Release Notes - 2023-MAR-30
Added
Requirement assessments
Requirement assessments are now in a Managed Rollout (MRO) state!
Requirement assessments function similarly to control assessments, except that they operate over a set of requirements rather than a set of controls.
Like control assessments, users can select fields on the target object to evaluate. These fields are added to the Evaluating pane for the evaluation and can be modified right there (if the user has permission to edit them).
Improved
Control assessments
Control assessments are now available for all customers!
controls assessments now include an Evaluating panel that, if the user configures it, contains fields from the control being evaluated. In step three of the process, the user selects the fields they want to change. The changes are shown in the Evaluating panel. Important point: the assessor can only edit those properties if they already have permission to do so, i.e. they can edit the field from control details as well.
Important
For the time being, control assessments can be found within both the Assessments and Audits tabs.
Risks
The Risk Register has now been modified to support multiple Risk Registers!
When existing Risk Register users select the Risk tab, instead of going right into the Risk Register, they’ll now see a register card. Note that multiple Risk Register are an additional Hyperproof feature available for purchase. If the New button is grayed out, please contact the Account Management team at am@hyperproof.io.
Custom risk mapping has moved to the Risk Register Details tab. Users can have different mappings for different registers.
Advanced risk mitigation is now available for all risk customers! For existing customers, this is deployed via a migration and review experience. Customers who are new to the Risk module start with advanced mitigation turned on. This feature also enables the ability to override calculated values, such as Residual Risk.
Important
Hyperproof’s Analytics module only works against one Risk Register. Users can select which one by selecting the … (More options) menu and selecting Set this register as default for analytics.
Tasks and work items
The My Work tab has a brand new dashboard experience which provides a holistic view of all your work items, including tasks, requests, issues, and evaluations.
The list view annotates items with Review when it has been submitted back to you for review, and Remind for items that are past due and not yet done. There are also widgets showing items by type and by assignee - the graph segments are clickable to see a filtered set of just those issues. There is also an Explore pane for filtering by type, assignee, and creator.
Hypersyncs and integrations
New Hypersync: Checkmarx SCA (Software Composition Analysis). Users can collect the following proof types: List of Users, List of Vulnerabilities, and List of Projects.
Updated Hypersync: GitHub. The Branch Protection proof type now includes a Require Status Checks to pass before merging field, a field very suitable to automated control tests.
Updated Hypersync: Crowdstrike Falcon. The List of Hosts proof type now includes an optional Platform criteria filter, allowing users to filter down to a smaller set of data. Hyperproof now handles the scenario where a user’s criteria bring in more than 10,000 hosts, which exceeds Crowdstrike’s API limit.
Program frameworks
New framework: CMS IS2P2 v3.0: CMS Acceptable Risk Safeguards 5.0x and Information Systems Security and Privacy Policy. This Policy defines the framework for protecting and controlling the confidentiality, integrity, and availability of CMS information and information systems. It also provides direction for all CMS employees, contractors, and any individual who receives authorization to access CMS information technology (IT) systems; systems maintained on behalf of CMS; and other collections of information.
New framework: CMS MARS-E v2.2: CMS Minimum Acceptable Risk Safeguards for Exchanges (MARS-E) Harmonized Security and Privacy Framework. This framework defines a structure for managing the security and privacy requirements of systems deployed to administer the provisions of the Affordable Care Act (ACA) that ensure affordable healthcare for all Americans.
New framework upgrade map: PCI DSS 3.2.1 → 4.0. This map will help companies begin their transition to v4.0. While there is no specific deadline for completing the transition, this process typically takes at least 18 months. Companies must remain compliant with v3.2.1 while they transition to v4.0. Note: This upgrade is not yet available for users of the SAQ programs, e.g. PCI 3.2.1 SAQ D. For more information on how to upgrade, please refer to Using the framework update feature.
Addressed issues
We have automated the work of performing Single Sign-on (SSO) configurations (Okta, Generic SAML, and Microsoft Entra ID (formerly Azure AD) via OIDC). When a customer submits their info, the configuration will take place immediately rather than waiting for a Hyperproof dev to process it.
When clicking on a control count in the requirements grid view, the pop-up list of controls is now sorted correctly.
Fixed an issue with XLSX export of controls. The export now correctly respects the grid settings, i.e. the XLSX has the same columns as the Hyperproof grid does.
Fixed an issue with automated control testing where test results were sorted in a different order for different users. The results are now sorted by Ran on descending, i.e. most recent results at the top.
Fixed an issue with clicking email links where SSO users, if they were not yet signed in, were redirected to the normal sign-in page rather than the company SSO sign-in page.
Fixed an issue with the risk grid view where, in some cases, the Impact column displayed Likelihood levels rather than Impact levels.
Fixed an issue with questionnaires where, in sections without any required questions, users could never get the green check indicating that the section is complete.
Fixed an issue where remediated or accepted issues, in card view, still showed Days Past Due.
Fixed an issue where users couldn’t sort on the Business Owner field of the My Work → Issues grid.
Fixed an issue with the AWS Hypersync that occurred when configuring more than 20 accounts.
Fixed an issue with tasks assigned to contacts. In some cases, this included a View in Hyperproof link which didn’t work for contacts, only for active users.