301 results found
-
Requesting Inheritance for a Control - Make it easier submit the request.
After deciding that a control was inheritable, we saw the link in the bottom left menu, but when the page displayed there was no active buttons and nothing to indicate that the request had not been submitted to the cloud service provider.
After our inheritance requests sat in pending status for 3 days, we checked with HITRUST support to discover that we must select the Created link at the top, first, and then select the Submit to Vendor button that appears only after the create step in order to properly send the request.
There is an opportunity to eliminate some…
10 votes -
Diary Notifications and Indicators
Add notifications when new diary entries are posted to an item that I haven't yet read. It would be great if this was visible at the domain and requirement statement level. It should be user specific - so once I read an entry, it turns the "New" notification off. This way I know when a subscriber leaves me a note or question, and they know when I leave a reply. I also upvoted the tagging option in diaries as this would be be a similar feature, but only if I can tell the difference between items I've read and haven't…
7 votes -
Flag for zero-occurrence / 0-pop requirements
HITRUST's guidance allows zero-population requirements to be scored at fully compliant on the implemented level IF a well-defined policy and procedure exists for the assessed entity to observe should the related activity occur. However, MyCSF doesn't currently do a good job of allowing assessed entities and assessors to efficiently communicate this scenario. Because MyCSF requires that evidence be linked to a scored implemented PRISMA level, assessors are often forced to tag the policy or procedure documents to the implemented PRISMA level in this scenario. To remedy, MyCSF should offer a flag (e.g., a checkbox) which can be used to communicate…
10 votes -
Display Message within the tool informing clients of bugs/patches or issues to be proactive and better inform
When issues or bugs happen, it would be helpful to notify clients via notification or Red Flag Message in the tool to inform them. This would show the informed and proactive communication from HITRUST to the Clients to improve their experience within the MyCSF tool.
5 votes -
Option to disable test environment notifications.
Allow notifications from test environments to be turned off.
11 votes -
Save and Close on Document Modal
Please provide an option to both Save and Close the window when linking documents to a requirement statement. Right now, this takes 2 clicks. We have to save the document links before we can close... then we have to close to get back out to the requirement statement to complete our scoring. It's a lot of clicking already to link all the documents. Please take one click away. Thank you!
5 votes -
Submit Individual Questions that are reverted to External Assessor
Capability that allows a user to submit a reverted Question to their External Assessor without waiting for the Domain and/or Assessment to be completed.
10 votes -
Validated Targeted Assessment (PCI, AODG, CMMC, etc)
Scoped to any authoritative source or combination or multiple sources
Would require updates to the Assurance process and program
Can be based on any tailored combination controls1 vote -
Ability to automatically associate documents with requirement statements and PRISMA levels during bulk upload using a folder structure
When doing a bulk upload of documents (screenshots, workpapers, etc.) via a compressed zip archive using the bulk upload functionality, users should be able to automatically associate documents with requirement statements and PRISMA levels (e.g., policy) using a defined folder structure within the archive.
The folder structure can be something like this:
-- domain
--- requirement statement ID
---- policy
---- process
---- implemented
---- measured
---- managedDocuments present in these folders would be (a) uploaded, (b) associated with the requirement statement, and (c) tagged to the PRISMA levels
9 votes -
Disable save password dialog for two factor code in Google Chrome
When you enter your password Google Chrome gives a dialog to save your password which users may or may not choose to do. In addition the way MyCSF is coded it prompts to save one time two factor codes and it should be disabled as there is no reason to save that code ever.
9 votes -
[BL] Control Reference labeled on Statements
Can we add an enhancement to add the control reference to the requirement statements layout. Like the below. People have a hard time of telling what the requirements are related to without the name. Example is the constant confusion on 09.x and 09.y controls. They are all e-commerce and online transaction but some of them do not have either of those terms within the statement so people think it is just a standalone control.
09.x Electronic Commerce Services
!1579275197061-0.png!11 votes -
[BL] Assessor Warning when assigned subscriber role
When a user belonging to an Assessment's Assessor is assigned a subscriber role, a warning message should be thrown to the user setting the permission that this user will not be allowed to do any validation work if this role is assigned.
12 votes -
Date of Submission should be when HT approves Assessment
Date of Submission should be when HT approves Assessment
9 votes -
Draft report automatic removal
MyCSF will automatically delete the draft report files 7 days after the final reports are posted.
5 votes -
Provide assessors the ability to revert entire domains back to clients
Provide assessors the ability to revert entire domains back to clients- even if the feature was only available when the status of the domain is "assessor review pending". This would avoid needing to request HITRUST to revert domains if clients accidentally hit submit too early.
8 votes -
Control Category can be included as part of illustrative procedure or control requirement
Currently we cannot identify the control category for a particular control requirement. Subscribers who opt only for 3 month CSF subscription without reporting functionality, we cannot identify the control category. It would be helpful if the control category is included like other details like - Control unique ID, Level and illustrative procedures.
2 votes -
Custom API Endpoints
Allow a User to choose the Data points that they want returned in an API Call. MyCSF would then automatically develop an API path that returns the hand-picked dataset
4 votes -
[BL] Edit/Delete Diary Entries
Feature allowing a user to edit or remove a diary entry
9 votes -
Enhance CAP Notifications
Assign individual users to a milestone and notify of approaching milestone completion date. This would enhance the functionality of the CAP module to include milestone approach date.
2 votes -
External assessor timesheet should have drop-downs on the name fields
- Name fields on the external assessor timesheet should be drop-downs pre-populated with all of the assessor’s users who have access to that object (with the option to still manually type in a name if not in MyCSF).
- When selected, the CCSFP numbers should auto-populate as well.
7 votes
- Don't see your idea?