15 results found
-
When partial inheritance is utilized MyCSF should display the client score, inherited score, and aggregate score
When the client and assessor are viewing requirement statements for which partial inheritance is utilized, it is extremely hard to tell what score is being displayed and how it was calculated. Depending on the state of the requirement statement, you may be seeing the client's score or the aggregate score after the inherited portion of the score was averaged in. MyCSF does not indicate which score you are seeing.
Instead of only displaying the aggregate score, MyCSF should display the client's score, inherited score, and aggregate score. This will increase transparency into the inheritance calculation that is happening automatically and…
45 votesA "Scoring" tab has been added to the inheritance modal displaying the scoring calculations performed by MyCSF when inheritance is used.
-
Inheritance Color Coding
Once a control is selected for inheritance and the details are entered the inheritance button should change to another color. It would allow users to more easily track what work has already been completed and allow you a feature to develop reporting upon for what is currently selected.
3 votes -
The ability for users to remove inheritance was submitted to the assessor
Currently, there is no way for users to remove inheritance or inheritance requests once submitted. If the auditor tests it, and finds that inheritance is not appropriate, there needs to be an easier way to remove inheritance rather than requesting from HITRUST support.
25 votes -
2 votes
-
Make Shared Responsibility Matrix Spreadsheets Editable
Please allow users to edit the Shared Responsibility Matrix spreadsheets.
The value of this content comes from organizations utilizing it to manage their HITRUST programs.
We need to be able to filter, sort, remove rows, add columns to document our environment and current state, etc.
With the content locked down I currently need to cut your content from the SRM spreadsheet, then paste it to a new spreadsheet, and then re-format every column again.
I understand your spreadsheet states that it must be used and distributed in your format but that is impossible when you lock it down.1 vote -
Internal Inheritance should be allowed from any CSF Version
The system shall allow Internal Inheritance from any CSF Version.
In QA, currently the system only allows you to apply Internal Inheritance on an Assessment Statement if both Assessment's has the same CSF Version. The system should allow you to apply the inheritance if the CSF Version is different- like External Inheritance.
11 votes -
Add feedback textbox to provide a justification as to why an inheritance was rejected
Add two boxes within the inheritance portal that CSP providers can give feedback to the inheritance requests. This will be useful to provide feedback on why an inheritance was rejected. Ideally, there should be two approvals, one for the requirement and one for the weight.
3 votes -
Add controls specifications to each inheritance request to inform on percentage of inheritance
For controls that are shared between the CSP and the customer, HITRUST should add the controls specification related to each requirement, and have the customer list which controls specification is the CSP provider responsible for implementing. The percentage (weight) of the inheritance request will be based on the number of controls specification that the CSP is responsible for implementing relative to the total controls specifications associated with the requirement.
2 votes -
Add the ability to filter the inheritance request by requirement, date, and customer
Add the ability to filter the inheritance request by requirement, date, domain and customer (requestor)
1 vote -
Provide a functionality to download all inheritance requests from Mycsf in CSV format
Provide a functionality to download all inheritance requests from Mycsf in CSV format. This will help CSP providers manage the inheritance requests queue, and will help with tracking and reporting.
1 vote -
Add a date to the inheritance requests queue
Within MyCSF, please add a date which shows when an inheritance request was created, submitted, approved, and applied. This will be especially helpful to track the review of the inheritance requests.
1 voteRequested date has been added to the Inheritance pages
-
[BL] Updated Inheritance Business Rules
Inheriting Statements that were also inherited would need to either route or provide information regarding the true source of the Statement.
This should also be coupled with alerts to Customers who inherit regarding their Vendors Cert expiration.
1 vote -
Modify Comment Presentation on Inheritance Page
Adjust how the comments are rendered on the Inheritance pages. Identical to User Delegation, instead of displaying the entire comment, show an icon in its place and allow user to hover the icon to view comment.
0 votes -
10163 - MyCSF External Inheritance CSF Certified
The system shall automatically deselect the “Published” check box of an Assessment if it has been two (2) years from the Certified Assessment’s Final Report Date.
MyCSF should have a business rule in place for all Assessments in the MyCSF Inheritance Program that are CSF Certified which unpublishes their Assessment from the External Inheritance drop-down if the current date is more than 2 years past the Final Report Date. The system should automatically uncheck the “Published” check box on the Name and Security page if this condition is met.
0 votes -
10164 - MyCSF External Inheritance not CSF Certified
The system shall automatically deselect the “Published” checkbox of an Assessment if it has been one (1) year from the Assessment’s Final Report Date.
MyCSF should have a business rule in place for all Assessments in the MyCSF Inheritance Program that are not CSF Certified which unpublishes their Assessment from the External Inheritance drop-down if the current date is more than one (1) year past the Final Report Date. The system should automatically uncheck the “Published” checkbox on the Name & Security page if this condition is met.
0 votes
- Don't see your idea?