Skip to main content

Release Notes - 2024-OCT-24

Added/Improved

Vendors

Evaluations

Importing repeating tasks with linked control scope assignments

  • Added support for importing repeating tasks with linked control scope assignments.

Risk API

  • The documentation for the Add Risks API has been updated to indicate that the following fields are required:

    • riskRegisterId

    • riskIdentifier

    • ownerId

    • description

  • Note that the description field was not required when using the API until this release. API validation has been updated to match the user interface when adding risks. If you are using the Add Risks API, update your process to include a description for each risk.

NEW! Issues API

  • Added support for creating, reading, updating, and deleting individual issues.

  • Bulk GET request for issues (but no bulk PATCH, PUT, or POST).

NEW! Custom fields API

  • Added the ability to GET custom field selections.

Hypersyncs and integrations

  • Updated the Hypersync for Azure. Added the following new proof type:

    • Virtual Network: Firewall Policies

    • Virtual Network: IDPS Signatures

  • See Azure Firewall Policies in the Ideas portal.

Program frameworks

  • SWIFT CSCF is now available as a program

    The Swift Customer Security Controls Framework (CSCF) v2024 outlines a comprehensive set of mandatory and advisory security controls for institutions using the SWIFT network. This framework is designed to protect against fraud and cyber threats by enforcing rigorous standards around user access, security policies, and incident response.

    • Includes controls as restatements of the requirements

    • Requires a license

    • Crosswalking not yet available

  • Requirements crosswalk

    There are changes coming to the related requirements (crosswalk) data set. To improve our jumpstart functionality and enhance the relationship mapping between frameworks, Hyperproof will be updating its crosswalk data set next week. Organizations should expect to see an update to the set of requirements in the Related requirements section of the Requirement Details tab of their programs at the end of October.

    This change won't affect any existing control-requirement mappings or manually added/removed related requirements. However, it will have an impact on the count and type of controls linked to a program when using the jumpstart feature. It will also update the list of requirements in the Related requirements section of the Requirement Details tab. Most programs will see about 20% more requirements related between their programs, and a 20% reduction in requirements that were poor matches, increasing the overall quality of the relationships between their programs.

    Why are we making this change?

    Hyperproof has received feedback that our current crosswalk SCF-based dataset doesn't map effectively between the most commonly used frameworks. Many related requirements that should be mapped aren't, while others that shouldn't be mapped are. Improving the requirement mapping in the SCF crosswalk means that the jumpstart feature and the related requirements dataset also will be updated and controlled by Hyperproof. As a result, Hyperproof can provide better jumpstart information and functionality, and improved mappings in related requirements.

    What happens to existing control mappings?

    Existing control mappings will remain unchanged. Only the underlying data set used to map requirements will be changed. You will notice the changes under Program > Requirements > Details, or the next time you use the jumpstart feature.

    Where can I see the changes?

    You can use this workbook to inspect the changes, view the current crosswalk, add comments, and download the crosswalk. For more information, see the Crosswalk Dataset Resource video.

    Using the Hyperproof Crosswalk Data Set

    Hyperproof’s crosswalks are topic-based. Requirements from each program (such as CC6.1 from SOC 2) are mapped to a set of 1000+ topics based on the SCF. If two requirements share the same topic, they are considered related in Hyperproof. Using the jumpstart feature, you can link controls from one program to another based on those programs' related requirements. Hyperproof does not map individual frameworks (such as SOC 2 to ISO 27001).

    In the left column, select up to 10 frameworks to see how requirements and controls are mapped across those frameworks. This may take some time to process because there are tens of thousands of data points (generally about three seconds). Columns can be filtered as needed.

    Each tab is labeled with the current version (2024.4 as of this update) and the previous version (2024.3 as of this update). Note that it may take up to three business days for the changes to be finalized in Hyperproof. Select the Change Log tab to view the differences between the old and the new mappings. Blank cells indicate that the framework does not map to that topic.

