MyCSF

JUMP TO ANOTHER FORUM

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. HITRUST's guidance allows zero-population requirements to be scored at fully compliant on the implemented level IF a well-defined policy and procedure exists for the assessed entity to observe should the related activity occur. However, MyCSF doesn't currently do a good job of allowing assessed entities and assessors to efficiently communicate this scenario. Because MyCSF requires that evidence be linked to a scored implemented PRISMA level, assessors are often forced to tag the policy or procedure documents to the implemented PRISMA level in this scenario. To remedy, MyCSF should offer a flag (e.g., a checkbox) which can be used to communicate…

    8 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Performing & Submitting Assessments  ·  Flag idea as inappropriate…  ·  Admin →
  2. When doing a bulk upload of documents (screenshots, workpapers, etc.) via a compressed zip archive using the bulk upload functionality, users should be able to automatically associate documents with requirement statements and PRISMA levels (e.g., policy) using a defined folder structure within the archive.

    The folder structure can be something like this:

    -- domain
    --- requirement statement ID
    ---- policy
    ---- process
    ---- implemented
    ---- measured
    ---- managed

    Documents present in these folders would be (a) uploaded, (b) associated with the requirement statement, and (c) tagged to the PRISMA levels

    8 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Documents & Evidence  ·  Flag idea as inappropriate…  ·  Admin →
  3. When a user belonging to an Assessment's Assessor is assigned a subscriber role, a warning message should be thrown to the user setting the permission that this user will not be allowed to do any validation work if this role is assigned.

    11 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Name & Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. MyCSF will automatically delete the draft report files 7 days after the final reports are posted.

    5 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Performing & Submitting Assessments  ·  Flag idea as inappropriate…  ·  Admin →
  5. QA times should be reservation-based instead of the current first come, first served model.

    10 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Started  ·  0 comments  ·  Performing & Submitting Assessments  ·  Flag idea as inappropriate…  ·  Admin →
  6. Currently we cannot identify the control category for a particular control requirement. Subscribers who opt only for 3 month CSF subscription without reporting functionality, we cannot identify the control category. It would be helpful if the control category is included like other details like - Control unique ID, Level and illustrative procedures.

    2 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  MyCSF  ·  Flag idea as inappropriate…  ·  Admin →
  7. Can we add an enhancement to add the control reference to the requirement statements layout. Like the below. People have a hard time of telling what the requirements are related to without the name. Example is the constant confusion on 09.x and 09.y controls. They are all e-commerce and online transaction but some of them do not have either of those terms within the statement so people think it is just a standalone control.

    09.x Electronic Commerce Services
    !1579275197061-0.png!

    9 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Performing & Submitting Assessments  ·  Flag idea as inappropriate…  ·  Admin →
  8. Assign individual users to a milestone and notify of approaching milestone completion date. This would enhance the functionality of the CAP module to include milestone approach date.

    2 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Corrective Action Plans (CAPs)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Provide assessors the ability to revert entire domains back to clients- even if the feature was only available when the status of the domain is "assessor review pending". This would avoid needing to request HITRUST to revert domains if clients accidentally hit submit too early.

    7 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Performing & Submitting Assessments  ·  Flag idea as inappropriate…  ·  Admin →
  10. 6 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documents & Evidence  ·  Flag idea as inappropriate…  ·  Admin →
  11. The general documents view should allow the user to sort the documents by date uploaded, by document title, and by document description.

    5 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documents & Evidence  ·  Flag idea as inappropriate…  ·  Admin →
  12. HITRUST should create a feature to allow inheritance by domain/control rather than the whole assessment being returned for a single control/domain inheritance request.

    7 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →
  13. Capability that allows a user to submit a reverted Question to their External Assessor without waiting for the Domain and/or Assessment to be completed.

    7 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Performing & Submitting Assessments  ·  Flag idea as inappropriate…  ·  Admin →
  14. Ability to handle authentication and user administration leveraging company's LDAP or AD

    8 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  API & Integrations  ·  Flag idea as inappropriate…  ·  Admin →
  15. The system shall allow Internal Inheritance from any CSF Version.

    In QA, currently the system only allows you to apply Internal Inheritance on an Assessment Statement if both Assessment's has the same CSF Version. The system should allow you to apply the inheritance if the CSF Version is different- like External Inheritance.

    9 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Inheritance & Shared Responsibility  ·  Flag idea as inappropriate…  ·  Admin →

    • Name fields on the external assessor timesheet should be drop-downs pre-populated with all of the assessor’s users who have access to that object (with the option to still manually type in a name if not in MyCSF).

    • When selected, the CCSFP numbers should auto-populate as well.

    7 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Other  ·  Flag idea as inappropriate…  ·  Admin →
  16. Add notifications when new diary entries are posted to an item that I haven't yet read. It would be great if this was visible at the domain and requirement statement level. It should be user specific - so once I read an entry, it turns the "New" notification off. This way I know when a subscriber leaves me a note or question, and they know when I leave a reply. I also upvoted the tagging option in diaries as this would be be a similar feature, but only if I can tell the difference between items I've read and haven't…

    4 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Usability  ·  Flag idea as inappropriate…  ·  Admin →
  17. When you enter your password Google Chrome gives a dialog to save your password which users may or may not choose to do. In addition the way MyCSF is coded it prompts to save one time two factor codes and it should be disabled as there is no reason to save that code ever.

    6 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Administration & Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. The document replace functionality should also replace document's name (not just document's contents). Right now it appears to replace the document contents but leaves the old document name.

    7 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Documents & Evidence  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add spellcheck functionality.

    5 votes
    Sign in
    (thinking…)
    Sign in with:
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  General Usability  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?