Skip to main content

Release Notes - 2024-OCT-03

Added/Improved

Access reviews - Task integration

  • Access reviews now automatically create tasks for Reviewers and Sysadmins allowing those users to access their tasks in Hyperproof or an integrated system, such as Jira or Asana.

    • These automated tasks are specific to access reviews.

    • The status, assignee, due date, and task target can't be changed for automated tasks.

    • Automated tasks are closed automatically when the due date passes and the access review is completed.

    • If an access review is launched and later its status is changed back to Setup, incomplete tasks are canceled. When the access review is launched again, new tasks are created automatically.

  • A Tasks tab has been added to the set of tabs for an access review allowing users to see outstanding tasks and task status related to the access review.

  • Access review managers can manually create additional regular tasks where an access review is the task's target.

  • Access review managers can @mention users on tasks to send a reminder to the assignee in addition to the standard automated reminders.

  • When creating, copying, or updating an access review, an Access review manager can create linked tickets with integrated systems, such as Jira or Asana.

  • See Access review tasks for more information.

Access reviews - Reviewer and sysadmin portal

  • Reviewers and sysadmins have a streamlined, zero-training, portal interface where they can complete their work for an access review without needing to navigate the rest of Hyperproof.

  • Embedded links to the reviewer or sysadmin portal are included in:

    • Automated access review tasks created by Hyperproof

    • Notifications and reminders generated by the access review

    • Descriptions in linked tickets created in integrated systems such as Jira or Asana

  • Due to the sensitive nature of the information displayed in the portal, all reviewers and sysadmins must authenticate before proceeding to the portal. Note the following:

    • Reviewers and sysadmins must be added as users or limited access users. They must accept the invitation and join the Hyperproof organization.

    • Access reviews automatically add and invite reviewers when the Assign to direct manager option is selected when importing a list of users to review.

  • See Reviewing user access and Attesting to user access updates for more information.

Access reviews - Imports

  • Directory or application user list imports now accept both date and datetime formats in the CSV file used for import. Times are ignored and not imported.

Risks

SSO configuration

  • Added a third option for SSO configuration that requires SSO for all users including administrators. The three SSO options available include:

    • Not required

    • Required for all users except admins - This option was formerly the only option available when SSO was required. If you select this option, administrators can log in to Hyperproof using an alternate method, such as Google, Office 365, or email and password. This setting is a fallback should the SSO configuration fail or need to be updated in some way.

    • Required for all users - This new option requires that all users including administrators use SSO to access Hyperproof. If you select this option and there is an issue with your SSO configuration you must contact Hyperproof Customer Support during support hours.

    Note

    Users from other internet domains, such as External auditors, can be invited to join your Hyperproof organization , and they are not required to authenticate via SSO.

  • See Requiring SSO for more information.

API / Developer

Added a Vendor API with the ability to:

  • Add or edit a vendor

  • Send a questionnaire

  • Add or edit an External contact

See the Expose Vendor APIs to public idea in the Ideas portal.

Hypersyncs and integrations

  • Updated the Hypersync for KnowBe4: Added the Phishing Campaigns proof type.

    See the New Proof: KnowBe4 Phishing Campaigns idea in the Ideas portal.

  • Updated the Hypersync for Snowflake: Added the List of Users and Roles proof type.

  • Added an authentication option for the Hyperproof integration for Jira when Jira Server is hosted locally using Cloudflare Zero trust.

Program frameworks

  • NERC CIP is now available as a program

    Includes ALL CIP standards currently subject to enforcement, subject to future enforcement, or pending regulatory filing. NERC Critical Infrastructure Protection (CIP) is a set of regulatory standards developed by the North American Electric Reliability Corporation to safeguard the security and reliability of the bulk power system in North America. These standards focus on protecting critical cyber assets, physical infrastructure, and personnel from threats, vulnerabilities, and risks that could disrupt the operation of power grids. The CIP standards require utility companies to implement robust security measures, including risk assessments, access controls, incident response, and regular compliance audits to ensure the continuous protection of vital infrastructure. Includes controls as restatements of requirements.

  • ISO/IEC 20243:2023 - Open Trusted Technology Provider Standard (O-TTPS) is now available as a program

    ISO 20243 is an international standard focused on mitigating risks in the supply chain for information and communication technology (ICT) products. It establishes best practices for detecting and avoiding counterfeit, maliciously tainted, or unauthorized products within the supply chain. By implementing ISO 20243, organizations can enhance the security and integrity of their ICT systems by ensuring trustworthy sourcing and production processes. Includes controls.

  • Updated - The September 2024 version of Australia ISM for IRAP and ASD is now available in Hyperproof.

