340 results found
-
Authoritative sources should be hyperlinks back to the authoritative source text where possible
When possible, authoritative sources should always appear as hyperlinks to the source itself. For example, anytime we show "NIST 800-53 R4 Control A-20" as a source, it should be presented at a link to https://nvd.nist.gov/800-53/Rev4/control/AC-20. These links should appear when authoritative sources are presented in the "References" section in the tool as well as within the sources presented in the "More Info > Authoritative Sources" window specific to the individual requirement statements.
10 votes -
Assessment-wide search capability
A search bar present in the "Assessment" page which searches the entire assessment for the given search term. The only search capability currently present are in the documents repository, and it only searches the document descriptions and document names. This new assessment-wide search should consider:
- customer comments
- assessor comments
- requirement IDs
- requirement statements
- document names
- document descriptions
- CAP responses
- diary entries
- scoping factor responses
- (pretty much everything entered in an assessment)8 votes -
Show % coverage of authoritative source when creating a targeted assessment
When creating a targeted assessment, MyCSF should show a percentage of the coverage of the authoritative source's requirements provided through the targeted assessment.
1 vote -
Allow offline work and upload to MyCSF for CAPs
Allow offline work and upload to MyCSF for CAPs
16 votes -
Comprehensive Document report
Suggestion to add a document report which can show which document related to Policy, Procedure and evidence. Hence, we can filter out which file(s) was used for evidence and which file(s) were used for P&P.
Thanks2 votes -
Under "Assessment Options," consider rephrasing "Report Processing" in the first question. It is confusing.
Under "Assessment Options" consider rephrasing this question as follows - the "Report Processing" piece being capitalized makes it seem like a specific offering type, which is confusing.
- From: "Will this Assessment be submitted to HITRUST for Report Processing?"
- To: "Will this Assessment be submitted to HITRUST for certification?" or something similar.2 votes -
allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments
Allow documents to be tagged as third party assurance reports in interims, bridges, and readiness assessments. Currently they can only be tagged as such in validated assessments.
3 votes -
Electronic Signature for Auditors
For timesheets and QA Sheets - it would be best to have this done electronically. Especially since we are remote - it's easier to have Executive and QA use the same document and electronically sign/initial.
4 votes -
User Guide - Make more apparent
Suggestion. It would be helpful if you put a link in the NEED HELP popup that indicates "Click here for User Guide"; And or as a tab at the top of every screen. Every time I have a problem, I try to figure out where the tab is. Because I am thinking of many things at once, I usually contract the Help Desk. Thank you, Anita Harris
3 votes -
Function to allow External Assessors to agree/disagree with inheritance weights
For requirements involving inheritance, there should be a button where the external assessors can either agree with the selected inheritance weight or disagree and suggest a new inheritance weight, similar to what exists for the maturity level scores. Rejecting the weight would send the requirement back to the client.
5 votes -
7 votes
-
help menu
Extremely unhelpful targeted help screens. There were questions asked on the help screen that were not answered in the help section. It linked to the general help area and did not provide any answers. Need better targeted help with real answers to the questions you select.
2 votes -
Requirement statement selections
When a similar requirement statement is applicable for multiple regulatory factors, only have that requirement statement appear once in the scoped assessment, currently they can appear multiple times in an assessment.
2 votesThanks for the feedback. This is addressed in v10.
-
Suggestive Factor Changes
MyCSF should have a mechanism to suggest scoping factor changes based upon a pattern of Not Applicables applied when responding to the Assessment
5 votes -
Why is this a CAP
Within the UI when something is a CAP add a button that would show why something is a CAP. This would need to include the math behind the requirement and/or control reference.
6 votes -
Make unique IDs readily apparent throughout MyCSF and within Reports and Analytics.
Unique IDs should be apparent throughout MyCSF and within all reports and analytic tools. For example, a user should not have the click on the "Expand" button within the Assessment to view the unique IDs. Unique IDs should also be available when linking documents, rather than trying to match up the statement language. All reports and analytic tools should reference unique IDs when presenting material by requirement statement.
46 votes -
Enumerate policy statements and required areas for illustrative procedures
Specifically enumerate all required policy statements and items for each requirement at the policy and procedure level as a checklist. Hiding specific requirements inside the repetitive narrative of the illustrative procedures makes it extremely difficult to parse-out what is required in policy and procedure documentation. While you're at it, remove the repetitive language all together since it's obvious for each control that "ad hoc or well understood blah blah" is already partially acceptable by your rubric and focus on giving more examples of acceptable language or implementations or links to relevant information.
18 votes -
assessor agree
for N/A requirements, change to a single "agree with N/A"
8 votes -
Display scoring weights in use on the assessment page
MyCSF should display the scoring weights that are in use for the assessment object on the assessment page to avoid confusion around which weights are being utilized.
7 votes -
Use different contrasting colors for the two options below, please. Response Status: External Assessor Review Complete Response Status: Ext
Use different contrasting colors for the two options below, please.
Response Status: External Assessor Review Complete
Response Status: External Assessor Review Pending5 votes
- Don't see your idea?