Cumulative Release Notes for 2023

Support for exporting evaluations to CSV and XLSX

Improved the Teams functionality and renamed it ‘Scopes’.

API calls involving Teams have been deprecated with the change from Teams to Scopes.

Access reviews in managed rollout

New Hypersync: Rapid7

Updated Hypersync: Google Workspace Platform. Added support for the List of Chromebook Devices proof type.

Updated Hypersync: GitHub. Added support for the List of Pull Requests with merger and merger date.

Updated Hypersync: AWS. Added support for the List of SSO Users proof type.

Updated Hypersync: JumpCloud. Added support for the Policy Group Results proof type.

Updated framework: NYDFS, 2023 amendments is now available. Includes crosswalks and framework upgrade map, but not controls.

Updated framework: Australia ISM for IRAP and ASD, December 2023 version is now available. Includes framework update map, crosswalks, and controls.

Updated framework: TISAX VDA ISA 5 now includes illustrative controls.

Access reviews in managed rollout

Updated Hypersync: AWS was updated with 1 new proof. (Case # 00006845)

Updated Hypersync: Okta was updated with 2 new proof types. (Case # 00004741, 00004913, 00006903)

Updated Hypersync: GitHub updated with 1 new proof. (Case # 00005939)

Updated Hypersync: Google Workspace Platform was updated with 2 new proof types. (Case # 00005608)

Access reviews in managed rollout

Hyperproof users with the ‘User’ role are now taken directly to the Work items tab when they log in.

Two new Hypersyncs: Paycor and Wave (via Finch). Added two new proof types: List of Users and List of Change in Employee Status.

Updated Hypersync: AWS. Added four new proof types: Asset Inventory, S3 Bucket Lifecycle Configuration, S3 Bucket Object Lock, and S3 Bucket Access Control List.

Updated Hypersync: Google Cloud Platform. Added one new proof type: Compute Engine - Persistent Disk Encryption.

Updated Hypersync: Google Workspace Platform. Added one new proof type: Cloud Identity - List of Inbound SAML SSO Profiles.

Updated file service integration: SharePoint. Added support for Dedicated Teams Sites, including LiveSync. Also reorganized how Hyperproof displays SharePoint content to more closely match what customers see in SharePoint.

Updated framework: Cisco CCF Controlsv2.  and crosswalks included.

Audit requests as work items are now available for all organizations.

Editable proof facepiles.

The last login date field in the People page under Settings.

Updated Hypersync: Google Cloud Platform. Added two new proof types.

New framework: DORA

Many quality improvements.

The Hyperproof API now includes support for tasks.

Updated Hypersync: Azure. Added one new proof type.

Updated Hypersync: Jamf. Added four new proof types.

Updated Hypersync: Google Cloud Platform. Added two new prooftypes.

Updated Hypersync: Snowflake. Added two new prooftypes.

The Hyperproof API now includes support for programs.

Updated Hypersync: Azure was updated with 11 new proof types: now has support for AWS GovCloud instances.

Updated Hypersync: Azure. Added 11 new proof types.

Updated Hypersync: Microsoft Entra ID (formerly Azure AD). Added one new proof type.

Added two new Webtrust frameworks.

Requirement assessments are now available for all organizations.

New framework: Bank Secrecy Act Compliance Program (BSA).

New framework: FFIEC Cybersecurity Assessment Tool (CAT).

New framework: Adobe Common Controls Framework (CCF).

Updated Hypersync: Microsoft Entra ID (formerly Azure AD). Added one new proof type.

Updated Hypersync: Azure. Added six new proof types.

Added support for using screenshots as proof.

Users can now “paste an image” as proof

Added support for connection health.

New framework version: AICPA SOC 2 - 2017 Trust Services Criteria (With Revised Points of Focus – 2022).

New framework: Cybersecurity Capability Maturity Model (C2M2) v2.1.

New framework version: FedRAMP rev 5.

New framework version: SCF rev April 2023.

New framework version: Microsoft SSPA DPR v8.

New framework version: NIST 800-171r2.

Audit requests as work items in MRO

Audit requests now have facepiles

Audit requests can now be made private

New Hypersync: F5 (formerly ThreatStack). Users can collect the following proof types: List of Users and List of Rules.

New framework: The Americans with Disabilities Act (ADA) and Web Content Accessibility Guidelines (WCAG) v2.2. This program combines Title I and Title III of the Americans with Disabilities Act (ADA) with the Web Content Accessibility Guidelines (WCAG) v2.2.

Tasks now have an explicit facepile that identifies who has direct and/or inherited access and allows users to be added/removed.

New framework: ISO 21434:2021. This framework addresses the cybersecurity perspective in the engineering of electrical and electronic (E/E) systems within road vehicles.

New framework: IBM Cloud Framework for Financial Services. This framework is designed to help address the needs of financial services institutions with regulatory compliance, security, and resiliency during the initial deployment phase and with ongoing operations.

New framework version: PCI v4 SAQ A.

New framework version: BSI C5 v2020.

Many bug fixes and quality improvements.

New Hypersync: Wiz. Users can collect proof based on the following proof types: List of Users and List of Vulnerabilities.

New framework: ISO 17025. This framework specifies the general requirements for the competence, impartiality, and consistent operation of laboratories.

New framework version: TX-RAMP 2.0.

New framework version: Webtrust for CAs - Extended Validation SSL v1.8.

Administrators can now import contacts. To do so, go to Settings > People, and then click Import.

Users can now delete tasks. To do so, go to My Work > Tasks, select one or more tasks, and then click Delete.  Like other bulk edit actions, Delete is grayed out if you don’t have permission to delete that task.

Changed the Starts repeating property of repeating tasks to be editable again. Previously, this property was intentionally made to be read-only. Thanks to your feedback, we learned that many users need this option!

