Release Notes - 2025-APR-10
Added
SCIM Provisioning is in Early Access
Use SCIM provisioning with your Okta SSO directory to bring users and groups into Hyperproof without having to invite each user individually.
See Provisioning Hyperproof users and groups with SCIM in the Help Center for more information.
See the User provisioning / deprovisioning via SCIM (Okta, AzureAD, etc.) idea in the Ideas portal.
Improved
Policy is now GA!
The Hyperproof Policy module is now generally available for purchase and use in your production environment.
What's in the Policy module?
Centralized policy list
Version management
Lifecycle management with approvals workflow
Control linking
Issue and exception tracking
Custom fields - new in this release
For more information on Policy:
See Policies in the Help Center.
See the Policy Management Module idea in the Ideas portal.
Group assignments
Assigning groups is supported for tasks and repeating tasks.
Groups are supported when importing tasks, controls, and requests.
Assigning groups is supported for ServiceNow task integration.
Note
To use this feature, you must map Hyperproof groups and users to ServiceNow groups and users under Settings > Integrations > ServiceNow > Settings. See Mapping Hyperproof and ServiceNow task statuses in the Help Center.
For more information on group assignments see the following ideas in the Ideas portal:
Activity Feed
Long posts in the Activity Feed are limited to 4 lines of text with a Show more / Show less link to expand and collapse the content, making it easier to scan. For example, if you export or bulk edit a large number of records, that information displays in a collapsed format in the Activity Feed.
Downloading proof restriction for external auditors
Hyperproof can turn off the ability for External auditors to download or export proof upon request.
When downloading proof is restricted, external auditors can view proof with the proof viewer.
See the Ability to restrict external auditors from downloading proof (view only proof) idea in the Ideas portal.
Automated Control Testing
Automated control testing now supports testing multiple columns against each other in a single proof. A new capability has been added to allow you to apply a relative test when comparing two pieces of data to each other. For example, you can compare two dates. This feature is useful for automating provisioning and change management.
See Creating and running an automated control test in the Help Center.
Assessment request import
Link assessment requests to existing assessment evaluations using the new Evaluation Reference field.
SDK / APIs
Risk API changes
The following Risk APIs will be modified in the May 1, 2025 release to no longer return linked controls unless specified using a query parameter. Example: v1/risks?expand=linkedControls
If you have code that uses these APIs and that code expects a list of linked controls, you may need to modify it after the May 1, 2025 release.
Get Risks
Get Risk
Update Risk
By default, the Get Risks endpoint will return only active risks. To include both archived and active risks, use the status query parameter. Example: v1/risks?status=active,archived
Hypersyncs and integrations
Updated Hypersync for Crowdstrike - At the end of April 2025, Crowdstrike is deprecating the Detections API used to collect the Endpoint Detections proof type. Hyperproof has switched to the Alerts API to generate the Endpoint Detections proof type. If you are currently collecting the Endpoint Detections proof type you need to provide your existing API client with read access to the Alerts API scope in Crowdstrike. Note that you do not need to reconfigure any Hypersyncs or reauthenticate.
New Azure proof type - List of Virtual Network Gateways. See the Azure: List of Virtual Network Gateways idea in the Ideas portal.
New Microsoft Entra ID proof type - List of Roles Assignments. See the New Proof for Azure AD: Privileged Identity Management idea in the Ideas portal.
New Microsoft Intune proof type - List of Managed Devices (Case # 00009521)
To use this new proof type:
Configure the
DeviceManagementManagedDevices.Read.Allpermission in Microsoft Intune.Your Azure administrator must grant this permission tenant-wide. See Granting tenant-wide access in the Microsoft Intune types article in the Help Center. If tenant-wide access is not granted and you try to configure a Hypersync for this proof type, a Hypersync error is generated. See the Troubleshooting the Hypersync for Microsoft Intunesection of the Microsoft Intune proof types article in the Help Center.
You must reauthenticate the Microsoft Intune connection in Hyperproof by updating your credentials for the connection on the Connected accounts window. See Fixing an unhealthy connection in Managing Hypersync connection health in the Help Center.
New Snyk proof type - The List of Issues by Project (US Only) and List of Issues by Org proof types are being combined into a single proof type, List of Issues. This new proof type supports filtering by Snyk Target, and works across all regions. Existing Hypersyncs will be migrated for you and will not require any action on your part.
Fields for the combined proof type, List of Issues, are different from the fields available in the original List of Issues by Project and List of Issues by Org proof types. If you had automated control tests configured for these proof types, you will need to reconfigure your tests to accommodate the fields available in the new proof type.
