316 results found
-
Add an industry benchmark chart into the NIST CSF report
Something like the attached example
1 vote -
New option on compliance pack to contain just sections of the authoritative source within a specified range of average score s
In addition to having the option to include only certain parts of the authoritative source in a compliance pack, the option should also exist to have the compliance pack only include those sections of the authoritative source with an average score falling within a specified range (e.g., below 60, between 60-70, etc.). This will allow for the breaking out of the areas warranting remediation / further review.
1 vote -
Documents Repository and Linkage
One of the most time consuming tasks in performing assessments is the linkage of documentation. I think it would be helpful if our documentation repository creates a slot for each document. The slot is then mapped in a one to many relationship model to control requirements. The documents are then uploaded to the virtual slot. The big advantage is that documents in the slots can be automatically mapped to any assessment object and if the most recently reviewed version of a policy is uploaded to the slot to replace the old version, the new one automatically mapped as well. This…
6 votes -
inheritance
Integrate the Shared Responsibility Matrix (SRM) into the inheritance selection process. Currently, it is feasible for a subscriber to select inheritance for a requirement that is categorized as not inheritable in the SRM. Recently, a customer submitted inheritance, which was ultimately rejected. Upon further research, HITRUST support indicated that the requirement was not inheritable, as described in the SRM. A subscriber should not be able to select inheritance for those requirements defined as not inheritable.
7 votes -
Rep Letter Upload Requirement
Remove edit check that requires client to upload a rep letter in order to submit a domain to the assessor. This is too early in the process to provide a rep letter - currently, clients must upload a fake / placeholder document as a workaround.
4 votes -
Sort requirements by Unique ID
It would be great if there was an option to sort/filter requirements based on the Unique ID, not just the level or control.
33 votes -
Requirement statement selections
When a similar requirement statement is applicable for multiple regulatory factors, only have that requirement statement appear once in the scoped assessment, currently they can appear multiple times in an assessment.
1 voteThanks for the feedback. This is addressed in v10.
-
No Active Subscriber Error Message
The No Active Subscribers error message should be more specific concerning the actual error. It currently displays when a user is not assigned to any assessments or when the subscriber account has expired. A more descriptive error message would prevent confusion and assist is resolving the actual issue earlier without client frustration.
1 vote -
Help Context should be linked
Where we have help pages built (eg: Factors) you should be able to click on the factor and see the help information in a sidebar without having to leave the MyCSF page.
36 votes -
Visualize reports before clicking on them
Whenever I'm working on getting controls exported, I always forget which report I like the best (I recently re-learned that it's the Assessment Report (Column)). It'd be great to have a picture next to each report type to more easily identify each report.
3 votes -
Ability to sort documents list
The general documents view should allow the user to sort the documents by date uploaded, by document title, and by document description.
19 votes -
Removing the lower level nested Requirement Statements from an assessment
When you have a level 3 Requirement statement, can the level 1 and level 2 requirement statement for that same control be removed from the assessment? This would remove redundancy, by not having to ask the business for evidence at each level because it would be inclusive in the level 3. This would also lower the number of overall baselines while still covering the control.
13 votes -
Custom Reporting
Users should have the ability to write custom reports, build custom charts, and save these for later usage. Something similar to Microsoft PowerBI or an equivalent product.
28 votes -
Add a submission check for failing scores (requires override)
There are a variety of quality checks imposed, some that require overrides from the assessor team to continue with submission. One of those should be 'scores are already too low to certify'.
Please add a little flag or warning note at the time of submission to simply say, "You're submitting an assessment for certification, but the scores are too low to certify. Proceed Y/N?"
Our particular case was due to errors in the inheritance process, but it could happen in other scenarios. Best to alert the assessor and confirm that they are not seeking certification.
7 votes -
Separate discretionary factors from mandatory factors
I'd like to see the scoping factors that are optional / discretionary (namely the regulatory factors) clearly labeled as such, or even moved into their own page containing a disclaimer that they are optional. For the rest of the factors (which MUST be accurate), I'd like to see them clearly labeled as such or on their own page with a tagline describing that they must be accurately entered.
33 votes -
Requirement statement text in "linked statements for" modal should be a hyperlink
In the modal accessible from the general documents page used to show the requirement statements that are linked to a particular document, the requirement statement text should be a hyperlink leading to that requirement statement. See pic.
3 votes -
Returned Requirements Reporting
User activity - would like the ability to pull reporting on assessments of returned requirements and if possible other related user activity.
1 vote -
Return single domain or control to correct inheritance
HITRUST should create a feature to allow inheritance by domain/control rather than the whole assessment being returned for a single control/domain inheritance request.
21 votes -
Offline Assessment for Interims & Bridges
MyCSF should allow a user to download and use the Offline Assessment for Interim and Bridge Assessment
5 votes -
Search all attached documents for keyword(s)
MyCSF should allow users to perform a keyword search throughout all attached documents. While this obviously wont search screenshots and non-OCR'd PDFs, the ability to do a mass search of all uploaded documents in one run would be valuable.
21 votes
- Don't see your idea?