Skip to content

The HITRUST CSF

The HITRUST CSF

Categories

JUMP TO ANOTHER FORUM

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

10 results found

  1. Type: Organizational . Level: 1 . ID: 1828.08a1Organizational.12

    Missing word in policy portion under Illustrated Procedures: "Computers that store or process covered information are located in areas that are unattended and have unrestricted access by the public."

    Adjusted sentence would be "Computers that store or process covered information are never located in areas..."

    1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  2. When setting up a new assessment, only a subset of the 44 authoritative sources in the CSF today are selectable / optional regulatory factors. Instead, 44 authoritative sources should be made into optional (selectable) regulatory factors.

    2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  3. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Clarity  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  4. 4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Clarity  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  5. 6 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  0 comments  ·  Clarity  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  6. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  7. 2 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  8. 1 vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  9. In the requirement, "Risk designations are assigned for all positions in the organization", a scope of the whole organization is forced through the wording. In v10, no requirements should dictate scope in and of themselves and should instead be written in such a way that they can be tested to the assessment's scope.

    4 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  10. Assessors and assessed entities could benefit from something communicating the exact number of CSF implementation specifications present in the policy illustrative procedures. This could be through something like a number that precedes the policy illustrative procedure or even consistent use of roman numerals in the policy illustrative procedure. This would help everyone involved in preparing for, performing, and reviewing assessments ensure they are working with a generally understood denominator for scoring calculations.

    For example:
    Instead of saying "Inspect written policies to determine that they contain X, Y, and Z.", the policy illustrative procedure could display as,
    "Inspect written policies to…

    14 votes

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)

    We’ll send you updates on this idea

    Planned  ·  4 comments  ·  Clarity  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
  • Don't see your idea?