333 results found
-
Review sign off
Add a checkbox or field for external reviewers to sign off on requirement statement after they have reviewed them.
1 vote -
Average Domain by Maturity Rating Report
Enhance the Average Domain by Maturity Rating Report to also report on the Assessor's suggested maturity scores. The current Average Domain by Maturity Rating Report only reports the maturity scores entered by the subscriber. During an assessment project, there is not a method for the customer to generate a report that reflects the proposed maturity scores from the assessor. In order to prioritize their efforts, subscribers often need to understand whether a domain has obtained a passing score or not. Currently, they need to accept all the scores from the assessors or create a manual report outside of the MyCSF…
3 votes -
All fields that appear in the final report should be indicated as such with an icon on the page
Within an Assessment, the tool should clearly indicate/label inputs that are included in the HITRUST issued Report.
16 votes -
date format
with the increased usage of MyCSF by non-US based users all dates should be switched to Month DD, YYYY format from the MM/DD/YYYY format currently used to avoid confusion
1 vote -
Comment fields for each control maturity level
When populating an assessment, MyCSF should offer comment fields for each control maturity level instead of just having one big comment field for the whole requirement. See attached pic.
3 votes -
Add reporting of user activity
Add reporting of user activity. Specifically provide reporting of returned requirements (user activity reporting) for an assessment. Providing the ability to specific a date range and see the user specific activities on each requirement (history).
3 votes -
Assign CAP to User
Allow a CAP be assignable to a User in an Organization. This wouldn't permit them to add new CAPs or link to Statements, but would allow them to modify the fields of CAPs they're assigned.
9 votes -
Real-Time CAP Report
Create a Report that can identify any mandatory Corrective Actions using the existing scores of the Statements in an Assessment
3 votes -
Field for HITRUST to explain why a submission was reverted
When HITRUST reverts an submitted assessment back to either an assessor or to the subscriber, MyCSF should have a field available for HITRUST to state why the assessment was reverted. This field should be required, and this field's contents should be made visible to the subscriber and assessor.
3 votes -
Give assessors an easy way to "reject" evidence linked to a requirement statement by the assessed entity
If a document was identified as associated with a requirement statement or requirement statement's PRISMA attribute(s), the assessor should be given an easy way to flag items as irrelevant to the PRISMA attribute and to the requirement statement. Its common for the customer to link files that may be related to other requirements but not necessarily to the requirement statement at hand.
16 votes -
Introduce the notion of CHQP (Assessor firm internal QA) start and end times
There are times when the addition of assessor team quality review pushes past the 90-day window. We get backlogged the same way you do. We always adhere to the 90-day window for accepting and reviewing evidence, and we can demonstrate that reasonably. But it would be helpful if there was some flexibility around the submission date. If we plug in the real dates of assessment, and then submit 91 days after we started testing, the system errors due to >90.
Introducing the notion of the defined assessment window of 90 days, and the CHQP review period (stated dates) might help…
3 votes -
Requesting Inheritance for a Control - Make it easier submit the request.
After deciding that a control was inheritable, we saw the link in the bottom left menu, but when the page displayed there was no active buttons and nothing to indicate that the request had not been submitted to the cloud service provider.
After our inheritance requests sat in pending status for 3 days, we checked with HITRUST support to discover that we must select the Created link at the top, first, and then select the Submit to Vendor button that appears only after the create step in order to properly send the request.
There is an opportunity to eliminate some…
10 votes -
Diary Notifications and Indicators
Add notifications when new diary entries are posted to an item that I haven't yet read. It would be great if this was visible at the domain and requirement statement level. It should be user specific - so once I read an entry, it turns the "New" notification off. This way I know when a subscriber leaves me a note or question, and they know when I leave a reply. I also upvoted the tagging option in diaries as this would be be a similar feature, but only if I can tell the difference between items I've read and haven't…
7 votes -
Submit Individual Questions that are reverted to External Assessor
Capability that allows a user to submit a reverted Question to their External Assessor without waiting for the Domain and/or Assessment to be completed.
11 votes -
Flag for zero-occurrence / 0-pop requirements
HITRUST's guidance allows zero-population requirements to be scored at fully compliant on the implemented level IF a well-defined policy and procedure exists for the assessed entity to observe should the related activity occur. However, MyCSF doesn't currently do a good job of allowing assessed entities and assessors to efficiently communicate this scenario. Because MyCSF requires that evidence be linked to a scored implemented PRISMA level, assessors are often forced to tag the policy or procedure documents to the implemented PRISMA level in this scenario. To remedy, MyCSF should offer a flag (e.g., a checkbox) which can be used to communicate…
10 votes -
Display Message within the tool informing clients of bugs/patches or issues to be proactive and better inform
When issues or bugs happen, it would be helpful to notify clients via notification or Red Flag Message in the tool to inform them. This would show the informed and proactive communication from HITRUST to the Clients to improve their experience within the MyCSF tool.
5 votes -
Disable save password dialog for two factor code in Google Chrome
When you enter your password Google Chrome gives a dialog to save your password which users may or may not choose to do. In addition the way MyCSF is coded it prompts to save one time two factor codes and it should be disabled as there is no reason to save that code ever.
10 votes -
Option to disable test environment notifications.
Allow notifications from test environments to be turned off.
11 votes -
Save and Close on Document Modal
Please provide an option to both Save and Close the window when linking documents to a requirement statement. Right now, this takes 2 clicks. We have to save the document links before we can close... then we have to close to get back out to the requirement statement to complete our scoring. It's a lot of clicking already to link all the documents. Please take one click away. Thank you!
5 votes -
Validated Targeted Assessment (PCI, AODG, CMMC, etc)
Scoped to any authoritative source or combination or multiple sources
Would require updates to the Assurance process and program
Can be based on any tailored combination controls1 vote
- Don't see your idea?