MyCSF

JUMP TO ANOTHER FORUM

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. When the client and assessor are viewing requirement statements for which partial inheritance is utilized, it is extremely hard to tell what score is being displayed and how it was calculated. Depending on the state of the requirement statement, you may be seeing the client's score or the aggregate score after the inherited portion of the score was averaged in. MyCSF does not indicate which score you are seeing.

    Instead of only displaying the aggregate score, MyCSF should display the client's score, inherited score, and aggregate score. This will increase transparency into the inheritance calculation that is happening automatically and…

    42 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  2 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. Peer the test plan requirement, is there any way within MyCSF where the assessor can note this is SAMPLED requirement, so then the client does not submit evidence that cannot be used since the control request sampling?

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  0 comments  ·  General Usability  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. When creating a new assessment object AFTER already having been certified (i.e., in a re-certification scenario), MyCSF should have an option to include or NOT include the documentation linkages present in the previous assessment object.

    25 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  0 comments  ·  Documents & Evidence  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. Similar to waiting for DMV or to see a doctor, continually show assessment status. For example, state there are 30 assessments ahead of our submission, and update as our submission moves up the queue. Or show submitted assessment has an estimated 8 weeks to be viewed by QA assessor and adjust as the assessment gets closer to being viewed. It would be helpful to know this.

    7 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  0 comments  ·  Notifications & Alerts  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. Specifically enumerate all required policy statements and items for each requirement at the policy and procedure level as a checklist. Hiding specific requirements inside the repetitive narrative of the illustrative procedures makes it extremely difficult to parse-out what is required in policy and procedure documentation. While you're at it, remove the repetitive language all together since it's obvious for each control that "ad hoc or well understood blah blah" is already partially acceptable by your rubric and focus on giving more examples of acceptable language or implementations or links to relevant information.

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  1 comment  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. Remove edit check that requires client to upload a rep letter in order to submit a domain to the assessor. This is too early in the process to provide a rep letter - currently, clients must upload a fake / placeholder document as a workaround.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  1 comment  ·  Performing & Submitting Assessments  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. When a similar requirement statement is applicable for multiple regulatory factors, only have that requirement statement appear once in the scoped assessment, currently they can appear multiple times in an assessment.

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?