Skip to main content

Release Notes - 2025-MAY-01

Added

Connection health is in Early Access

  • To compliment connection health for Hypersyncs and tasks, notifications are now part of the workflow when an unhealthy connection is identified. Users receive a weekly digest every Monday to inform them of any issues with their integrations, plus links to follow to restore a healthy connection.

  • See the Connection health: Notifications idea in the Ideas portal.

  • See Connection health notifications in the help center for more information.

Hyperproof Gov

  • Added support for one-time passcodes in the Hyperproof Gov environment. Any user accessing a contact portal or a questionnaire is now required to go through a one-time passcode flow.

    • Workflow: User receives an email > clicks a link to confirm their email address > Hyperproof sends a 6-digit code > user enters the code on the portal or questionnaire page. User now has access to complete the task or questionnaire.

    • See One-time passcodes for external users in the help center for more information.

Partner-enabled content

  • Partners can now host their own content in Hyperproof so their direct customers can utilize content designed by them.

    • Content types include programs, controls, risks, labels, requirement DOCX reports (such as SOC 2 Section 4), and crosswalks.

    • The Hyperproof Common Control Framework (CCF) is available to partners with an open license, such that partners can use this to design their own CCF.

    • Contact your partner representative to learn more!

Improved

SCIM provisioning via Okta is now GA!

Note

SCIM provisioning is a paid feature. Contact your CSM or AM for assistance in getting this feature.

Programs

  • Added support for bulk selecting requirements to be included in SSP DOCX reports. Available for the following programs: FedRAMP, CMMC, and NIST 800-53.

  • See the Bulk edit non-applicable requirements section in Working with FedRAMP in the help center for more information.

Group assignments

  • Added support for groups on scope assignment controls. This comes along with all of the expected notifications as well.

Tasks

SDK / APIs

Risk API changes

The following Risk APIs have been modified to no longer return linked controls unless specified using a query parameter. Example: v1/risks?expand=linkedControls

If you have code that uses these APIs and that code expects a list of linked controls, you may need to modify it after this release.

  • Get Risks

  • Get Risk

  • Update Risk

By default, the Get Risks endpoint only returns active risks. To include both archived and active risks, use the status query parameter. Example: v1/risks?status=active,archived

Hypersyncs and integrations

Updated! Hypersync for Azure. Added the Resource Group filter for multiple proof types.

Program frameworks

IATF 16949 is now available in Hyperproof US

  • IATF 16949 is an international quality management standard specifically designed for the automotive industry, emphasizing defect prevention, continual improvement, and reduction of waste across the automotive supply chain. It integrates ISO 9001 requirements with automotive-specific criteria to enhance customer satisfaction, product safety, and reliability.

  • This program includes ISO 9001 controls.

  • Your organization must have a license acquired from AIAG to use this program.

  • See Frameworks in the help center for information on all supported frameworks.

Updated framework: NIST CSF 2.0.

  • Added the newly released NIST 800-53 5.1.1 control definitions, as well as the "PT" (PII and Privacy) controls, and a few extra "CP" (contingency planning) controls. This update adds a total of 13 new controls.

Addressed issues

  • Fixed an issue with the task integration for Jira where submitting a task caused the integration to stop syncing. (Case # 00009336)

  • Fixed an issue where the audit timeline chart did not display the start/end dates. (Case # 00009165)

  • Fixed an issue where querying the Risk API with register IDs returned no controls. (Case # 00009677)

  • Fixed an issue that caused the Activity Feed on a risk to record an action that was not taken. (Case # 00009780)

  • Fixed an issue that caused exported evaluations from a control assessment with extra data in the Evaluating column to error out when attempting to import the CSV into Hyperproof. (Case # 00009894, 00009788)

  • Fixed an issue where, when scrolling, the list of Users and Groups was cut off. (Case # 00009725)

  • Fixed an issue where the filter in the Audits module listed the incorrect request total. (Case # 00009816)

  • Fixed an issue with the Hypersync for Tenable that caused a runtime error. (Case # 00009847)

  • Fixed an issue with the Hypersync for AWS that caused a communication error when attempting to establish a connection. (Case # 00009846)

  • Fixed an issue where sorting scope assignments by either name or owner resulted in an error. (Case # 00009876)

  • Fixed an issue on the Scope Assignments page that caused the column width to revert to its original width when the column was expanded. (Case # 00009877)

  • Fixed an issue with audit request comments that caused the UI to shift to the top of the request. (Case # 00009884)

  • Fixed an issue that caused an error when linking back proof in an audit request. (Case # 00009887)

  • Fixed an issue where a questionnaire note did not maintain rich text formatting. (Case # 00009923)

  • Fixed an issue where each time new proof was added via the Proof Picker > My computer, a modal appeared asking if the user wanted to label the proof. (Case # 00009917)

  • Fixed an issue where, after updating the Azure Client Secret, users were not prompted for MFA. (Case # 00009949, 00009925)

  • Fixed an issue that caused compliance managers and users to be unable to import controls. (Case # 00009953, 00009958, 00009950)

  • Fixed an issue where scope assignments weren't found by the control assessment filter. (Case # 00009915)

  • Fixed an issue where a user could not bulk edit membership on a very large number of controls. (Case #00009912)

  • Fixed an issue that caused custom fields to be exported incorrectly. (Case # 00009952)

  • Fixed an issue that caused GT Sync error. (Case # 00009960)

  • Fixed an issue that caused all users to be accidentally deactivated. (Case # 00009962)

  • Fixed an issue that prevented limited access users from changing the status of a request. (Case # 00009970, 00009966)

  • Fixed an issue where cloud-sourced proof could not be linked to requests. (Case # 00009978, 00009969)

  • Fixed an issue where, when adding a new manager to an audit, existing external auditors were removed. (Case # 00009973)

  • Fixed an issue where notifications were not sent to a new risk owner. (Case # 00009963)

  • Fixed an issue where external auditors could not change the status of a request. (Case # 00009976, 00009975)

  • Fixed an issue where contacts could not upload proof to tasks. (Case # 00009977, 00009969)

  • Fixed an issue that caused compliance managers and users to receive an error when adding proof to an evaluation. (Case # 00009987)

  • Fixed an issue where users could not make changes to a custom field in a scoped control. (Case # 00009979)

  • Fixed an issue with assessments where an issue could not be created if the admin or manager belonged to a group. (Case # 00009989)

  • Fixed an issue that caused the import/export feature on existing assessments to fail. (Case # 00009873)