Updated the left navigation menu when it is in a collapsed state. Icon labels have been replaced with tooltips.

Improved how proof works with scope assignments. Where a list of proof is shown, the list can now be sorted by scope name by clicking the column header. Proof can now be searched via scope name.

Updated Hypersync: GitHub. The Organization Members proof type now has a new configuration field, Filter people, which allows users to select Member, Owner, or Outside Collaborator.

New framework version: Webtrust Principles & Criteria for CAs v2.2.2 (latest version)

New framework version: Webtrust: SSL Baseline with Network Security v2.7 (latest version)

Requirement assessments are now in MRO.

Control assessments are now available for all users.

Risk Register now supports multiple registers.

Advanced mitigation is now available for all users.

Improved My Work dashboard.

New Hypersync: Checkmarx SCA. Users can collect the following proof types: List of Users, List of Vulnerabilities, and List of Projects.

Updated Hypersync: GitHub. The Branch Protection proof type now includes a Require Status Checks to pass before merging field, a field very suitable to automatic control testing.

Updated Hypersync: Crowdstrike. The List of Hosts proof type now includes an optional Platform criteria filter, allowing users to filter down to a smaller set of data.  Hyperproof now handles the scenario where a user’s criteria bring in more than 10,000 hosts, which exceeds Crowdstrike’s API limit.

New framework: CMS IS2P2 v3.0: CMS Acceptable Risk Safeguards 5.0x and Information Systems Security and Privacy Policy.

New framework: CMS MARS-E v2.2: CMS Minimum Acceptable Risk Safeguards for Exchanges (MARS-E) Harmonized Security and Privacy Framework.

New framework upgrade map: PCI DSS 3.2.1 → 4.0.

M2M API authentication - Hyperproof now supports two API client types: service account and personal. For more information, see Enabling M2M API authentication.

New framework: OWASP ASVS.

New framework: PIPEDA.

Updated crosswalks: PCI DSS 4, LGPD, CSA 4, ISO 27001-2022, and TISAX

The automated testing feature is now available for all users! See Automated control testing.

Updated Hypersync: Microsoft Entra ID (formerly Azure AD). The List of Users proof now includes the last password change date.

Added support for exporting issues to Excel.

The Hypersync SDK is now available! The SDK has documentation including instructions for getting started. Documented samples and templates are also available to speed up your development. We also have a Community forum topic exclusively for the Hypersync SDK where you can post questions and provide feedback.

New Hypersync: GitLab Self-Managed.

Updated Hypersyncs: GitHub, KnowBe4, Qualys.

The Confluence integration now supports LiveSync for on-prem Confluence deployments.

New framework: ITAR Compliance Program.

Updated framework: SCF.

Hyperproof Community: The user community—a place where you can find solutions, ask questions, and engage with a growing community of Hyperproofusers—is now live! (https://community.hyperproof.io/ )

The Community has replaced the support portal.

New Hypersync: Azure Kubernetes Service. Users can collect the following proof types: List of AKS Clusters and List of Deployments.

Hyperproof’s API support for personal M2M auth is now available in a Managed Rollout (MRO) state. Contact your CSM if you’re interested in trying it out.

The Hypersync SDK will be available in the next few days. Check the new Hyperproof Community forum for more information!

The 27001:2013 Framework Update Feature is live and available for all ISO 27001:2013 users! See Using the framework update feature.

Two types of Framework updates are available, depending on when the user created their program:

Users can now import schedule-based repeating tasks from a CSV via the My Work tab. All fields, including custom fields, are supported.

Added support for private issues.

In Control assessments there is now an Affected Objects section within the Evaluations tab where users can link additional related objects.

Updated Hypersync: Crowdstrike. Added support for two new proof types: List of Hosts and Endpoint Detections.

Updated Hypersync: GitHub. Added support for a new proof type: List of Issues.

Updated Hypersync: Zendesk. View of Tickets proof type now supports testing of the Ticket Status value.

For customers with the scopes feature turned on in their instance, users of the Controls dashboard in the Analytics module can now view the dashboard with scope assignments expanded. To do this, open the Filter panel, and then click Expand scopes.

Issues and My Work - Added support for bulk editing all properties in the My Work issues grid.

Issues and My work - Added a Repeating tasks tab in My Work, where users can view and edit all of their repeating tasks in one place.

Risk - Advanced risk mitigation is now available for MRO!  With this change comes an improved Risk Health panel that also includes the ability to directly set actual values (i.e. override the calculated values). The risk heatmap found on the Risk dashboard has also been improved. Admins can initiate a migration to the advanced features in Settings → Risk Mapping.

Actual risk has now been renamed to Residual risk to better match common taxonomy. Likelihood and Impact have also been renamed to Inherent Likelihood and Inherent Impact.

Control assessments - Custom fields can now be attached to evaluations. This feature remains in MRO.

New Hypersync: Crowdstrike. Users can collect the following proof types: List of Users, List of Groups, Prevention Policies, and Sensor Update Policies.

Framework update feature - In the control detail view, if the control is linked to a requirement that will be removed as a result of a framework, Hyperproof now explicitly indicates that to control members.

Framework update feature - Updated the user interface to make it clearer which requirements will be removed when the update is completed.

New framework: Korean ISMS-P

New framework: NIST 800-218

New framework: DHS 4300A Sensitive Systems Handbook

Updated framework: SOX

Improved how scope assignments work in the Proof Picker. Users can now filter down to the proof for just one scope, plus, when looking at all proof for the control, each proof lists the scope(s) that it is linked to. Additionally, the breadcrumb lets the user easily navigate between these different views.

Added support for Generic SAML as an SSO provider.

Users can now only change the control owner property if they are a manager of the control.