Users should have the ability to write custom reports, build custom charts, and save these for later usage. Something similar to Microsoft PowerBI or an equivalent product.

Where we have help pages built (eg: Factors) you should be able to click on the factor and see the help information in a sidebar without having to leave the MyCSF page.

Whenever I'm working on getting controls exported, I always forget which report I like the best (I recently re-learned that it's the Assessment Report (Column)). It'd be great to have a picture next to each report type to more easily identify each report.

Remove edit check that requires client to upload a rep letter in order to submit a domain to the assessor. This is too early in the process to provide a rep letter - currently, clients must upload a fake / placeholder document as a workaround.

Integrate the Shared Responsibility Matrix (SRM) into the inheritance selection process. Currently, it is feasible for a subscriber to select inheritance for a requirement that is categorized as not inheritable in the SRM. Recently, a customer submitted inheritance, which was ultimately rejected. Upon further research, HITRUST support indicated that the requirement was not inheritable, as described in the SRM. A subscriber should not be able to select inheritance for those requirements defined as not inheritable.

When you have a level 3 Requirement statement, can the level 1 and level 2 requirement statement for that same control be removed from the assessment? This would remove redundancy, by not having to ask the business for evidence at each level because it would be inclusive in the level 3. This would also lower the number of overall baselines while still covering the control.

Allow offline work and upload to MyCSF for CAPs

I can see a number of users affiliated with our assessor company.

However, I can't add a new assessor staff member to the list of users. Note: This is a new staff member at the assessor company.

It would be wonderful if there were a tool that would let me add new assessor staff to our assessment. How can I do that?

When possible, authoritative sources should always appear as hyperlinks to the source itself. For example, anytime we show "NIST 800-53 R4 Control A-20" as a source, it should be presented at a link to https://nvd.nist.gov/800-53/Rev4/control/AC-20. These links should appear when authoritative sources are presented in the "References" section in the tool as well as within the sources presented in the "More Info > Authoritative Sources" window specific to the individual requirement statements.

We have definitions for procedure and process in the glossary and they have separate meanings. Currently the tool shows the policy process implemented measure and manage instead of procedure.

MyCSF should allow a user to download and use the Offline Assessment for Interim and Bridge Assessment

It would be helpful to have spell checking for the comments section, similar to how it is already implemented for this ideas submission field. If there already is spell checking, then it is not working in my Firefox browser.

with the increased usage of MyCSF by non-US based users all dates should be switched to Month DD, YYYY format from the MM/DD/YYYY format currently used to avoid confusion

In MyCSF make something visible to both the customer and assessor when the QA is being expedited.

Please allow users to edit the Shared Responsibility Matrix spreadsheets.
The value of this content comes from organizations utilizing it to manage their HITRUST programs.
We need to be able to filter, sort, remove rows, add columns to document our environment and current state, etc.
With the content locked down I currently need to cut your content from the SRM spreadsheet, then paste it to a new spreadsheet, and then re-format every column again.
I understand your spreadsheet states that it must be used and distributed in your format but that is impossible when you lock it down.

When the just released SRM spreadsheets are downloaded so we can use it as a working document there are problems.
When columns are filtered the data in Columns A-L all disappears and is replaced with "Name?"
Please fix these spreadsheets so that I can eliminate the out of scope controls and then focus further on "Inheritable" controls through the use of filters while keeping all of the original content.

There are a variety of quality checks imposed, some that require overrides from the assessor team to continue with submission. One of those should be 'scores are already too low to certify'.

Please add a little flag or warning note at the time of submission to simply say, "You're submitting an assessment for certification, but the scores are too low to certify. Proceed Y/N?"

Our particular case was due to errors in the inheritance process, but it could happen in other scenarios. Best to alert the assessor and confirm that they are not seeking certification.

Currently, the "Can Manage CAPs?" checkbox allows a user to both Add and Delete CAPs. Allow for an Admin to specify if the user should be able to Create, Read, Update, and/or Delete CAPs.