Release Notes - 2024-JUL-25
Added
Access reviews - managed rollout (MRO)
Added the option to assign each user's direct manager as the reviewer when conducting an access review.
Assign a direct manager as a reviewer based on the direct manager listed for each employee in the imported directory.
Managers can be assigned when an application user list is added or by using the application details page after the application user list is imported.
If no manager is listed in the directory, the default sysadmin is assigned as the reviewer.
If the manager is not a Hyperproof user, the manager is added as a Contact. When the review is launched, managers who are Contacts are invited to Hyperproof. They must accept the invitation and log in to Hyperproof to conduct the review.
See Using direct managers as reviewers for user access for more information.
SPRS scoring
Added tooltips to help guide users when using SPRS scoring
Improved
Audit notifications
Notifications are sent to:
Request assignees 7 and 1 days before the due date, on the due date, and every 7 days after the due date
Audit managers and request assignees every time a request's status or due date is changed
External auditors when a request enters the Submitted to Auditor status
All audit managers as a daily digest with a list of information about requests for the past 24 hours:
All request status changes
All requests that are past due
All request assignments and reassignments
See the Notification for External Auditors idea in the ideas portal.
See Notifications overview for more information.
Filter pane
Custom date fields can be filtered from the Filter pane using a date range filter.
You can filter for Not set, a specific date, between two dates (inclusive), before or on a specific date, or after or on a specific date.
See the Allow filtering by 'not set' on a date field idea in the Ideas portal.
Proof previewer for Microsoft Office toggle
If you prefer not to use the Microsoft Office previewer for proof, you can request that the Office Proof Preview flag be turned off for your organization. When the flag is off, Hyperproof turns off the Microsoft previewer at the organization level in all usage scenarios in the Hyperproof app. (Case # 00008535)
Program frameworks
Hyperproof Common Control Framework (CCF) -This framework is a modern set of cybersecurity and privacy controls, each distilled from key elements found in established frameworks such as NIST 800-53, AICPA SOC 2, ISO 27001, CIS, GDPR, and PCI DSS. This framework facilitates organizational compliance by standardizing processes to effectively address cybersecurity, privacy, and information system risks. Designed to support organizations in advancing their compliance maturity, it provides a structured yet flexible approach to cybersecurity and privacy risk management.
This is the first draft of Hyperproof's content stage and feedback is welcomed and needed. Additional content (available upon request) includes 50+ pre-mapped generic risk templates and mappings of 250+ evidence types to controls (as labels). These evidence types also include new policy templates.
ISO 27001 with Hyperproof Common Control Framework - Everything about ISO 27001:2022 is the same as our standard program, except instead of restating the ISO requirements and Annex A, the program is mapped to the Hyperproof CCF. Organizations interested in using this program should be sure to read through the associated workbook, available upon request, for details on the best way to set the program up.
NIS2 - This program includes optional ISO 27001 and 27002 illustrative controls. The NIS2 Directive revises the European Union's Network and Information Security Directive, expanding its scope to include additional sectors and services such as health, energy, and digital infrastructure. It imposes more stringent security measures and comprehensive incident reporting requirements. For organizations operating in the EU, Article 20 mandates risk management measures and reporting obligations, while Article 21 requires these organizations to adopt cybersecurity policies and governance frameworks. Article 23 specifies that entities must notify authorities of any significant incidents within 24 hours of detection. Article 29 addresses the supervision and enforcement of compliance, empowering national authorities to conduct audits and impose penalties. Article 30 outlines the requirements for cross-border cooperation and mutual assistance among member states.
This program is crosswalked with Jumpstart functionality.
Only those articles applicable to Organizations have been included. Articles addressed to states and NGOs have not been included.
See the NIS2 Directive Idea in the ideas portal.
CIS 8.1 is now available. Includes controls, crosswalks, and baselines.
Because CIS has baselines (known as implementation groups), the framework update feature is NOT available. Vote for this idea.
