Release Notes - 2024-SEP-12
Added
Scope assignments and risks
Users can now import a scope assignment linked to a control via the Risk import CSV using the ID of the scope control.
Questionnaire reminders
Users can now send reminders to vendor respondents to complete a questionnaire.
See the questionnaire reminders idea in the Ideas portal.
See Sending a vendor a questionnaire reminder for more information.
Improved
Performance improvements
Made improvements to the following areas of Hyperproof:
Settings > People
List views of issues, requests, and controls
Access review enhancements
Labels can now now be linked to an access review via the Details tab.
Users can now link all proof attached to the access review to the controls and/or labels that are linked to the access review. When the proof is linked to the controls and/or labels, it will then be available to link to audit requests.
See Linking and unlinking objects for an access review and Linking access review proof to controls or labels for more information.
Proof Picker
The Proof Picker now defaults to the evaluated object when opened in an evaluation.
Card view available for all work items and risks
Card view is now available for requests, evaluations, and issues (previously only available on tasks) as a companion to the standard grid view. It is also available for risks.
Card view allows users to view objects grouped by status to easily see the progression of work.
See the card view idea in the Ideas portal.
Self-service reporting enhancements
Time series data is now available in MRO. New snapshot tables for the Hyperproof business objects have been added with the "TS_" prefix (TS_CONTROL, TS_RISK, etc), which enables creating reports that compare values (e.g. health, residual risk, etc.) month over month (or any multiple of month over month, e.g. quarter over quarter).
Snapshots occur on the first of each month, with the first capture on September 1.
MRO users can start to familiarize themselves with the data model and prepare reports for month over month comparisons starting with this release.
Other additions included in this release:
Added SUBMITTED_DATE to RESPONSE to enable reporting on submitted questionnaire responses
Added EVALUATION_ISSUE to the data model to enable reporting on issues related to evaluations
Added ASSIGNEE to TASK_TEMPLATE to enable reporting on task template by assignee
See Snapshot objects.
Hypersyncs and integrations
Updated the Hypersync for Azure: Added four new proof types:
Azure Database for PostgreSQL Flexible Server - Peerings
Storage Account - Peerings
Virtual Machine - Peerings
Virtual Network - Peerings
Program frameworks
Updated: Australia ISM has been updated to version June 2024.
Updated: ETSI EN 319 401 has been updated to version 3.1.1.
Updated: CJIS has been updated to version 5.9.5.
The Hyperproof Common Control Framework is now mapped to ISO 27001, SOC 2, and NIST CSF. The Hyperproof Common Control Framework (CCF) is a set of controls that map effectively to most information security programs. In addition to using the jumpstart feature to map your Hyperproof CCF controls to your programs, you can also create a program that has been pre-mapped to the the CCF for a more granular mapping of controls to requirements.
NIST 800-171 rev 3 now includes a DOCX SSP Export. This export includes the built-in ODP fields on requirements and can optionally include custom fields, linked controls, and work status of requirements.
To export a DOCX, open the program, select the More options tab (...), and then select Generate Word report (.docx).
Addressed issues
Fixed an issue with the Hypersync for AWS where inconsistent error counts were shown in the Connected Accounts dashboard. (Case #00008986)
Fixed an issue where bullet points in questionnaires were not properly displayed outside of edit mode. (Case #00008956)
Fixed latency issues that occurred when filtering work item issues by custom fields, and when bulk editing issues. (Case #00008872)
Fixed lag issues on Settings > People. (Case #00008525)
Fixed an issue with audit requests. (Case #00008943)
Fixed an issue with automated control testing where the Microsoft Entra ID Password Policy failed when it should have passed. (Case # 00008923)
Fixed an issue where an unexpected error occurred when linking back proof on requests. (Case #00008937, 00008905)
Fixed an issue where bulk edit options were disabled. (Case #00008893)
Fixed an authentication error that occurred when connecting to the Hypersync for Crowdstrike. (Case #00008825)
Fixed an issue where risk updates were not sent to the configured Slack channel via the Slack integration. (Case #00008839)
Fixed an issue that caused an error each time the Hypersync for Google Sheets ran. (Case #00008822)
Fixed an issue where, when in grid view, risks could not be sorted by the Health column. (Case #00008835)
Fixed an issue where contacts received an error when clicking a task assignment email link. (Case #00008786)
Fixed an issue where work item issues with the status of Accepted appeared both opened and closed. (Case #00008793)
Fixed a timeout issue with the Hypersync for Jamf. (Case #00008754)
Fixed an issue where requirement links were not exported in a controls Excel report. (Case #00008677)
Fixed a UI issue in the Assessments module where going beyond four assignees resulted in the assignees being displayed outside of the box's border. (Case #00008630)
Fixed an issue where contacts were able to be assigned to audit requests. (Case #00008608)
Fixed slow down issues. (Case #00008525)
Fixed an issue where groups could not create risks or requests. (Case #00008992, 00008970)
Fixed lag issues with controls. (Case #00008525)
Fixed an issue where the testing status of a control toggled between Effective and Ineffective after deleting failed tests. (Case #00008885)
Fixed an issue with the Hypersync for AWS (Security Hub Findings for US-East-1) where a proof file was created, but no results were found when the "Findings to include" option was configured to CIS Benchmark. (Case #00008719)