289 results found
-
michael.frederick@hitrustalliance.net
When an interim is generated it should also pull the documentation that was linked into the document library for the assessment and show the names of the documents within the expanded control requirement statement window. This will allow for all work to be done from within the interim versus having to hop between it and its associated full assessment. It would not link the documents, just pull them into the library and provide the listing. Links can be added once documents are updated for most current version.
4 votes -
When viewing the linked documents for a particular Requirement Statement, each document should show the date that it was linked .
When viewing the linked documents for the Requirement Statements, each document should show the date that it was linked without having to go through the document repository especially in situations where we request for additional evidence from the assessor. From some assessments I have done so far, I noticed the assessors do not make reference to the newly linked documents so we have to go to the repository to check the date for all documents to see if any was added outside their testing period. This would really help to save time during QA review.
6 votes -
Drop Down for Contact and Interviewed Names
Have the ability to have once place where interviewed names would be captured and then when populating the control artifacts, you have the ability to select from a drop down of pre-populated names and titles, instead of having to type each persons name and title for each and every control. This would save time.
2 votes -
Preserve state when tree-traversing to Linked Documents for the Upper-Left 'Back-Arrow' Button
Having traversed four tree levels from the Assessment Selection level to a particular Linked Document in MyCSF and (subsequently) reviewed it, use of the Back-Arrow Button in the upper left of the window results in being immediately returned to the Assessment selection level (i.e. back four levels; out of the Assessment altogether) rather then the more intuitive expectation of stepping back one level at a time in the reverse of how one arrived at the Linked Document. Additionally, the "Close" button (which does follow the more expected path of closing the document and beginning the step-wise reverse traversal) may not…
1 vote -
Allow External Assessors to view the Inheritance panel
Currently, only Subscribers can view the dedicated Inheritance screen. This includes the "Download CSV" button allowing for export of Inheritance data. This data is crucial to be available for test plan development for External Assessors outside of MyCSF. Beyond that, Subscribers look to their External Assessors to guide and assist them in using inheritance, which is difficult when we do not have access to that panel. Please consider allowing External Assessor roles to view and export all inheritance information and screens within MyCSF
20 votes -
Copy mapping from evidence items to others.
When uploading evidence for controls often one piece of evidence is used for multiple controls or there are multiple evidence items supporting the same control stage (policy, procedure, implemented). The ability to copy the mapping from one item to another would be a huge time saver.
4 votes -
1 vote
-
Report for Illustrative Measurements
Figuring out how to demonstrate and measure proof of compliance was a steep learning curve. The illustrative measurements were extremely helpful, but I spent a lot of time having to dig for them and reformatting them to make them more readable and easier to search. Being able to sort the measurements by unique ID, CSF objective, and system/organizational would be a powerful feature.
3 votes -
Notification could be in RED Color?
NO VALIDATED ASSESSMENT REPORT CREDITS AVAILABLE ASSESSMENT DOMAINS - This notification could be in RED Color?
1 vote -
Sort Corrective Actions Plans By Completion Date
You should be able to sort CAPs by their Scheduled Completion Date.
3 votes -
On Org Home page view, place an "Inheritance" badge icon next to assessment(s) published for External Inheritance
Similar to the Certification badge icon, create and place new "Inheritance" badge on Org Home page to quickly identify which of the assessment(s) listed have been published for External Inheritance with a hover-over pop-up dialogue box with either of the following content: "Enabled on [Effective Date]" or "Disabled on [Effective Date]".
8 votes -
14 votes
-
Offline Inheritance Template / Bulk Inheritance Import via Excel
MyCSF should have a capability that allows user to fill-out an Excel spreadsheet so that users can import it into their Assessment without having to do it one-by-one within the interface.
17 votes -
Document Upload Alert
Can the tool be updated to send alerts to assessors with access to the assessment when documents are uploaded?
8 votes -
Please allow the CSF tool recognize the " ' " character in controls when searching.
When searching for controls the ' character is not read and therefore returns no results for controls with that character in the control language.
3 votes -
Control mapping to authoritative source in report
The assessment report should have an option to include the mapping to an authoritative source.
5 votes -
Customize User Profile
User ID profile picture
1 vote -
Making primary contacts get notified for all assessments a company has
I am the primary contact for my company. The current model requires a client to select me for an assessment or I don't see the assessment. Because of staff turnover I may not have been assigned to a previous assessment. I need to be notified of all assessments my company has and should be a default for all notifications since I am the primary contact.
2 votes -
Publish changelog and alert when the CSF is changed, but version number not incremented
When changes are made to the CSF, but the version number is not bumped, a changelog should be published and assessors and subscribers should be alerted. Currently subscribers often create spreadsheets of requirements for internal use as they prepare for their next assessment.
Sometimes, for a variety of reasons, the assessment object may get refreshed or even deleted and recreated. If a change has occurred to the CSF that didn't bump the version number, the subscriber will end up with an assessment object that doesn't 100% align with their preparation efforts. This is usually not discovered until well into the…
5 votes -
For assessments using the new webforms, MyCSF should validate email addresses for VRA and rep letter signatures
For assessments using the new webforms, MyCSF should validate email addresses for VRA and rep letter signatures and report back to the user if that email address bounces (e.g., due to a typo). This will let the user know that they shouldn't wait for a validated report agreement or rep letter signature that didn't ever actually make it to the intended recipient for signature.
2 votes
- Don't see your idea?