Release Notes - 2023-JAN-05
Improved
Issues and My Work
Added support for bulk editing all properties in the My Work issues grid.
Added a Repeating tasks tab in My Work, where users can view and edit all of their repeating tasks in one place. This view also allows users to bulk delete repeating tasks they no longer need.
Risk
Advanced risk mitigation is now available for Managed Rollout (MRO)! With this change comes an improved Risk Health panel that also includes the ability to directly set actual values (i.e. override the calculated values). The risk heatmap found on the Risk dashboard has also been improved. Administrators can initiate a migration to the advanced features in Settings → Risk Mapping.
Actual risk has now been renamed Residual risk to better match common taxonomy. Likelihood and Impact have also been renamed Inherent Likelihood and Inherent Impact.
Control assessments
Custom fields can now be attached to evaluations.
This feature remains in MRO.
Hypersyncs and integrations
New Hypersync: Crowdstrike. Users can collect the following proof types: List of Users, List of Groups, Prevention Policies, and Sensor Update Policies.
Program frameworks
New framework: Korean ISMS-P. The Personal Information & Information Security Management System (ISMS-P) is an integrated certification system that consolidates Personal Information Management System (PIMS) certification and Information Security Management System (ISMS) certification into one certification system, both of which were operated separately.
New framework: NIST 800-218. This document recommends the Secure Software Development Framework (SSDF) – a core set of high-level secure software development practices that can be integrated into each SDLC implementation. Following these practices should help software producers reduce the number of vulnerabilities in released software, mitigate the potential impact of the exploitation of undetected or unaddressed vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences.
New framework: DHS 4300A Sensitive Systems Handbook. This Handbook serves as the foundation on which Department of Homeland Security (DHS) components are to develop, build, and implement their information security programs; it provides specific techniques and procedures for implementing the requirements of the DHS Information Security Program for Sensitive Systems, and for meeting the Program’s Baseline Security Requirements (BLSR), which are generated by the DHS information security policies published in DHS Sensitive Systems Policy Directive 4300A.
Updated framework: SOX. Now listed as SOX ICFR and ITGC. The update has far more detail and now includes almost 500 requirements and over 1000 controls.
Framework update feature
In the control detail view if the control is linked to a requirement that will be removed as a result of a framework, Hyperproof now explicitly indicates that to control members.
Updated the user interface to make it clearer which requirements will be removed when the update is completed.
This feature remains in Managed Rollout (MRO).
Addressed issues
Improved how scope assignments work in the Proof Picker. Users can now filter down to the proof for just one scope, plus, when looking at all proof for the control, each proof lists the scope(s) that it is linked to. Additionally, the breadcrumb lets the user easily navigate between these different views.
Added support for Generic SAML as a Single sign-on (SSO) provider.
Users can now only change the control owner property if they are a manager of the control.
Fixed a broken link in task change notification emails.
Fixed a case where task notification emails were not sent to the assigned contact.
Fixed an issue where certain users could not change the status of tasks on scope assignments despite being a manager of those objects.
Fixed an issue in Analytics where the Task Past due widget was showing an incorrect count.
Fixed an issue with the rich text editor where extra line breaks were created after editing.