Cumulative release notes for 2024
This is a condensed version of Hyperproof’s 2024 release notes focusing solely on additions and improvements. Hyperproof operates on a three-week sprint schedule. For other release notes see:
2024-NOV-14
Full release notes: Release Notes - 2024-NOV-14
Risk import - The import CSV file can now include the likelihood rationale and impact rationale fields.
Risk membership - You can now update risk membership by using bulk actions on the risks grid.
Groups import - You can import groups and group members from the Groups tab in Settings > People.
Label descriptions - The Description field for labels now displays in the grid view, making it easier to locate a specific label.
Hyperproof Gov - To support the highest levels of security required by FedRAMP, we have added malware scanning support when uploading and downloading proof.
Self-service Reporting - Time series data is now GA. New snapshot tables for the Hyperproof business objects have been added with the "TS_" prefix (TS_CONTROL, TS_RISK, etc.), which enables creating reports that compare values (e.g., health, residual risk, etc.) month over month (or any multiple of month over month, e.g. quarter over quarter).
Hypersyncs -
New Hypersyncs for Lacework and Checkmarx CxOne.
New AWS proof type: List of Users with MFA Devices
2024-OCT-24
Full release notes: Release Notes - 2024-OCT-24
Repeating tasks and scope assignments - Added support for importing repeating tasks that are linked to control scope assignments.
Vendors - Vendors can now be bulk archived and unarchived.
Assessments and evaluations - Added support for linking evaluation proof back to requirements and controls. This can also be done on requests in the Audits module.
Risk API - Updated documentation for the Add Risks API to include: riskRegisterId, riskIdentifier, ownerId, and description.
New APIs - Issues and Custom fields.
New Azure Virtual Network Hypersync proof types - Firewall Policies and IDPS Signatures.
New program - SWIFT CSCF
Upcoming changes to requirement crosswalks - There are changes coming to the related requirements (crosswalk) data set. To improve our jumpstart functionality and enhance the relationship mapping between frameworks, Hyperproof will be updating its crosswalk data set next week. Organizations should expect to see an update to the set of requirements in the Related requirements section of the Requirement Details tab of their programs at the end of October.
This change won't affect any existing control-requirement mappings, but it will have an impact on the count and type of controls linked to a program when using the jumpstart feature.
2024-OCT-03
Full release notes: Release Notes - 2024-OCT-03
Access reviews
Access reviews now automatically create tasks for Reviewers and Sysadmins allowing those users to access their tasks in Hyperproof or an integrated system, such as Jira or Asana.
A Tasks tab has been added to the set of tabs for an access review allowing users to see outstanding tasks and task status related to the access review.
Access review managers can manually create additional regular tasks where an access review is the task's target.
When creating, copying, or updating an access review, an Access review manager can create linked tickets with integrated systems, such as Jira or Asana.
Reviewers and sysadmins have a streamlined, zero-training, portal interface where they can complete their work for an access review without needing to navigate the rest of Hyperproof.
Directory or application user list imports now accept both date and datetime formats in the CSV file used for import. Times are ignored and not imported.
Risks - You can now bulk unarchive risks.
SSO configuration - Added a third option for SSO configuration that requires SSO for all users including administrators.
API / Developer - Added a Vendor API with the ability to add or edit a vendor, send a questionnaire, and add or edit an External contact.
Hypersyncs
Updated the Hypersync for KnowBe4: Added the Phishing Campaigns proof type.
See the New Proof: KnowBe4 Phishing Campaigns idea in the Ideas portal.
Updated the Hypersync for Snowflake: Added the List of Users and Roles proof type.
Added an authentication option for the Hyperproof integration for Jira when Jira Server is hosted locally using Cloudflare Zero trust.
2024-SEP-12
Full release notes: Release Notes - 2024-SEP-12
Scope assignments and risks - Users can now import a scope assignment linked to a control via the Risk import CSV using the ID of the scope control.
Questionnaire reminders - Users can now send reminders to vendor respondents to complete a questionnaire.
Performance improvements - Made improvements on the Settings > People page and in the following list view areas: issues, requests, and controls.
Access review enhancements - Labels can now be linked to access reviews via the Details tab.
Proof Picker - The Proof Picker now defaults to the evaluated object when opened in an evaluation.
Card view for all work items and risks - Card view is now available for requests, evaluations, and issues (previously only available on tasks) as a companion to the standard grid view. It is also available for risks.
Self-service reporting enhancements - Time series data is now available in MRO. New snapshot tables for the Hyperproof business objects have been added with the "TS_" prefix (TS_CONTROL, TS_RISK, etc), which enables creating reports that compare values (e.g. health, residual risk, etc.) month over month (or any multiple of month over month, e.g. quarter over quarter).
