Authoritative sources should be hyperlinks back to the authoritative source text where possible
When possible, authoritative sources should always appear as hyperlinks to the source itself. For example, anytime we show "NIST 800-53 R4 Control A-20" as a source, it should be presented at a link to https://nvd.nist.gov/800-53/Rev4/control/AC-20. These links should appear when authoritative sources are presented in the "References" section in the tool as well as within the sources presented in the "More Info > Authoritative Sources" window specific to the individual requirement statements.
AdminJeremy Huval
(Chief Innovation Officer, HITRUST)
shared this idea
-
Farhan Ahmad
commented
It would be helpful (especially for HITRUST CSF controls described at a high-level) that the user is allowed to globally select their favorite authoritative source and that mapped control description is easily available in a collapsible clarification section right below the CSF description.
E.g. Endpoint Protection controls referencing the term "mobile code" is often confusing. However, the NIST 800-53 mapping clarifies that the intended definition primarily targets HTML. Java applets, javascript, and not code running on mobile devices such as iOS and Android apps.
-
Becky Allen
commented
Customer requests to have actual documents, or links to the documents in the Authoritative Source Documents section under References.
-
AdminSethu Kalangara
(Admin, HITRUST)
commented
When users are completing a CSF Assessment the Authoritative Source section should be shown when hovering over an Assessment Statement.
There should be an info logo for the user to hover over