sampled.
Peer the test plan requirement, is there any way within MyCSF where the assessor can note this is SAMPLED requirement, so then the client does not submit evidence that cannot be used since the control request sampling?
19 votes -
Move Illustrative Procedures Link to Main Control Page for Easier Access
Move the linked illustrative procedures button/link to the main expanded view of the individual control, as oppose to having to click "More Info".
10 votes -
Authoritative sources should be hyperlinks back to the authoritative source text where possible
When possible, authoritative sources should always appear as hyperlinks to the source itself. For example, anytime we show "NIST 800-53 R4 Control A-20" as a source, it should be presented at a link to https://nvd.nist.gov/800-53/Rev4/control/AC-20. These links should appear when authoritative sources are presented in the "References" section in the tool as well as within the sources presented in the "More Info > Authoritative Sources" window specific to the individual requirement statements.
10 votes -
Assessment-wide search capability
A search bar present in the "Assessment" page which searches the entire assessment for the given search term. The only search capability currently present are in the documents repository, and it only searches the document descriptions and document names. This new assessment-wide search should consider:
- customer comments
- assessor comments
- requirement IDs
- requirement statements
- document names
- document descriptions
- CAP responses
- diary entries
- scoping factor responses
- (pretty much everything entered in an assessment)8 votes -
Add Assessment Date
Please add a Date column to the assessment list.
7 votes -
Display scoring weights in use on the assessment page
MyCSF should display the scoring weights that are in use for the assessment object on the assessment page to avoid confusion around which weights are being utilized.
7 votes -
Diary Notifications and Indicators
Add notifications when new diary entries are posted to an item that I haven't yet read. It would be great if this was visible at the domain and requirement statement level. It should be user specific - so once I read an entry, it turns the "New" notification off. This way I know when a subscriber leaves me a note or question, and they know when I leave a reply. I also upvoted the tagging option in diaries as this would be be a similar feature, but only if I can tell the difference between items I've read and haven't…
7 votes -
Additional feedback to Enumerate Illustrative Procedures...
Illustrative Procedures are presented in 'narrative' form. Given that the number of 'elements' in an Illustrative Procedure factors into the scoring formula, might not be optimum as ambiguous results can arise based on individual interpretation of the number of elements (not everyone is a champion sentence parser). Ergo, suggestions for revised Illustrative Procedures could be:
1) Bulletized elements with a numeric count provided; or
2) Embedded numbering (e.g. 01, _02, 03, etc.) to identify each salient element again with a numeric count.Additionally, dynamically providing enough blank fields (i.e. # of elements * 5 maturities) in client response areas…
6 votes -
When viewing the linked documents for a particular Requirement Statement, each document should show the date that it was linked .
When viewing the linked documents for the Requirement Statements, each document should show the date that it was linked without having to go through the document repository especially in situations where we request for additional evidence from the assessor. From some assessments I have done so far, I noticed the assessors do not make reference to the newly linked documents so we have to go to the repository to check the date for all documents to see if any was added outside their testing period. This would really help to save time during QA review.
6 votes -
Use different contrasting colors for the two options below, please. Response Status: External Assessor Review Complete Response Status: Ext
Use different contrasting colors for the two options below, please.
Response Status: External Assessor Review Complete
Response Status: External Assessor Review Pending5 votes -
Keep top menubar visible at all times (even after scrolling)
The top menubar containing the Home, Library, Analytics, etc. links should remain visible at all times (even after scrolling down a page).
5 votes -
Validated Report Agreement for CAPs
After the validated report agreement is signed by subscriber please allow for the green check mark to be generated. Subscriber should not have to wait for HITRUST to countersign the validated report agreement for a green checkmark to be generated. This delays the ability to generate caps.
4 votes -
Ability to visualize the linked documents with the requirement statement without needing to click on the linked documents button. The bu
Ability to visualize the linked documents with the requirement statement without needing to click on the linked documents button. The button to link the documents is an appropriate control for performing the linking function but if the user is able to view the list of linked documents content without another key click, it would expedite data entry QC.
4 votes -
Data Localization
Ability for an Organization to select what locale (Americas, Europe, and Asia) to where their data is hosted.
4 votes -
Ability of assigned assessor to bulk download customer or assessor documents
Please return the bulk download functionality. This is very useful at multiple stages of an assessment, especially for text searching and opening multiple documents at once on multiple monitors. -
- update permissions set for assessors assigned to a subscriber's validated assessment object to do bulk download of the mapped documentation whether loaded by customer or assessor.3 votes -
Group assessments
Group assessments by year
3 votes -
Please allow the CSF tool recognize the " ' " character in controls when searching.
When searching for controls the ' character is not read and therefore returns no results for controls with that character in the control language.
3 votes -
import system facility
Auto import from excel system and facility information instead of having to double entry into MyCSF one by one manually.
3 votes -
Requirement statement text in "linked statements for" modal should be a hyperlink
In the modal accessible from the general documents page used to show the requirement statements that are linked to a particular document, the requirement statement text should be a hyperlink leading to that requirement statement. See pic.
3 votes
- Don't see your idea?