Updated the Azure Hypersync with four new proof types: Azure Database for PostgreSQL Flexible Server - Peerings, Storage Account - Peerings, Virtual Machine - Peerings, and Virtual Network - Peerings.
New and updated programs: NIST 800-171 rev 3 now includes a DOCX SSP Export, Australia ISM, ETSI EN 319 401, CJIS, The Hyperproof Common Control Framework is now mapped to ISO 27001, SOC 2, and NIST CSF.
2024-AUG-22
Full release notes: Release Notes - 2024-AUG-22
Access reviews feature is GA. Added support for Okta as a universal gateway allowing compliance managers to automatically import access lists for user access reviews across multiple applications not supported by Hyperproof today. Select from more than 500 applications in the Okta Applications Network.
Attachments on requests - Upload example files to requests to help request assignees understand the request more clearly. Convert attachments to proof where appropriate.
Groups as members of objects - In Settings > People administrators and compliance managers can create groups of users on the new Groups tab. Once a group is created it can be added to object membership, and an object role can be assigned to grant the members of that group permissions for the selected object.
Program Label and Risk Mapping is in Managed rollout (MRO) - Automatically map generic evidence, as labels, and generic risks to controls when creating a new program.
Program PRD (SSD) fields export - For applicable programs, such as StateRAMP, the Program Requirement Detail (PRD) fields or SSP fields, are included in the Program export > Requirement CSV file. If you need to produce the StateRAMP or similar reports in Excel, you can use this data from Hyperproof for that report.
Hyperproof EU is GA
Hyperproof Gov is in managed rollout (MRO)
Self-service reporting -Updated the data model for REQUIREMENT: added columns for SECTION_SUMMARY, SECTION_1, SECTION_2, SECTION_3, SECTION_4 and DESCRIPTION to help build reports matching the grid views and exports from Hyperproof.
SPRS scoring - Dashboard widget improvements, including a segment for unweighted requirements and indicating in the Score widget whether the SSP is in place.
New and updated programs - New: Digital Services Act (DSA) Updated: ISO 9001, DORA, PCI DSS v4.0.1
Updated Hypersyncs -Updated: Okta - Password Policy - Password Policy proof Removed: Hypersync for F5
2024-JUL-25
Full release notes: Release Notes - 2024-JUL-25
Access reviews - Added an option to assign each user's direct manager as a reviewer when reviewing an application user list.
SPRS scoring - Added tool tips to enhance the user experience.
Audit notifications - Expanded the number and type of notifications, including:
Request reminder notifications sent 7 and 1 days before due, on the due date, and every 7 days after the due date.
Request change notifications are sent to Audit managers and request assignees each time the request status or due date is changed.
Auditor notification is sent when the request status is set to Submitted to Auditor.
Audit daily digest sent to all Audit managers aggregating notifications about all status changes, requests that are past due, and request assignments/reassignments for the past 24 hours.
Date range filters - Custom date fields can be filtered from the Filter pane using a date range filter for a specific date, between two dates (inclusive), before or on a specific date, or after or on a specific date.
Proof previewer for Microsoft Office toggle
Hypersyncs
Hypersync and Automated Control Testing support for Google Sheets is now GA
Updated Hypersync for GitLab: Expanded the Project namespace filter to display up to 1000 records.
Updated Hypersync for Azure: Added new proof types and a new service.
Updated Hypersync for Microsoft Entra ID (formerly Azure AD): When using the Hypersync to create application user lists for an access review, you now have the option to filter the list by Department.
Programs
Hyperproof Common Control Framework (CCF) - New
ISO 27001 with Hyperproof Common Control Framework - New
NIS2 - New
CIS 8.1 - New
PCI DSS 4.0 - Updated
CRI Profile 2.0 - Updated
CMS MARS-E - Updated
Hyperproof EU now includes most of the frameworks available in Hyperproof US.
2024-JUL-08
Full release notes: Release Notes - 2024-JUL-08
Hyperproof EU instance is now in managed rollout.
Self-service reporting is now GA.
Added a new bulk Delete option on the Proof page. You can filter by date range to find, select, and delete proof in bulk.
Added filter by date range options on the Filter pane for system-provided date fields.
Added email notifications to access reviews to let reviewers and sysadmins know when to review and update user access records.
Added a Hypersync and Automated Control Testing for Google Sheets.
Updated Hypersync: Jira - The Issue Details proof now includes Jira Activity history.
Added the proof property isPrivate to the public proof API.
Updated the following programs:
PCI DSS 4.0 - new version with more granular illustrative controls.
Microsoft SSPA DRP version 9.1 is now available and can be updated using the Framework Update feature.
