MyCSF

JUMP TO ANOTHER FORUM

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. When you have a level 3 Requirement statement, can the level 1 and level 2 requirement statement for that same control be removed from the assessment? This would remove redundancy, by not having to ask the business for evidence at each level because it would be inclusive in the level 3. This would also lower the number of overall baselines while still covering the control.

    9 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  2. Specifically enumerate all required policy statements and items for each requirement at the policy and procedure level as a checklist. Hiding specific requirements inside the repetitive narrative of the illustrative procedures makes it extremely difficult to parse-out what is required in policy and procedure documentation. While you're at it, remove the repetitive language all together since it's obvious for each control that "ad hoc or well understood blah blah" is already partially acceptable by your rubric and focus on giving more examples of acceptable language or implementations or links to relevant information.

    6 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  3. There should be a date for a CSF version's expiration shown when on the Name and Security page.

    4 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Proposed  ·  1 comment  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow for targeting assessments against APEC programs

    1 vote
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  5. When users are completing a CSF Assessment the Authoritative Source section should be shown when hovering over an Assessment Statement.

    There should be an info logo for the user to hover over

    2 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  6. Ability to run a report that mirrors the CSF Summary Changes

    1 vote
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  7. Give users the ability to search a CSF library for strings.

    1 vote
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to expand out the elements of the library en masse. For example press a button to show all of the children under the Control Categories section for easier searching.

    0 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  9. root-level view for control reference that opens up into the 156 control references and then opens up into the requirement statements listed under each control reference..

    *Looking something like this: *
    + Control References
    --- 00.a Information Security Management Program
    --+ 01.a Access Control Policy
    ------- An access control policy shall be established documented and reviewed based on business and security requirements for access.
    ------- There shall be a formal documented and implemented user registration and de-registration procedure for granting and revoking access.

    If I understand correctly the problem with going through the category view is that control references may…

    0 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  CSF & Authoritative Sources  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?