16 results found
-
Ability to Map Control Testing to Other Controls Where Controls and Testing are identical
Have the ability to test one control with all the necessary comments, documents and working papers. If this control and test satisfies other controls (which there are several redundant controls throughout the assessment) have the ability to "link" testing to other Domain/Controls and that control artifact will populate automatically. That would save a lot of time and redundant work.
1 voteEach requirement statement has unique "asks" in its illustrative procedures (r2 assessments) or evaluative elements (i1 assessments). As such, each requirement will have unique tests, comments, documents linked, outcomes, scoring, etc.
-
MyCSF feedback: 100% inheritance editing + PQIs
If something is given 100% inheritance and you have to make changes to it during the process, it should not be locked to make those changes.
Also, the PQI feature is nice..but if anything I would give people the option to customize the words that trigger the issue. I would use this as a way to ensure I've answered everything in the way I want and leave "to do" notices for myself. I would also not make it so hard to submit if there is a PQI. Maybe give a notice and allow the submitter to accept in order to…3 votesWhen full inheritance is used, the scoring of the requirement in the inherited and inheriting must match. If there is a need to have the requirement's scoring different in the inheriting assessment, partial inheritance may be instead necessary.
-
Filter Domain by control based on control status
When filtering a Domain by Control based on the controls status, such as External Assessor Review Pending or Response for external assessor needed, maintain the control number instead of re-numbering.
Currently, when we filter by the control status the control number changes based on the number of controls in that status. Instead the control number should remain the same so when we are referencing controls there is no confusion if client or assessor is using this filter. Thanks.
1 voteBaseline Unique IDs (BUIDs) and Cross-version IDs (CVIDs) are much, much better identifiers to use. The numbers preceding the requirement statements in MyCSF's assessment view change when the domain's sorting and filtering changes (as you stated), making them ill-suited for referencing the requirement statements.
-
Validating documents
When validating Policy, Procedures, and Evidence, there should be a single button option as well as current options to choose to agree with all documents. Thus, it will save time to checkmark each.
1 vote -
Issues with AWS and MS Azure Shared Responsibility Matrix Spreadsheets
When the just released SRM spreadsheets are downloaded so we can use it as a working document there are problems.
When columns are filtered the data in Columns A-L all disappears and is replaced with "Name?"
Please fix these spreadsheets so that I can eliminate the out of scope controls and then focus further on "Inheritable" controls through the use of filters while keeping all of the original content.2 votesIssue could not be replicated
-
Create a message center within MyCSF for inheritance requests.
creating an inbox where customers and CSP providers can communicate within MyCSF for all matters related to the inheritance requests.
4 votes -
Compensating Controls
Compensating controls: Permit compensating controls for the more prescriptive controls.
2 votes -
Add a disclaimer to subscriber comments field
The subscriber comments field should have some kind of disclaimer in the myCSF front-end that reminds users that anything entered there will go into the final report. This disclaimer should only be visible if the user failed to opt-out of the associated preference. The suggestion here is to replace the "Comments:" label with "Comments (Note: Included in final report):".
5 votesNow that we offer the option to exclude subscriber comments from the final report, this suggestion is less critical than it once was.
-
Include the # of CAPs and GAPs in the report
In Appendix B and C, document the specific number of CAPs and GAPs identified for each section. For example, "Appendix B - Corrective Action Plans Required for certification: 18", "Appendix C - Additional Gaps Identified: 15" Or, place them in the subheadings rather than the headings.
3 votesWe did a user acceptance study involving the input of numerous assessors, relying parties, and assessed entities, and feedback on implementing this idea was negative. As such, we will not be implementing this suggestion.
-
Remove carriage returns or line breaks in all fields
In comments and other user input fields there are line breaks and carriage returns that cause multiple line comments to start on the second or third line instead of the first. This makes reports difficult to utlizie without expanding the row to see all the text.
3 votes -
Assessor Objects Should Have Same Reporting Capabilities as Assessed Organizations
As an assessor, we can create test objects. However, we don't have the ability to produce reports from those objects. Often, customers request analysis related to their specific assessments. Having the ability to "clone" their assessment and produce analytical reports is needed. For example, within the MyCSF portal, a customer can see the impact of changing factors has on the number of requirements. However, there is not a way to report on the specific requirements affected by the change in factors. Currently, providing this type of information for the customer is manual and time-consuming.
1 voteReporting from assessor demo environments was disabled intentionally.
-
Add functionality to approve previously rejected inheritance request
Add functionality to approve previously rejected inheritance request. Currently, once you approve an inheritance request, there is no ability to update it.
1 vote -
[BL] Assessment Name and Statement visible on CAP Repository Table
From the CAP Repository, add a column to include the linked Assessments and their Statements
3 votesThis isn't possible given that a CAP can be linked to more than one assessment and more than one requirement statement.
-
[BL] Prevent Zipped Folder from being mapped to more than One Statement
If a zipped folder is the type of attachment for a Document then present any user who tries to map the folder as evidence for multiple statements a message that informs them as much
2 votes -
[BL] Add Report date when selecting External Inheritance
The system shall add the Final Report Date when selecting External Inheritance.
The External Inheritance selection should be updated to include the Assessments Final Report Date. When selecting an Assessment for External Inheritance the dropdown list should read: “Subscriber (Vendor Name) / Assessment Name / Final Report Date”.
Once the Assessment has been selected the modal should include a new column for the Final Report Date.
!1571845056820-0.png!2 votes -
[BL] Document Expiration Notification Workflow
Documentation/evidence may only be good for a certain amount of years. MyCSF should notify users within the organization that the document that is currently uploaded is "expired" and should be updated.
0 votesI decline this request. No document is good for more than one assessment, period.
- Don't see your idea?