Updated AWS and Google Cloud Platform proof types - List of Pod Security Policies.
Kubernetes has deprecated PodSecurityPolicies in version 1.21. This change has an impact on the proof type, List of Pod Security Policies, available in the Hypersyncs for AWS and Google Cloud Platform. To ensure that these proof types are generated correctly, you should use Kubernetes version 1.22 or higher and make sure you have migrated from PodSecurityPolicies to the built-in PodSecurity admission controller. See this Kubernetes article for more information: Migrate from PodSecurityPolicy to the Built-In PodSecurity Admission Controller.
Note that the layout of the List of Pod Security Policies proof type has been modified allowing it to be tested using automated control tests.
Program frameworks
The EU Cyber Resilience Act is now available in Hyperproof US
The EU Cyber Resilience Act (Regulation (EU) 2024/2847) establishes uniform cybersecurity requirements for products with digital elements across the European Union. Adopted on October 23, 2024, and effective from June 2025, it mandates that manufacturers integrate security measures throughout a product's lifecycle, including design, development, and maintenance phases. The regulation applies to both hardware and software, ensuring that products are resilient against cyber threats and that consumers are better informed about cybersecurity risks.
Because this is a regulation, the "requirements" do not lend themselves to controls, so no controls are included.
The framework is crosswalked.
See the EUCRA Framework Template idea in the Ideas portal for more information.
Addressed issues
Fixed an issue with the Hypersync for AWS where the Hypersync became unhealthy but there were no error details. Hyperproof reconfigured the List of Pod Security Policies proof type to address this issue. See the Hypersync Updates section of these release notes for more information on changes to Kubernetes associated with this Hypersync. (Case # 00009497, 00009562)
Fixed an issue where the order of statuses in evaluations and requests was different from the order of statuses in other work Items. Updated the status order such that Approved comes before Closed. (Case # 00009625)
Fixed an issue where users experienced long load times when attempting to filter controls. (Case # 00009666)
Fixed an issue on the Control Health widget in the Control details window when a user selected a Testing status value from the list, and later reopened the list, the selected value wasn't highlighted even though it was saved correctly. (Case # 00009714)
Fixed an issue where some users were not prompted for multi-factor authentication if they were logged in using email and password during the transition to multi-factor authentication. (Case # 00009665)
Fixed an issue configuring the Hypersync for GitLab when there were more than 1000 projects returned for the Project filter where the selected Project value disappeared. (Case # 00009724)
Fixed an issue importing issues from a CSV file where records with blank Business Owner and Executive Sponsor fields were set to the name of the importing user. (Case # 00009729)
Fixed an issue on the Settings > Custom fields window where specifying long values for a Single Select custom field caused the values to overlap other columns. (Case # 00009693)
Fixed an issue filtering scopes by a custom field under Settings > Scopes where if you modify a custom field value for a scope, the modified record was not removed from the list based on the filter. (Case # 00009742)
Fixed an issue on the Risks Settings window where the Members column shows up as None instead of Members. (Case # 00009775)
Fixed an issue with the Hypersync for KnowBe4 where the Training Campaigns proof only included campaigns up to the year 2022. (Case # 00009779, 00009895)
Fixed an issue with the Hypersync for Crowdstrike Endpoint Detections proof type where it reported the status for all records as new even if the associated Crowdstrike record was listed as closed in Crowdstrike. (Case # 00009697)
Fixed an issue where some users were not being prompted to configure Multi-factor Authentication when they attempted to sign in to Hyperproof. (Case # 00009665)
Fixed an issue creating a connection for the Hypersync for GitHub where the connection creation failed with an error similar to the following:
Error exchanging the authorization code for an access token: Unauthorized.(Case # 00009801, 00009815)Fixed an issue in the Hyperproof EU instance where the option to Generate Word Report for selected evaluations in an assessment failed with an error, and the report wasn't generated. (Case # 00009822)
Fixed an issue creating Asana tasks where selections made on the task creation window were not saved. (Case # 00009823)
Fixed an issue creating Jira tasks where the Project drop-down field would not populate. (Case # 00009828, 00009841, 00009859)
Fixed an issue selecting the Automations tab for a control, where an error was generated and the tab never displayed. (Case # 00009834, 00009842)
Fixed an issue exporting earlier versions of proof linked to requests where Hyperproof generated 403 errors. (Case # 00009835)
Fixed an issue where repeating tasks created duplicate tasks in Jira. (Case # 00009861)
Fixed an issue where you couldn't update evaluation names by importing an updated CSV file of evaluations. You can now include a column with the heading Summary and import the values into the evaluation Name field. (Case # 00009873)