Skip to main content

Release Notes - 2026-APR-22

Improved

Freshness intervals

To ensure that compliance cycles align with real-world schedules, you can now set freshness expiration on fixed calendar cadences or elapsed days.

  • Calendar-based recurrence: You can now define freshness on specific repeating intervals ("Every 3 weeks on Thursday", "Every 3 months on the last weekday of the month", "Every year on December 31st"), instead of a set number of days.

  • Fixed schedules: Expiration dates can be calculated, making them independent of when an object was last marked fresh. This approach prevents schedule drift and removes the pressure from users who fall behind on their updates

  • Hyperproof supports both freshness expiration models: the legacy "Expires after marked fresh" based on user updates) and the new "Expires on a set cadence" (based on a calendar schedule).

  • See Understanding recurring schedules for more information on scheduling freshness expiration.

Note

Existing objects' freshness models have not been updated to the new scheduled expiration model. You can update them manually if necessary.

Access reviews

Added support for importing application user lists using Hypersyncs for the following apps:

  • Applicant Tracking Systems: ApplicantStack, Ashby, Breezy, CATS, Comeet, Cornerstone TalentLink, Crelate, Engageats, Flatchr, Fountain, Gem, Harbour ATS, Homerun, iCIMS, Infinite Brassring, Jobvite, Join, Occupop, Pinpoint, Recruiterflow, Talentreef, Tribepad

  • Ticketing: Basecamp, Dixa, Gladly, Gorgias, Ironclad, Kustomer, Rally, Re:amaze, Shortcut, SpotDraft, Zoho BugTracker

Hypersyncs and integrations

  • Updated the Hypersync for Workday proof types: Added the Last Day of Work field to the Employees with Change in Employment Status and List of Employees proof types.

  • Updated the Hypersync for CrowdStrike proof type List of Hosts: Added the Sensor Version field.

  • Updated the Hypersync for Azure: Resource group filtering settings now support the ability to select All resource groups for the following proof types:

    • Azure Database for MySQL: Server Backup Configuration

    • Azure Database for MySQL: Server Backup Retention Days

    • Azure Database for PostgreSQL: Flexible Server Backup Configuration

    • Azure Database for PostgreSQL: Flexible Server Backup Retention Days

    • Azure Database for PostgreSQL: Server Backup Configuration

    • Azure Database for PostgreSQL: Server Backup Retention Days

    • Azure Database for PostgreSQL: Server Minimum TLS Version

Program frameworks

New frameworks

New frameworks include controls and are included in Hyperproof's fully-crosswalked dataset to map to all other frameworks.

  • Privacy -

    • New York Privacy Act Bill

    • Chilean Personal Data Protection Law (PDPL) - Law No. 19.628

    • Quebec's Privacy Law 25

  • Finance

    • UK Economic Crime and Corporate Transparency Act 2023 (ECCTA)

Updated frameworks

  • NIS 2 has been significantly revised based on customer feedback and recent updates to regulations and standards. It now includes:

    • Country-specific implementation guidance

    • Technical requirements for Incident Response from the corresponding standard 2024/2690

    • Additional Articles of NIS 2 not originally included

    • New control mappings from ISO 27001, 27002, 27701, and 22301, along with bespoke controls unique to NIS 2

    • Updated to use the "official"  'NIS 2' naming convention

    • Updated crosswalk

  • CMMC 2.0 Selectable Level with DFARS 252.204 and NIST 800-53 NFO - Includes new controls, labels, risks, and reports.

  • NIST 800-53 Rev 5.2.0 - All Controls & Supplemental - Includes new controls.

  • FDA 21 CFR Part 11 — Electronic Records; Electronic Signatures - Includes new controls.

  • Australia ISM for IRAP and ASD by ACSC, December 202 - Includes new controls

New Smart Content

The following frameworks have been updated with labels, risks, or other supporting smart content.

  • HIPAA

  • UK Cyber Essentials

  • Singapore MAS

  • NIST 800-171r3

  • BSI C5 2020

  • OWASP

  • NIST 800-218

  • FDA Part 21

  • ISO 27701:2025

  • SWIFT

  • MARS

Addressed issues

Fixed an issue in the Evaluations module where issues assigned to a group were not visible to group members within the evaluation's Related Issues tab. (Case # 00011508)

  • Fixed an issue where attempting to deactivate a user and reassign their work in a single step resulted in an unexpected error message. (Case # 00010996, 00011424)

  • Fixed an issue in the Proof module where long backend processing times caused significant delays when accessing, uploading, or managing proof items in organizations with large data sets. (Case # 00011341, 00011708)

  • Fixed an issue in the Overview tab where filtering labels by freshness status, such as Expired or Fresh, incorrectly displayed all labels instead of the filtered results. (Case # 00011399)

  • Fixed an issue in the Programs module where activity performed on linked controls was not consistently appearing in the main program activity feed. (Case # 00011502)

  • Fixed an issue where archived audit requests remained visible to assignees in their Work Items view, allowing unintended proof uploads to inactive requests. (Case # 00011505)

  • Fixed an issue in the Evaluations module where issues assigned to a group were not visible to group members within the evaluation's Related Issues tab. (Case # 00011508)

  • Fixed an issue in the Hypersync for Tenable Export Vulnerabilities proof type where existing active exports in the source system prevented Hyperproof from successfully collecting new proof. (Case # 00011615)

  • Fixed an issue in the task activity feed where the user list would not populate if more than two letters were typed during an @mention. (Case # 00011530)

  • Fixed an issue where exporting and downloading audit proof in Google Chrome failed to complete, preventing users from accessing their files directly within the application. (Case # 00011621)

  • Fixed an issue in the ServiceNow task integration where certain file types, such as .msg and .md, were incorrectly converted to .bin files during transfer to Hyperproof. (Case # 00011634)

  • Fixed an issue where labels listed on the Controls > Labels tab were appearing twice on scoped controls when hierarchical scopes were enabled. (Case # 00011735)

  • Fixed an issue in the Controls tab for a Program where the Expand Scopes checkbox incorrectly showed zero controls and a "This program needs some controls" message despite existing scope assignments. (Case # 00011737, 00011820)

  • Fixed an issue in the Hypersync for Okta where rate-limiting errors occurred when attempting to sync proof files. (Case # 00011095)

  • Fixed an issue where some users' IP addresses were blocked, and an RBAC: access denied error was generated when trying to log into Hyperproof. Note: If you encounter this error, contact Hyperproof Support to have your IP address removed from Hyperproof's block list. This list is in place to guard against IP addresses that may have been used for malicious activity before being recycled and assigned to you. (Case # 00011786, 00011787, 00011789)

  • Fixed an issue where Word and Excel proof items could not be previewed within Hyperproof, requiring users to download the files to view them. (Case # 00011803, 00011808)

  • Fixed an issue across the platform where activity feeds would flicker and fail to load historical entries, preventing users from scrolling through their activity history. (Case # 00011859)

  • Fixed an issue in the Vendor module where attempting to access the Vendor tab resulted in an unexpected error page. (Case # 00011850)

  • Fixed an issue in the Microsoft Teams integration where an expired authentication secret prevented organizations in Hyperproof EU from receiving notifications. (Case # 00011852)

  • Reusing topic #UUID-c562610c-ad5f-484f-478e-94663399c420

In this section: