307 results found
-
Automatically generate a generic CAP for requirements scored with a deficiency
Have an option to automatically generate a CAP entry for all requirements scored with a gap. CAP name would include (Auto "control name" )
1 vote -
Add an industry benchmark chart into the NIST CSF report
Something like the attached example
1 vote -
New option on compliance pack to contain just sections of the authoritative source within a specified range of average score s
In addition to having the option to include only certain parts of the authoritative source in a compliance pack, the option should also exist to have the compliance pack only include those sections of the authoritative source with an average score falling within a specified range (e.g., below 60, between 60-70, etc.). This will allow for the breaking out of the areas warranting remediation / further review.
1 vote -
Requirement statement selections
When a similar requirement statement is applicable for multiple regulatory factors, only have that requirement statement appear once in the scoped assessment, currently they can appear multiple times in an assessment.
1 voteThanks for the feedback. This is addressed in v10.
-
No Active Subscriber Error Message
The No Active Subscribers error message should be more specific concerning the actual error. It currently displays when a user is not assigned to any assessments or when the subscriber account has expired. A more descriptive error message would prevent confusion and assist is resolving the actual issue earlier without client frustration.
1 vote -
Returned Requirements Reporting
User activity - would like the ability to pull reporting on assessments of returned requirements and if possible other related user activity.
1 vote -
Review sign off
Add a checkbox or field for external reviewers to sign off on requirement statement after they have reviewed them.
1 vote -
date format
with the increased usage of MyCSF by non-US based users all dates should be switched to Month DD, YYYY format from the MM/DD/YYYY format currently used to avoid confusion
1 vote -
Validated Targeted Assessment (PCI, AODG, CMMC, etc)
Scoped to any authoritative source or combination or multiple sources
Would require updates to the Assurance process and program
Can be based on any tailored combination controls1 vote -
APEC CBPRS and PRPS regulatory factors/reports
Allow for targeting assessments against APEC programs
1 vote -
Delegation Percentage indicator
delegation percentage graph
1 vote -
Show internal assessor scoring
show indication of who entered customer scoring- customer or internal assessor
1 vote -
Please create a report of an assessment's requirement statements that have no documents linked to it.
Please create a report feature to generate 'completed' requirement statements have have no documentation linked. This will help the internal assessor send out follow up emails to ensure the assessment is ready for the external assessor to review.
1 vote -
When no documentation has been added, please add an alert saying 'no documentation has been linked, are you sure you want to proceed?"
Please create a warning alert or prevention function that requires the statement owner to upload the appropriate supporting documentation.
1 vote -
Allow reporting on dairy entries
Add the ability to include dairy entries in reports.
1 vote -
Auto-associating uploaded evidence based on special strings in filenames
When a file is uploaded evidence into an assessment, MyCSF should be able recognize special strings filename to automatically link the file with control maturity levels and/or requirements.
Some examples:
• A document uploaded with a title of "New hire population [Imp].xlsx" would automatically be linked to the requirement's implemented level.
• A file titled "IT security policies [Pol, Pro].pdf" would automatically be linked to the policy and procedure levels.
• An uploaded document with a title of "Termination samples IMP 3334.0.xlsx" would automatically be linked to the implemented level of the requirement with the CVID of 3334.0.This could…
1 vote -
Mouse cursor on the Corrective Action Plans page / list
The mouse cursor icon when mousing over rows of the 'Corrective Action Plans' page (where all of the CAPs are listed in a table) is confusing. It always displays as a hand when mousing over any part of the CAPs table, which makes me think I'm mousing over a link. However, the only links in the table are buttons in the far-right of the table. I think this is a bug. The fix is to correct the cursor icon when mousing over the non-linked areas of the table.
1 vote -
Increase "Corrective Action" field in CAPs pop-up
In the "Corrective Action Plan" modal / pop-up accessible by pressing the "Edit" button for a single CAP listed in the "Corrective Action Plans" page: The "Corrective Action" field is way too small. It's only 3 lines tall, and it makes it very, very hard to read.
1 vote -
[BL] Delegate Maturities
Capability to delegate specific maturities of a Statement
1 vote -
[BL] User Management in User Guide needs an Add User subtopic
The Admin topic in the user guide doesn't mention how to add a user. Also the 3.2 section shouldn't discuss the people tab. It should highlight the topics underneath it.
1 vote
- Don't see your idea?