Release Notes - 2025-OCT-30
Improved
Hypersyncs and integrations
New! Hypersync for Microsoft Defender. Proof type:
List of Security Vulnerabilities
See Microsoft Defender proof types in the Help Center.
Updated! Hypersync for AWS.
Added a new AWS service: CloudTrail.
CloudTrail must be added to your policy permissions:
cloudtrail:ListTrailscloudtrail:DescribeTrailscloudtrail:GetTrailStatus
Updated! Hypersync for AWS.
Added a new proof type: List of Access Keys
Added a new proof type: List of RDS Instances
Updated! Hypersync for Entra ID.
Added a new proof type: List of Domains
Added a new proof type: List of Service Principals
Feature updates
Snowflake Authentication Updates
To enhance security and align with Snowflake’s new requirements, we’re updating authentication for connections to Snowflake through Hyperproof self-service reporting.
What's changing
October 30, 2025 - Service accounts must use RSA key-pair authentication.
November 10, 2025 - Person accounts must use multi-factor authentication (MFA).
What to do before November 10, 2025
Enable MFA on your Snowflake person account(s) OR
Switch to a service account and configure RSA key-pair authentication
These updates ensure uninterrupted, secure access to your Hyperproof data once Snowflake enforces its requirements.
Program frameworks
New! PCI PIN Security Requirements and Testing Procedures v3.1. A standard from the Payment Card Industry (PCI) Security Standards Council that defines the requirements for securely managing, processing, and transmitting Personal Identification Numbers (PINs) during payment transactions.
Available now in US. Coming early November for EU and GOV.
Crosswalks are not yet available for this framework.
Template controls are available.
New! PCI Point-to-Point Encryption (P2PE) v3.2. A security standard that encrypts cardholder data from the moment it is captured at a payment terminal until it reaches the payment processor's secure decryption environment, significantly reducing the scope of PCI DSS compliance.
Available now in US. Coming early November for EU and GOV.
Crosswalks are not yet available for this framework.
Template controls are available.
Updated! Australia ISM for IRAP and ASD by ACSC has been updated to September 2025.
Available now in US. Coming early November for EU and GOV.
Crosswalks are not yet available for this framework.
Template controls are available.
Updated! FBI Criminal Justice Information Services (CJIS) Security has been updated to Policy 6.0.
Available now in US. Coming early November for EU and GOV.
Crosswalks are not yet available for this framework.
Template controls are available.
Updated! GovRAMP has been updated to rev.5. Available in all Hyperproof environments (US, EU, GOV).
Available now in US. Coming early November for EU and GOV.
Crosswalks are available.
Template controls are available.
Updated! Secure Controls Framework (SCF) has been updated to July 2025.
Available now in US. Coming early November for EU and GOV.
Crosswalks are not yet available for this framework.
Template controls are available.
Updated! OWASP Application Security Verification Standard (ASVS) has been updated to v5.0.0.
Available now in US. Coming early November for EU and GOV.
Crosswalks are not yet available for this framework.
Template controls are available.
Updated! ISO/IEC 27018 has been updated to 2025.
Available now in US. Coming early November for EU and GOV.
Crosswalks are not yet available for this framework.
Template controls are available.
The following programs are now available in US and are expected in early November for EU and GOV:
WebTrust Principles and Criteria
Health Insurance Portability and Accountability Act (HIPAA) with Substance Use Disorder Confidentiality Rules, Information Blocking, and the FTC Breach Notification Rule
NIST 800-53 Rev 5 - Selectable Baseline
NIST 800-53 Rev 5.1.1 - All Controls and Supplemental
Belgian CyberFundamentals Essentials (CyFun) v2023-03-01
Early access
Multi-step approvals on tasks
The early access for multi-step approvals on tasks continues with this release. The functionality enables compliance managers to automate and orchestrate the review and approval of evidence collected in tasks, eliminating manual and ad hoc processes required today. Improvements include:
The grid view in Work items > Approvals is now optimized for active approvals. Approvals that have been completed (Approved, Request changes), canceled, or archived are now displayed in the 'Closed approvals' section.
Removed the limitation requiring approvers listed in the approval configuration to have at least the object-level role of contributor on the tasks. Approvals are now created on behalf of the task creator (who is a manager on the task.
Enabled an initial implementation of multi-step approvals on Policy, adopting the same capabilities offered on tasks from the start approval action.
Also includes the ability to auto-close tasks when submitted/approved, in addition to the multi-step approval capability.
See Approvals in the Help Center.
Known limitations:
The task assignee does not receive an email notification when a change is requested during an approval round. The task is returned to them with the status of 'In progress' so they can address any feedback and resubmit. Email notifications will be generated as part of the general access (GA) release.
Comments from approvals aren't recorded in the task's Activity Feed. In EA, approval comments can be found in the approval history.
In Grid view, canceled and closed approvals don't appear in the 'Closed' column.
When a new approval round is started, the previous round's incomplete approvals aren't canceled. For this release, these obsolete approvals can be canceled manually from the approval.
