Skip to content

How can we improve MyCSF?

MyCSF: CSF & Authoritative Sources

CATEGORIES
All ideas
My feedback
API & Integrations 3 ideas
Administration & Security 10 ideas
Analytics & Reporting 46 ideas
CSF & Authoritative Sources 18 ideas
Corrective Action Plans (CAPs) 18 ideas
Custom & Targeted Assessments 5 ideas
Documents & Evidence 37 ideas
Final & Draft Reports 2 ideas
General Usability 49 ideas
Help 11 ideas
Inheritance & Shared Responsibility 22 ideas
Interim Assessments 6 ideas
Name & Security 3 ideas
Notifications & Alerts 8 ideas
Offline Assessments 5 ideas
Other 18 ideas
Performing & Submitting Assessments 40 ideas
Potential Quailty Issues (PQIs) 2 ideas
Pre-Assessment & Scoping 11 ideas
Reservations 1 idea

Searching…

No results.
Clear search results

- AI security certification spec. - Exposure draft 0 ideas
- Insights Reports 2 ideas
- MyCSF 316 ideas
- Products and Services Directory 0 ideas
- Results Distribution System (RDS) 5 ideas
- The HITRUST CSF 26 ideas

Removing the lower level nested Requirement Statements from an assessment

When you have a level 3 Requirement statement, can the level 1 and level 2 requirement statement for that same control be removed from the assessment? This would remove redundancy, by not having to ask the business for evidence at each level because it would be inclusive in the level 3. This would also lower the number of overall baselines while still covering the control.

13 votes

Amy Brock shared this idea · Jun 10, 2020 · Report… · Admin →

Planned ·

AdminJeremy Huval (Chief Innovation Officer, HITRUST) responded · Sep 23, 2020

Show previous admin responses (1)

An error occurred while saving the comment

Brian Scheuber commented · June 15, 2020 8:20 AM · Report

Agree that higher level requirements should be assumed to include the expectations of lower level requirements. So eliminating the redundancy would be a time saver while still addressing the expected levels of compliance.

Submitting...