    Suggesting changes

    If there is a mapping you disagree with, comments can be added to the workbook. Because this is a topic-based mapping, it’s necessary to identify the topic incorrectly mapped to the requirement (or missing a requirement that should be classified to that topic). For example, if you do not think SOC 2 requirement CC6.1 should map to PCI DSS 4 requirement 1.3.3, you must find all topics that might relate CC6.1 and 1.3.3, and determine if CC6.1 or 1.3.3 should be removed from a topic. As long as CC6.1 and 1.3.3 share at least one topic, they will continue to be considered related.

    Can I use the old mappings?

    We don't recommend using the old mappings because the new mappings are expertly reviewed updates of the original data set. If you absolutely need to use the old mappings, the Hyperproof Crosswalk Data Set can be leveraged to map controls. To do so, download the old version of the crosswalk as a CSV, then in Excel/Sheets, pivot and map the data as needed to conform to the Hyperproof control import template.

Addressed issues

  • Fixed an issue that caused a slowdown while using the Risk grid. (Case # 00009024, # 00008709)

  • Fixed an issue that caused the Risk Register to display certain issues as opened when they were in fact closed. (Case # 00008912)

  • Fixed an issue with the Hyperproof Common Control Framework (CCF) where it failed to link the correct number of controls for ISO 27001. (Case # 00009059)

  • Fixed an issue where URLs did not sync correctly from a Jira comment to the Activity Feed (tasks). (Case # 00008874)

  • Fixed an issue that caused deactivated users to appear in the Edit Groups window. (Case # 00008994)

  • Fixed an issue where an external auditor was able to unlink proof from a request. (Case # 0008995)

  • Fixed an issue where an external auditor was able to see the number of proof files linked to an audit request. (Case # 0009066, Case # 0009066)

  • Fixed an issue where a column header could not be adjusted to view the full Control ID in a specific label. (Case # 0009049)

  • Fixed an issue that caused archived risk categories to still be searchable. (Case # 0009061)

  • Fixed an issue in Vendors > Questionnaires where the Remind and Cancel options were hidden due to the browser's zoom level. (Case # 00009073)

  • Fixed a latency issue with audit requests. (Case # 00008525)

  • Fixed an issue with the Hypersync for Google Sheets where the Hypersync ran, but displayed as Unhealthy. (Case # 00009131, # 00009130, # 00009127, # 00009129, # 00009128)

  • Fixed an issue with the ServiceNow task integration where the Tasks modal didn't provide ticket detail fields. (Case # 00009100)

  • Fixed an issue where Confluence proof didn't finish uploading. (Case # 00009117)

  • Fixed an issue where the Jira task integration did not provide a way to re-authenticate. (Case # 00009121)

  • Fixed an issue that prevented proof from being exported via the Requests grid. (Case # 00009137, # 00009038, # 00009134)

  • Fixed an issue with questionnaires where the last questionnaire that was sent was hidden behind the horizontal scroll bar. (Case # 00009125)

  • Fixed an issue that caused an unexpected error when changing a scope owner. (Case # 00009146)

  • Fixed an issue where enabling MFA resulted in an unexpected error. (Case # 00009145, # 00009148)

  • Fixed an issue with tasks linked to issues where the task column did not appear while viewing the issues in grid view. As a result, the exported issues report (XLSX) showed no tasks linked to issues. (Case # 00009153)

  • Fixed an issue with the Hypersync for Jira where, when modified, the Hypersync broke out into two separate Hypersyncs which both produced errors. (Case # 00009159)

  • Fixed an issue with control assessments where filtering on custom fields was not available. (Case # 00009172)

  • Fixed an issue where syntax errors were generated by the self-service reporting data warehouse if a custom field had the same name as a SQL reserved keyword. Hyperproof now prepends the field name with an underscore _ as the data is brought in to the data warehouse.