Contact your Customer Success Manager and/or Account Manager for more details.
Global search
Improvements in this release include:
Results are no longer segmented by object type.
Result links contain an 'Open in New tab' button.
Recent searches are now stored (up to 10) and shown when a user clicks into the searchbox.
When typing, recent searches that match the search string are shown at the top of the drop-down.
Recent searches shown in the drop-down are limited to one line and truncated with ellipses.
Requests with multiple parents are now supported; all parent names are shown in the request's result.
Hierarchical scopes
The early access for hierarchical scopes continues with this release. The functionality enables compliance managers to transform flat list scopes into a flexible, multi-level structure that mirrors how their organization actually operates (e.g., Org > Region > Product). Control operations are scaled without duplication, manual workarounds, or loss of accountability, and managers can move effortlessly between high-level oversight and detailed reporting.
New for this release:
The API is now available. See the Developer Portal for more information.
Ability to search scope assignments on the control details page.
Improvements to the linking panel in controls; inherited links, along with their origin, are aggregated in the Links tab. This includes all link types except risks.
Issues now roll up to the parent control, along with their origin.
Scopes can be bulk-assigned to controls, along with explanatory tooltips to clarify the proposed changes.
See Working with hierarchical scopes in the Help Center.
Full list of available functionality:
Create a child scope (hierarchical scope)
Link and unlink a child scope to/from a control
Bulk link scopes to multiple controls
Edit a child scope (including changing owner, assigning membership, etc)
Toggle between single-select mode and select node+children
Search and filter scopes by owner/member (same as current functionality)
View scope assignment controls on a control (same as current functionality, now with hierarchical scope support)
Group scope assignments by custom fields
Search scope assignments on the control details page
Select, view, and edit a scope or a hierarchical scope
New for hierarchical scopes - Users can only make changes to scope assignment controls they have access to.
Scope assignment controls can be edited to be different than the parent control as well as other scope assignments for the same parent control
Create, update, and assign scopes via the API
Known limitations for this release:
The deletion/archive functionality is temporarily disabled, but will be back fully before general access (GA).
Description, ID, and Domain are editable now, but won't be soon, as they'll roll down from the top-level un-scoped control.
We recommend a sandbox for API exploration; until migration happens for GA, old scopes will not work with hierarchical scopes.
Contact your Customer Success Manager and/or Account Manager for more details.
AI smart links
For organizations in EA of the AI Agent, Hyperproof AI now includes more types of suggestions on controls:
Risks
Policies
Requests
Requirements
Labels
Proof
To discover these suggestions, navigate to any control and click the AI Agent icon. Click Provide suggestions to improve this control to view link options.
Addressed issues
Fixed an issue that caused users to be unable to accept invitations to join Hyperproof. (Case # 00010522)
Fixed an issue where the 'Group assignee' and 'Group ID' fields on a risk did not show in PowerBI reports. (Case # 00010660)
Fixed an issue where updating the Entra ID client secret resulted in Hyperproof MFA no longer prompting for users. (Case # 00010726)
Fixed an issue in the Overview module where the 'Empty controls' link contained scoped controls with proof linked to the scoped controls. (Case # 00010687)
Fixed an issue that caused a discrepancy with the 'Expired labels' count. (Case # 00010780)
Fixed an issue that prevented a deactivated user's work to be reassigned. (Case # 00010785)
Fixed a latency issue in the Vendor module. (Case # 00010793, 00010789)
Fixed an issue where canceled and closed approvals were not moved to the 'Closed' column while in Grid view. (Case # 00010793, 00010815)
Fixed an issue that prevented a user from logging in to Hyperproof. (Case # 00010818)
Fixed an issue with the Jira task integration that caused an error, 'Request entity too large'. (Case # 00010840)
Fixed a latency issue in the Audits > Requests area of Hyperproof. (Case # 00010786)
Fixed an issue that caused an incorrect issue count to display on the Program overview. (Case # 00010862)
Fixed an issue that prevented a user from logging in to Hyperproof. (Case # 00010855)
Fixed a latency issue in the Hyperproof EU environment. (Case # 00010793)
Updated Hyperproof's certificate for hpip.hyperproof.app. Users were unable to log in to several Hypersyncs due the expired certificate. (Case # 00010875, 00010874, 00010872, 00010870)
Fixed an issue that caused the Hypersync for AWS backup job to fail. (Case # 00010873)
Fixed an issue in the Vendor module that caused the 'Export questionnaire' icon to not be displayed. (Case # 00010879)
Fixed an issue where, when assigning a group to a task, the group did not appear in the task's facepile. (Case # 00010896, 00010881)
Fixed an issue in the Assessments module that caused the 'Generate Word report' option to not work. (Case # 00010883)
Fixed an issue that caused empty custom field values within Controls > Links. (Case # 00010882)
Created a "sign request" certificate so the customer could enable SSO in their organization. (Case # 00010913)
Fixed a latency issue in the Labels module. (Case # 00010902)