Release Notes - 2025-MAY-01
Added
Connection health is in Early Access
To compliment connection health for Hypersyncs and tasks, notifications are now part of the workflow when an unhealthy connection is identified. Users receive a weekly digest every Monday to inform them of any issues with their integrations, plus links to follow to restore a healthy connection.
See the Connection health: Notifications idea in the Ideas portal.
See Connection health notifications in the help center for more information.
Hyperproof Gov
Added support for one-time passcodes in the Hyperproof Gov environment. Any user accessing a contact portal or a questionnaire is now required to go through a one-time passcode flow.
Workflow: User receives an email > clicks a link to confirm their email address > Hyperproof sends a 6-digit code > user enters the code on the portal or questionnaire page. User now has access to complete the task or questionnaire.
See One-time passcodes for external users in the help center for more information.
Partner-enabled content
Partners can now host their own content in Hyperproof so their direct customers can utilize content designed by them.
Content types include programs, controls, risks, labels, requirement DOCX reports (such as SOC 2 Section 4), and crosswalks.
The Hyperproof Common Control Framework (CCF) is available to partners with an open license, such that partners can use this to design their own CCF.
Contact your partner representative to learn more!
Improved
SCIM provisioning via Okta is now GA!
Note
SCIM provisioning is a paid feature. Contact your CSM or AM for assistance in getting this feature.
Use SCIM provisioning with your Okta SSO directory to bring users and groups into Hyperproof without having to invite each user individually. SSO must be configured in your organization for this functionality to work. We are actively working on the same functionality for Microsoft Entra ID.
See Provisioning Hyperproof users and groups with SCIM in the help center for more information.
See the User provisioning / deprovisioning via SCIM (Okta, AzureAD, etc.) idea in the Ideas portal.
Programs
Added support for bulk selecting requirements to be included in SSP DOCX reports. Available for the following programs: FedRAMP, CMMC, and NIST 800-53.
See the Bulk edit non-applicable requirements section in Working with FedRAMP in the help center for more information.
Group assignments
Added support for groups on scope assignment controls. This comes along with all of the expected notifications as well.
Tasks
Added support for auto-generated unique IDs. With the addition of the ID, it's now possible to update existing tasks via import by supplying the ID. (Case # 00009592)
See the Tasks unique IDs idea in the Ideas portal.
See the Ability to bulk update / edit the tasks for multiple scopes idea in the Ideas portal.
See Creating a task and Importing tasks in the help center.
SDK / APIs
Risk API changes
The following Risk APIs have been modified to no longer return linked controls unless specified using a query parameter. Example: v1/risks?expand=linkedControls
If you have code that uses these APIs and that code expects a list of linked controls, you may need to modify it after this release.
Get RisksGet RiskUpdate Risk
By default, the Get Risks endpoint only returns active risks. To include both archived and active risks, use the status query parameter. Example: v1/risks?status=active,archived
Hypersyncs and integrations
Updated! Hypersync for Azure. Added the Resource Group filter for multiple proof types.
See the Proof: Entra ID: Filter by Resource Group idea in the Ideas portal.
Program frameworks
IATF 16949 is now available in Hyperproof US
IATF 16949 is an international quality management standard specifically designed for the automotive industry, emphasizing defect prevention, continual improvement, and reduction of waste across the automotive supply chain. It integrates ISO 9001 requirements with automotive-specific criteria to enhance customer satisfaction, product safety, and reliability.
This program includes ISO 9001 controls.
Your organization must have a license acquired from AIAG to use this program.
See Frameworks in the help center for information on all supported frameworks.
Updated framework: NIST CSF 2.0.
Added the newly released NIST 800-53 5.1.1 control definitions, as well as the "PT" (PII and Privacy) controls, and a few extra "CP" (contingency planning) controls. This update adds a total of 13 new controls.
Addressed issues
Fixed an issue with the task integration for Jira where submitting a task caused the integration to stop syncing. (Case # 00009336)
Fixed an issue where the audit timeline chart did not display the start/end dates. (Case # 00009165)
Fixed an issue where querying the Risk API with register IDs returned no controls. (Case # 00009677)
Fixed an issue that caused the Activity Feed on a risk to record an action that was not taken. (Case # 00009780)
Fixed an issue that caused exported evaluations from a control assessment with extra data in the Evaluating column to error out when attempting to import the CSV into Hyperproof. (Case # 00009894, 00009788)
Fixed an issue where, when scrolling, the list of Users and Groups was cut off. (Case # 00009725)
Fixed an issue where the filter in the Audits module listed the incorrect request total. (Case # 00009816)
Fixed an issue with the Hypersync for Tenable that caused a runtime error. (Case # 00009847)
Fixed an issue with the Hypersync for AWS that caused a communication error when attempting to establish a connection. (Case # 00009846)
Fixed an issue where sorting scope assignments by either name or owner resulted in an error. (Case # 00009876)
Fixed an issue on the Scope Assignments page that caused the column width to revert to its original width when the column was expanded. (Case # 00009877)
Fixed an issue with audit request comments that caused the UI to shift to the top of the request. (Case # 00009884)
Fixed an issue that caused an error when linking back proof in an audit request. (Case # 00009887)
Fixed an issue where a questionnaire note did not maintain rich text formatting. (Case # 00009923)
Fixed an issue where each time new proof was added via the Proof Picker > My computer, a modal appeared asking if the user wanted to label the proof. (Case # 00009917)
Fixed an issue where, after updating the Azure Client Secret, users were not prompted for MFA. (Case # 00009949, 00009925)
Fixed an issue that caused compliance managers and users to be unable to import controls. (Case # 00009953, 00009958, 00009950)
Fixed an issue where scope assignments weren't found by the control assessment filter. (Case # 00009915)
Fixed an issue where a user could not bulk edit membership on a very large number of controls. (Case #00009912)
Fixed an issue that caused custom fields to be exported incorrectly. (Case # 00009952)
Fixed an issue that caused GT Sync error. (Case # 00009960)
Fixed an issue that caused all users to be accidentally deactivated. (Case # 00009962)
Fixed an issue that prevented limited access users from changing the status of a request. (Case # 00009970, 00009966)
Fixed an issue where cloud-sourced proof could not be linked to requests. (Case # 00009978, 00009969)
Fixed an issue where, when adding a new manager to an audit, existing external auditors were removed. (Case # 00009973)
Fixed an issue where notifications were not sent to a new risk owner. (Case # 00009963)
Fixed an issue where external auditors could not change the status of a request. (Case # 00009976, 00009975)
Fixed an issue where contacts could not upload proof to tasks. (Case # 00009977, 00009969)
Fixed an issue that caused compliance managers and users to receive an error when adding proof to an evaluation. (Case # 00009987)
Fixed an issue where users could not make changes to a custom field in a scoped control. (Case # 00009979)
Fixed an issue with assessments where an issue could not be created if the admin or manager belonged to a group. (Case # 00009989)
Fixed an issue that caused the import/export feature on existing assessments to fail. (Case # 00009873)