New year, new features!
Each year brings a new list of new year’s resolutions - you know, that list of fake promises you make to yourself, like giving up chocolate, exercising more, or finally sorting through that closet no one’s allowed to open due to the embarrassing avalanche that would ensue (we’re looking at you Monica Geller!) - the list you create on January 1st and shamefully abandon two weeks later (ok, 2 days later - don’t blame us, blame the chocolate).
Well, you’re not alone, we’ve got that dreaded list too - but, while most people follow the “diet starts Monday” approach, (i.e., continuously pushing the resolution start date to any arbitrary time in the future, as long as it’s not today) CyberSaint prefers to take more of a “grab the bull by the horns” approach. (Fine, we’re not THAT evolved… but we do find it oddly satisfying to create to-do lists and cross things off, so we’re sticking to the dates on our resolution roadmap)
Keep reading below to see which resolutions we’ve crossed off so far.
Featured Updates:
- Risk Register
- Renaming Dashboards
- Deleting Dashboards
- Detailed Adversarial Risk Fields
- Crosswalking
- Links to Original Framework
- User Management
- Control Completion Status Filter
- User Control Details
- Control Views
- Questions List
- Customer Experience
- Assessment Name Reusability
- Policy Templates Tab
- Governance Dashboard Colors
Risk Register
Renaming Dashboards
What’s in a name? Everything has a name, but sometimes your first choice isn’t always the best choice. If Kanye can rename himself Ye, why can’t you rename your risk register dashboard? Good news - now, you can!
As an Administrator, you can now modify the name of a risk register dashboard after it has been created.
To rename an existing dashboard, please follow the guidance outlined below:
- Navigate to the Risk Register by clicking on the ‘Risk’ tab in the home navigation bar.
- Select the dashboard you wish to rename from the dropdown menu in the top left corner of the page. You can also type the name of the dashboard into the dropdown menu to search for the desired dashboard.
- Click the pencil icon to the right of the dropdown menu.
- Type the desired name of the dashboard in the ‘Name’ field of the pop-up window.
- Click the blue ‘Update’ button in the bottom right corner of the pop-up window to submit your edits.
Deleting Dashboards
Out with the old, in with the new! No longer using a certain dashboard or accidentally created a new dashboard by mistake? No problem! Clear the clutter by deleting unwanted dashboards.
To rename an existing dashboard, please follow the guidance outlined below:
- Navigate to the Risk Register by clicking on the ‘Risk’ tab in the home navigation bar.
- Select the dashboard you wish to delete from the dropdown menu in the top left corner of the page. You can also type the name of the dashboard into the dropdown menu to search for the desired dashboard.
- Click the trashcan icon to the right of the dropdown menu. * Note: The trashcan icon will only be visible for dashboards with no associated risks. Dashboards with populated risks cannot be deleted. To delete a dashboard with risks, the risks must be deleted first.
- Click the blue ‘Yes, delete it’ button in the bottom right corner of the pop-up prompt to confirm the deletion.
* To delete a risk, click the corresponding ‘Delete’ link in the ‘Actions’ column of the risk table.
Detailed Adversarial Risk Fields
Have you ever heard the phrase, “context is key?” Well, in the compliance world, context is a bit more than key, it’s everything. Risk quantification is hard enough on its own - factor in a lack of context (i.e., which controls have been implemented, which assets are at risk, what industry you’re operating in, how big your company is) and it becomes almost impossible to achieve accurate results.
We know how important it is to be able to defend your risk posture to leadership and explain how you arrived at the values you’ve chosen. To help your argument, we’ve created additional text fields within the risk configuration page of the risk register to allow you to add context around the likelihood of adverse impacts, level of impact, and the likelihood of initiation.
Note: These fields are currently only available for Adversarial Risks. The functionality will be extended to Non-Adversarial Risks in the near future.
There are two ways to edit the detail fields:
- Create a new Adversarial Risk
To create a new Adversarial Risk, navigate to the Risk tab using the guidance outlined above and then click the blue ‘Adversarial Risk’ button in the top right corner of the page.
- Edit an existing Adversarial Risk
To edit an existing Adversarial Risk, navigate to the Risk tab using the instructions outlined above. Then, click the corresponding ‘Edit’ link in the ‘Actions’ column of the risk table.
Once submitted, you can click the title of the risk within the main dashboard to access a summary view of the risk. The detailed fields for likelihood and impact will be present at the top of the page within the ‘Risk Details’ section.
Crosswalking
Links to Original Framework
Where did you come from, where did you go? Where did you come from Cotton-Eye Joe? Singing this song while you’re trying to figure out which controls contributed to the current score of the crosswalked control you’re currently viewing? No? Really? Just us? Hmmm - well, for the more inquiring minds, we’ve solved the mystery!
Now, when a new assessment is created via the crosswalking feature, a link back to the assessment it was created from is added to the new assessment.
If the current user has access to the assessment that was used to create the new one, they will see links on each control/control action that shows the controls and/or control actions from the original assessment that were used to populate the control/control action in the new framework.
The location of the crosswalking link within the UI varies based upon the view of your framework.
Action View Frameworks
For any control action in a crosswalked Action View framework, click the ‘Crosswalk’ tab to the right of the ‘Annotation/POAM’ tab to view the crosswalking links.
Control View Frameworks
For any control in a crosswalked Control View framework, scroll down to the ‘Crosswalk’ section on the right-hand side of the page above ‘Compliance Notes’ to view the crosswalking links.
Coming soon to a desktop near you: the ability to sync crosswalked assessment! In a future release, changes made to the original assessment can be cascaded downstream to any linked crosswalked assessments.
User Management
Control Completion Status Filter
Daily status calls with each team to assess which controls are in progress, past due, or completed? Bless your heart. Ain’t nobody got time for that! To make the lives of project managers easier, we’ve added a new filter to the Manage Users page. Now, you can filter the list of users by ‘Control Completion Status’ so you can quickly determine which users you need to remind to get their work done and which users you need to scold for not sticking to their deadlines.
To leverage the ‘Control Completion Status’ filter, follow the instructions outlined below:
- Navigate to the ‘Manage Users’ page by clicking on the dropdown arrow of the ‘Administration’ tab in the home navigation bar and selecting ‘Users’.
- Select the status you want to filter by from the ‘Control Completion Status’ dropdown menu at the top center of the Users table. Note: Only one status can be selected in this field at a time.
- Click the blue ‘Search’ button above the ‘User’ column of the Users table to apply the filter to the table.
User Control Details
Users can see all the controls they’ve been assigned within the ‘My Controls’ page, but what if you need to see all the controls assigned to someone that’s not you? There’s a tab for that! Now, when you click on a user’s name within the ‘Manage Users’ page, you’ll see a list of the controls they’ve been assigned below the summary of their account details.
This table and the associated filters will help you keep track of what each user has on their plate and how they are progressing in filling out their assigned controls.
Within detailed user page, you can filter the list of controls they’ve been assigned by:
- Name of the control
- Assessment
- Workflow State
Control Views
Questions List
Time is money. Literally. When auditors and consultants are charging you by the hour, you want to be paying them for actual analysis, not mouse clicks and page turns. Or maybe, you are the auditor/consultant and you’re juggling 5 projects at once - again, the last thing you want taking up your time while planning or executing an interview is extra mouse clicks and page turns.
With our new Questions List view under the Controls tab of an assessment, you can now view all control actions, grouped by parent control, on a single page!
If you’re the assessor, fret not. We’ve got something in the works for you! The ability to score controls and add evidence within the Questions List view will be available in the near future.
Customer Experience
Assessment Name Reusability
Why is it so easy to forget someone’s name two seconds after they’ve introduced themselves, but CyberStrong still remembers the name of that assessment you deleted? It doesn’t…anymore! We’ve taken a page from Donnie Brasco’s book and told the database to, “Forget about it!” Now, when you delete an assessment, you can create a new assessment using the name of the deleted assessment.
Note: Assessment names must still be unique for existing assessments within an environment.
Forgetting isn’t something we ever choose to do. If it was, we’d never misplace our keys, and husbands around the world would have a million less reasons to ask their wives to help them find that thing they lost (ya know, the one hiding in plain sight). Databases don’t choose to forget either, so when you tell the platform to delete an assessment, it’s going to say, “Are you sure? Are you really, really sure?” To confirm you want the system to delete an assessment after clicking the delete icon, you’ll be prompted to provide the name of the assessment you wish to delete in a pop-up window. Type the name of the assessment as it appears on the page and then, click the red ‘Yes, delete it.’ button at the bottom of the pop-up.
Policy Templates Tab
We’ve moved! We would have sent a card, but digital’s the new paper.
Previously, policy templates could be found at the bottom of the Supporting Evidence tab for a particular control. Now, they can be found within their own tab to the right of the Outcomes tab. We’ve also transitioned from using StrongBase policies to CIS-based policies.
Within the ‘Policy Templates’ tab, the new policy templates are organized according to the NIST CSF and are searchable via the search field at the top of the list.
To expand the list, you can click the blue ‘Expand All’ link at the top of the list or click the carrot of the specific control family you wish to expand.
Governance Dashboard Colors
Can you paint with all the colors of the wind? Why yes, Pocahontas, we can!
Minor updates have been made to the colors of the radar charts within the Governance Dashboards to make it easier for users to distinguish metrics for different dates when using the compare feature to show compliance posture for two different dates in time.
That's all for this round of updates! Subscribe to our blog to keep up on the newest features and product improvements!