    Users with the June 2024 version can easily update to this version, which only makes additive changes, using our Framework Update feature. Users of the June 2024 version see an update icon on the program.

Requirements Crosswalk

Changes coming to related requirements (crosswalk) data set: To improve our Jumpstart functionality and enhance the relationship mapping between frameworks, Hyperproof will be updating its crosswalk data set in the coming weeks. Organizations should expect to see an update to the set of requirements in the "related requirements" section in the requirement Details tab of their programs at the end of October. This will have an impact on the count and type of controls that are linked to a program when using the Jumpstart feature but won't affect any existing control-requirement mappings. Most programs will see about 20% more requirements related between their programs, and a 20% reduction in requirements that were poor matches, increasing the overall quality of the relationships between their programs.

Addressed issues

  • Fixed an issue for audit requests where requests imported into an audit without a Reference ID were listed in the Activity Feed as No name instead of using the request ID. NOTE: After this release, requests will be listed in the Activity Feed with both the Reference ID and the Request ID, for example, REQ083 (R-800).

  • Fixed a performance issue that caused the Risk Health and Residual risk across registers widget on the organization dashboard to render very slowly. This performance change revealed an issue with the calculation for Residual risk across registers where the risk count for the low status was not accurate. This issue has also been corrected. As a result, you may notice slightly different totals after the release.

  • Fixed an issue where the import for audit requests indicated that there was an error but did not direct the cursor to the specific cell with the error. (Case # 00008547)

  • Fixed an issue importing controls with scopes on the Programs > Controls tab where the .csv file couldn't be imported and no error was generated. (Case # 00008734)

  • Fixed an issue with the Hypersync for Wiz where errors were generated when attempting to collect the List of Vulnerabilities proof. This Hypersync now has an additional required filter, Vendor Severity, to address this issue. (Case # 00008284)

  • Fixed an issue where the Hypersync for Snowflake List of Users proof type didn't show all user roles. A new proof type List of Users and Roles has been added to address this issue. (Case # 00008866)

  • Fixed the proof grid when displayed within another window, such as the Linked Objects window, to allow the user to resize the columns.

  • Fixed performance issues causing slow load times in Audits and Work items. (Case # 00008915)

  • Fixed an issue when selecting Not Set in the risk category filter where no risks were returned. (Case # 00008891)

  • Fixed an issue where an error was generated when you edited an existing Risk Register name by modifying the capitalization, which prevented the name change from saving. (Case # 00008638)

  • Fixed an issue where bulk deleting multiple tasks in Work items generated an Unexpected error, but the tasks were deleted. (Case # 00008955)

  • Fixed an issue where attempting to open a private issue from the Work items > Home tab generated a permissions error. (Case # 00008950)

  • Fixed a typo in the Vendor import window. The heading for contacts was listed as Vendor contact instead of Vendor contacts as is shown in the example CSV file. (Case # 00008911)

  • Fixed a mismatch in the Questionnaire Response window between the Risk rating calculated for a questionnaire and the Assessed risk value. (Case # 00008892)

    After this release, you may notice that the Total Weight and Section Weight fields on the Questionnaire Response window are lower because weights for questions without a score are not counted.

  • Fixed an issue exporting a program from the Programs window where the export contained a Combined.xlsx file with a file size of 0 KB. (Case # 00008960)

  • Fixed an issue with the Hyperproof integration for Jira where user mapping and status mapping were lost causing repeating task creation to fail. (Case # 00009057)

  • Fixed an issue where importing a large number of users caused errors when attempting to access the People, Controls, and Risk Register windows. (Case # 00009028)

  • Fixed an issue that caused active and completed audits to be displayed together instead of separately. (Case # 00009040)

  • Fixed an issue where the Vendor owner field was not included in vendor exports. (Case # 00009048)

  • Fixed a timing issue that caused the Join window to close very quickly while a user attempted to join an audit. (Case # 00009069)

  • Fixed an issue where the mapping between some Hyperproof users and Jira users was not saved. (Case # 00009057)

  • Fixed an issue where users couldn't connect to Slack or post notifications. (Case # 00009076)

  • Fixed performance issues with the "search/filter as you type" feature used to filter some Hypersync configuration fields populated with very long lists of options. (Case # 00008904)

  • Fixed an issue where users couldn't filter tasks by Programs from the Work items > Tasks tab. (Case # 00009042)

  • Fixed an issue on the Programs dashboard where the number of empty controls was not calculated correctly and included controls that did have proof attached. (Case # 00008842)

  • Fixed a problem with sorting the list of Issues by source where the issues were not displayed alphabetically by source. (Case # 00009001)