Release Notes - 2024-APR-04
Added
Access reviews - Managed Rollout
The initial implementation for automated directory and user access list import via Hypersyncs, with support for 3 services (Okta, Microsoft Entra ID, Google Workspace Platform), is available, but the final work flow for the user interface is not part of this release.
To try the new functionality, choose Create when setting up a new Directory. Then, open the Directory to access the Details tab, and choose Create Hypersync. See Importing a directory with a Hypersync and Importing a list of application users with a Hypersync.
SPRS scoring - Managed Rollout
SPRS scoring for the CMMC and NIST 800-171frameworks is available for customer review and feedback. Please contact your CSM to participate.
See the SPRS calculated field for CMMC programs idea in the Ideas portal.
For more information, see Working with SPRS scoring.
Self-service reporting - Managed Rollout
Risk Health and Audit Health are now available in the data warehouse.
Vendor dashboard
The Explore-by filter pane is now available in the Vendor dashboard.
For more information, see Understanding the Vendor Register dashboard.
Scopes
You can now filter the program dashboard by scopes custom fields.
For more information, see Explore by and Work/Needs attention panels.
Private proof
Added the ability to mark proof as private, extending the platform support for private objects, such as issues and requests.
When proof is made private, only users with direct access who have been added to the proof can open and view the proof.
Users who have membership in objects that are linked to private proof can't view and open the proof, but can see the proof name with a lock icon in the proof lists.
See the Limit Access to Proof (Private Proof) idea in the Ideas portal.
For more information, see Private proof.
Improved
Filtering enhancements
Date range filtering has been added to Uploaded On on proof field and the enhanced Due Date field on Work items.
You can now filter for a specific date, on or after a specific date, or on or before a specific date.
The ability to filter between two dates will be included in a future release.
See the Filter on Date Ranges idea in the Ideas portal. This work is ongoing.
Hyperproof API
Added support to get proof from controls and labels.
See the Public API: Add support to get proof from controls and labels idea in the Ideas portal.
When uploading proof to a control, label, or task using the API, the API response contains the proof metadata, including the ownedBy field. This is the owner of the proof. The value returned is the entire user object instead of the owner ID. In the April 4, 2024 release (postponed one release), API calls that return proof metadata will only return the owner ID in the ownedBy field as is already noted in the API documentation.
Use the owner ID returned in the response to look up the User information in the Users API. API details are available at https://developer.hyperproof.app/.
Other changes
Microsoft has renamed Azure AD to Microsoft Entra ID. As a result, Hyperproof has updated all user interface references from Azure AD to Microsoft Entra ID.
See the Update Mentions of Azure AD to Entra ID idea in the Ideas portal.
Improved the Evaluation status widget on the Assessment dashboard to display all statuses without needing to scroll.
The new object Viewer role is now available as an option to select when bulk editing membership on controls and labels.
Program frameworks
ISO 20000 is now available as a program. This document specifies requirements for an organization to establish, implement, maintain, and continually improve a service management system (SMS). The requirements specified in this document include the planning, design, transition, delivery, and improvement of services to meet the service requirements and deliver value. Does not include controls or crosswalks. These can be added upon request.
CJIS version 5.9.3 is now available. The FBI's Criminal Justice Information Services (CJIS) Division's Security Policy version 5.9.3 outlines the standards and guidelines for accessing, handling, and securing criminal justice information. It provides a comprehensive framework aimed at ensuring the protection of sensitive data shared among law enforcement and affiliated entities. The policy covers a wide range of security aspects, including physical and logical access controls, incident response, auditing and accountability, network and system security, and data encryption. The document is regularly updated to address evolving cybersecurity threats and incorporate advances in technology, ensuring that criminal justice information remains secure against unauthorized access, disclosure, or misuse. The policy plays a crucial role in maintaining the integrity and confidentiality of criminal justice information systems, supporting the overall mission of the FBI and its partners in law enforcement and criminal justice administration.
Includes controls, including mapping of requirements to NIST 800-53 rev 5 controls.
Includes a crosswalk and can be jumpstarted.
Does not include an update map. Contact your CSM if you need assistance migrating to this new version.
NIST AI RMF is now available as a framework! The AI Risk Management Framework (AI RMF ) is intended for voluntary use and to improve the ability to incorporate trustworthiness considerations into the design, development, use, and evaluation of AI products, services, and systems. As a consensus resource, the AI RMF was developed in an open, transparent, multidisciplinary, and multi-stakeholder manner over an 18-month time period and in collaboration with more than 240 contributing organizations from private industry, academia, civil society, and government. Feedback received during the development of the AI RMF is publicly available on the NIST website.
Includes controls, which are restatements of the requirements plus additional supporting information
Includes a crosswalk for jumpstarting based on the SCF 2024.1 dataset
Addressed issues
Fixed an issue where the Hypersync for Rapid7 was timing out. (Case # 00007790)
Fixed an issue where notification emails were not sent for Evaluation work items. (Case # 00007991)
Fixed an issue parsing credentials errors when configuring a Hypersync for Qualys to provide a clearer error message. (Case # 00008013)
Fixed an issue exporting proof where no proof was exported and the error message indicated that there was no proof available for download. (Case # 00008000, 00008026)
Fixed an issue updating audit custom fields where some fields reverted to their original value. (Case # 00008017)
Fixed an issue where the Creator of a task received an email about a task, but when they clicked the link for that task in the email they received the following message in error: No work remaining for you here - Someone reassigned or closed it already (Case # 00007921)
Fixed an issue where audit health was not updating correctly and showed critical status. (Case # 00008075)
Fixed an issue with task integration user mapping between Hyperproof and Asana where the user emails were the same in both systems but the integration could not locate the user in Asana. (Case # 00008077, 00008225)
Fixed a permissions issue that prevented users and limited access users from accessing proof they added to requests. (Case # 00008123, 00008183)
Improved the import process for locations experiencing network latency. In some cases, imports could not be completed successfully. (Case # 00008114)
Fixed an issue where users could not open a program when selected by filtering from the Controls page. (Case # 00008136, 00008153, 00008160, 00008162, 00008163, 00008174, 00008182)
Fixed an issue where the integration for Slack could not be authorized when using Slack Enterprise. (Case # 00008143)
Fixed an issue where a few controls generated an unexpected error when a user attempted to open them. (Case # 00008156)
Fixed errors generated when trying to edit the Likelihood mitigation field from the grid view of Controls linked to a risk. (Case # 00008177)
Fixed an issue that prevented users from uploading proof to an evaluation from a cloud service, such as Google Drive or OneDrive. (Case # 00008186)
Fixed errors generated by @mentioning a user with the Limited access user role in a comment. (Case # 00008187, 00008206)
Fixed an issue where the task button in Vendors did not allow you to add a task. (Case # 00008198, 00008209, 00008210, 00008223, 00008229)
Fixed an issue where edits to comments on Hyperproof tasks linked to Jira issues sent the original content to Jira instead of the new edited content. (Case # 00008195)
Fixed an issue where the Asana project list loaded very slowly when creating an Asana task from within Hyperproof. (Case #00008226)
Fixed an issue with several import types including: Risk Registers, Audit requests, and Tasks. During the import process the import window did not allow the user to go beyond the error checking step when they clicked the Next button. (Case # 00008253, 00008263, 00008293)