2024-JUN-06
Full release notes: Release Notes - 2024-JUN-06
Added an Activity Feed to the People page that tracks changes to users, and allows comments and @mentions.
Added an option to the Proof page to bulk update privacy settings on proof.
Added date range filtering for proof based on the Uploaded on date. Options include specific date, between two dates (inclusive of the selected dates), before or on a specific date, after or on a specific date.
Added access review imports for 4 new applications via Hypersync: AWS, Azure Kubernetes, Jira Cloud, and KnowBe4.
Program health and the task template table for repeating tasks are now available in the data warehouse for Self-service reporting.
Enhanced email notifications with a more attractive template and consistent content including descriptions and due dates.
Updated evaluations to sort them in requirement order when displayed in requirement assessments.
Updated frameworks:
ISO 27018:2019 now includes illustrative controls as restatements of the requirements an updated crosswalk map.
NYDFS (2023 Amendments) has now been updated to include controls from the Secure Controls Framework (SCF) and now has an updated crosswalk map.
2024-MAY-16
Full release notes: Release Notes - 2024-MAY-16
Evaluations -
Create an issue directly from an evaluation
Import issues with evaluations as the source or as an affected object
Select evaluations as a source or affected object when creating an issue through the Work items page
SPRS scoring for CMMC and NIST 800-171 frameworks is generally available and shows on all new and existing programs that use these frameworks.
Access reviews
Added imports for three new applications using the following Hypersyncs: Azure DevOps, GitHub, and Google Cloud Platform
Added the option to copy an access review when starting a new one. To copy, select the Start from previous access review option on the Create window. See Copying an access review for more information.
Scopes - Import controls with scopes from a CSV
Self-service reporting - Vendor Health, Risk, and Tolerance are now available in the data warehouse
2024-APR-25
Full release notes: Release Notes - 2024-APR-25
Help menu - Removed the Need Help? button from the user interface and consolidated access to help articles under the primary Help button.
Proof preview - Added a zoom option for PDFs and an option to expand the viewer to full screen.
Access reviews - Added support for Hypersyncs based on Finch-powered services adding 24 new applications to the list of supported apps.
Email notifications - Improved rich text formatting, added the name of the user who triggered the notification to the From addresses, and added due dates to the Subject lines.
ProofProof roles and permissions - Proof contributors can now edit proof names and upload new versions of proof.
ServiceNow task integration - Now available for all users!
Asana task integration - Now has an option to filter projects by team when creating a new task.
2024-APR-04
Full release notes: Release Notes - 2024-APR-04
Access reviews - Implemented automated directory and user access list import using Hypersyncs for Okta, Microsoft Entra ID, Google Workspace Platform.
SPRS scoring for the CMMC and NIST 800-171frameworks is in managed rollout.
Self-service reporting - Risk Health and Audit Health are now available in the data warehouse.
The Explore-by filter pane is now available in the Vendor dashboard.
You can now filter the program dashboard by scopes.
Added the ability to mark proof as private.
Hyperproof API - Added support to get proof from controls and labels.
Improved the Evaluation status widget on the Assessment dashboard to display all statuses without needing to scroll.
The new object Viewer role is now available as an option to select when bulk editing membership on controls and labels.
2024-MAR-14
Full release notes: Release Notes - 2024-MAR-14
Custom logo in email notifications is generally available.
Added a Vendor dashboard to track Health Status, Risk Level, Outstanding Questionnaires, and Upcoming Renewals.
Import evaluations into an assessment is now available.
Self-service reporting is in managed rollout.
Added a Viewer object role to provide read-only access to Hyperproof objects.
Added a Risk API.
2024-FEB-22
Full release notes: Release Notes - 2024-FEB-22
Limited Access User role that only displays the objects where the user is specifically granted access via the object Facepiles.
Custom logo in email notifications is in managed rollout.
Single sign-on in Hyperproof now supports the configuration of multiple identity providers (IDP), such as Okta, Microsoft Entra ID (formerly Azure AD), or JumpCloud, for one email domain.
When adding a custom field, you can now add up to 500 values for single-select or multiple-select field types.
Exporting proof calculates and displays the size of the proof selected up to a maximum of 1.5 GB. When that maximum is reached, you must start a new export.
2024-FEB-01
Full release notes: Release Notes - 2024-FEB-01
System use notification to display at every log-in or after a specified number of days.
Requirement assessments display the full requirement text as a default field.
ServiceNow Task integration is now in managed rollout.
Updated Hypersync: JumpCloud. Added proof type: List of Activity Logs.
2024-JAN-11
Full release notes: Release Notes - 2024-JAN-11
Support for changing targets on tasks and repeating tasks.
Support for self-service reporting (managed rollout)
Additional banners and status change buttons for access reviews.