Release Notes - 2022-OCT-27
Added
Risk
Added the ability to use up to two decimals in mitigation percentage.
Added the ability to provide a rationale for controls mitigating a risk.
Vendor
Added a “Text” option while in Edit mode that allows users to add instructions to their questionnaires.
Issues and remediation
Added the ability for users to create custom health rules based on issues that are linked to controls. The default remains as is: past due issues put a control At risk.
Changed all instances of Related objects to Affected objects. This better reflects the relationship between issues and affected objects.
This feature remains in Managed Rollout (MRO).
Improved
Control-based assessments
It is now possible to add a user to a specific evaluation rather than to the entire assessment.
Facepiles now inherit the members of the assessment. If a user is a Manager of the assessment, they become a Manager of all evaluations in the assessment. If a user is a Contributor of the assessment, they become a Contributor of all evaluations in the assessment.
This feature remains in Managed Rollout (MRO).
Automated control testing
Users now have the option to automatically generate a repeating task when they create a new test.
Fixed an issue where dates were tested to the wrong precision, leading to inaccurate test results in some cases.
This feature remains in Managed Rollout (MRO).
Rich text edit
The rich text edit feature is now in Managed Rollout (MRO)!
Added support for rich text formatting in the following areas of Hyperproof: task descriptions, Program details tab > description field, Control details tab > description field, and control notes field, as well as Requirement details fields applicable to CMMC, NIST 800-53, and FedRAMP. This allows users to format their multi-line text fields using Markdown or a friendly WYSIWYG editor that includes one-click ways to bold, italicize, and strike-through text. Users can also add links, bulleted lists, and even emojis.
Users can also import controls and tasks using Markdown formatting and links, and these will be displayed in Hyperproof. Excel and CSV files export with, but do not render Markdown formatting. Exporting formatted text with System Security Plan (SSP) and Microsoft Word reports (DOCX) will be available in an upcoming release.
Hypersyncs and integrations
Updated Hypersync: Google Cloud Platform. Added support for two new proof types: Compute Engine - List of Images and Compute Engine - List of Instance Templates. Note that these two proof types require additional permissions in Google Cloud. Refer to this article to learn more: Syncing data from a single Google Cloud Platform project
Updated Hypersync: Google Cloud Platform. The Compute Engine - List of Running Instances proof type has a new Instance template column.
Framework update feature
We will begin the Managed Rollout (MRO) of the framework update feature to update programs from ISO 27001:2013 to the new ISO 27001:2022. Updates to this feature include:
Ability to link the controls of multiple requirements in 27001:2013 to a single requirement in 27001:2022.
Added a new banner to program cards that indicates an update to the program is available. The banner can be dismissed and an icon remains as an indicator of the available update.
Greater visibility when a framework is being updated or is In review. All views of the program now make that clear.
When users start a program update, they will now be taken directly to the new program. A toast notification appears letting them know they can return to the old program.
Program frameworks
New framework: ISO 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems. Requirements updates and replaces ISO 27001:2013. Organizations have three years to transition to ISO 27001:2022. Hyperproof’s framework update tool helps to make this journey seamless. Includes ISO 27002:2022 controls mapped to Annex A and additional controls for ISO 27001 sections 4 - 10. This framework will be included in the next crosswalk map update.
New framework: Brazilian General Data Protection Law (LGPD). Privacy regulations for Brazil, similar to GDPR. Includes illustrative controls. Note that this framework has not yet been mapped into Hyperproof’s crosswalk feature.
New framework: Japan Information System Security Management and Assessment Program (ISMAP). Japanese government program for assessing the security of public cloud services, similar to ISO 27001. Includes restatements of requirements as controls. Note that this framework has not yet been mapped into Hyperproof’s crosswalk feature.
Addressed issues
Customers with the team assignment feature can now configure custom fields for team assignments. There are two options available: Managed by parent control, which is the current behavior, and Independent which allows you to set a different value for every team assignment plus the parent control.
Replaced Hyperproof’s Azure Single Sign-on (SSO) integration with a new version built on OIDC, which has an improved user experience; only the administrator authorizes the integration and individual users don’t have to.
Existing repeating tasks no longer have an editable Starts on field.
Fixed an issue with the Jira task integration that caused an unexpected error when changing the task status.
Fixed an issue preventing administrators from renaming contacts.
Fixed an issue where, if you archive and then unarchive an audit request, linked proof ends up unlinked.
Fixed an issue in risk analytics that was introduced when we moved to custom risk scales.