Even without the framework update feature, updating this program is fairly easy. Hyperproof can provide resources to easily map your existing controls to the program upon request. A change log is available directly from CIS.
PCI DSS 4.0 - Crosswalks have been updated. Organizations with existing PCI DSS 4.0 programs will now see their related requirements in PCI DSS program → requirements → requirement → details revised to correct mappings to more accurately reflect Secure Control Framework (SCF) mappings. This will improve Jumpstart functionality to and from PCI DSS 4.0
CRI Profile 2.0 - Crosswalks have been added based on mappings to NIST CSF.
CMS MARS-E - Crosswalks have been added based on mappings to NIST CSF.
Hyperproof EU now includes most of the frameworks available in Hyperproof US. This includes frameworks and their associated illustrative controls, docx reports, jumpstart/crosswalk, baseline/category selection, and scoring. Note that Hyperproof EU may not contain everything available in Hyperproof US.
Hypersyncs
Added a new Hypersync. Google Sheets - GA
Brings in data from a Sheet, a Named range, or a Custom range.
Testable with automated control testing.
Data types for testing are determined by looking at the first 50 rows of data in the sheet.
See the Create and run automated tests against uploaded CSV file idea in the Ideas portal.
See Google Sheets proof types for more information.
Updated Hypersync for GitLab: Expanded the Project namespace filter to display up to 1000 records. Records are filtered as you type the name of the Project namespace you need. (Case # 00008664) See GitLab proof types for more information.
Updated Hypersync for Azure: Added new proof types and a new service:
Resource Service proof type: List of Locks
Key Vault Service proof types: Access Configurations, Deletions, Firewalls and Virtual Networks, Private Endpoint Connections
See Azure proof types and permissions for more information.
Updated Hypersync for Microsoft Entra ID (formerly Azure AD): When using the Hypersync to create application user lists for an access review, you now have the option to filter the list by Department. This creates an application user access list only for the selected department preventing time-out issues for organizations with a large number of user records. See Importing a list of application users with a Hypersync for more information.
Addressed issues
Fixed an issue in Work items where some users were unable to filter issues. (Case # 00008722)
Fixed an issue where deactivated users were able to be selected as risk owners. (Case # 00008710)
Fixed an issue where some users couldn't create Asana tasks in Hyperproof. (Case # 00008700)
Fixed an issue where having a duplicate vendor prevented users from importing a vendor CSV. (Case # 00008635)
Fixed an issue where limited access users with viewer permissions were unable to own a specific vendor. (Case # 00008642)
Fixed an issue where issues were unable to be sorted by their discovered on date. (Case # 00008634)
Fixed an issue with LiveSync where the connection became unhealthy after the user reauthenticated. (Case # 00008626)
Fixed an issue where questionnaires couldn't be imported into Hyperproof due to possible answers containing a comma or colon. (Case #00008599)
Fixed an issue with questionnaires where gated questions were not removed if the user went back and changed their answer. (Case # 00008599)
Fixed an issue with control exports that caused different date formats to display in the export file. (Case # 00008594)
Fixed an issue where, within a label, users couldn't link scope assignment controls if they filtered for a program first. (Case # 00008610)
Fixed an issue in Work items where users couldn't drag-and-drop proof onto a task's proof grid. (Case # 00008358)
Fixed an issue where users with sufficient privileges were unable to view certain controls while in the crosswalk view. (Case # 00008556)
Fixed an issue where the requirements filter for Show only requirements without controls was inconsistent when toggling between card view and grid view. (Case # 00008555)
Fixed an issue where a user received a timeout error when trying to import proof via the Hypersync for Wiz. (Case # 00008284)
Fixed an issue where Slack notifications were unavailable on scope assignment controls. (Case # 00008476)
Fixed an issue that caused the Risk Register dashboard to take a long time to load. (Case # 00008513)
Fixed an issue that caused scope assignment controls to filter incorrectly when going into the grid view from the health widget. (Case # 00008502)
Removed the empty Scopes column on the Proof tab for an individual control. (Case # 00008627)