April Product Update
- Navigate to the ‘Administration’ tab within the home navigation bar and select ‘Assessments’ from the dropdown menu.
- Navigate to the assessment whose metadata you wish to edit and click the ‘Edit Assessment’ button with the pencil icon within the Actions column.
- Edit the metadata field as appropriate and then click the blue ‘Update Assessment’ button in the bottom left corner of the page to submit your changes.
Once you click ‘Update Assessment’, you will be taken back to the Manage Assessments page. To see the results of your changes, click the name of the assessment you just edited to navigate to the Assessment Dashboard.
Note: If you are crosswalking from a framework that has metadata, the metadata will not carry over to the new assessment. If you are crosswalking from a framework that does not have metadata to a framework that does have metadata, you will be prompted to populate the metadata fields on the final step of the crosswalking process.
Document Storage Location
Struggling with users not knowing where to put their evidence or each user putting it somewhere different? Easter egg hunts are fun (especially when you’ve got a relative that hides $20 bills), but if you’re anything like my family, you also know the pain of searching for that last egg that mom swears is out there, but she can’t remember where she put it and no one can find it.
When it comes to your risk assessments, the stakes are typically a bit higher than a $20 bill, so to make your life easier, we’ve created a map for your hunt! Now, when creating an assessment, Administrators and Managers can designate where they want users to store their evidence. This location will appear as a URL at the top of the evidence tab for each control and will take users directly to the designated evidence repository when clicked. Not rotten eggs hidden in trees this year!
To designate a Document Storage Location, follow the guidance outlined below:
- Navigate to the ‘Assessments’ tab in the home navigation bar.
- Click the blue ‘Create Assessment’ button in the top right corner of the page.
- Populate the fields on the ‘Create Assessment’ page. For the ‘Document Storage Location’ field, provide the URL of the storage location where you would like users to add their evidence.
Note: The URL provided must be a valid URL beginning with “https://”. If it does not, the following error will be displayed.
- Click the blue ‘Create Assessment’ button in the bottom left corner of the page.
Once you have created the assessment, you will be taken to the Assessment Dashboard. To view the Document Storage Location, follow the guidance outlined below:
- Navigate to the ‘Controls’ tab within the assessment.
- Click the name of a control to navigate to the control’s Score tab.
- Navigate to the control’s ‘Supporting Evidence’ tab.
The link labeled ‘here’ in step #1 will navigate users to the designated Document Storage Location when clicked.
To log evidence stored within the designated Document Storage Location within CyberStrong, follow the guidance outlined below:
- Click the link labeled ‘here’ in step #2.
- Provide a URL and a description for the evidence, then click the blue ‘Save’ button in the bottom right corner of the popup window to submit your entries.
Control Views
Evidence on Questions List
Audits are a lot like divorces. They’re long, painful, and expensive. If you want to keep your house, you can’t really skip steps. But what if you could expedite the steps? Loophole!
Unfortunately, there’s no easy button for divorces (add that to Staples’ to-do list), but there is a fast pass for audits! Cue the Questions List. Say goodbye to obnoxiously high hourly rates from auditors with our latest enhancements to the Questions List. With the addition of evidence to the Questions List, auditors and the like can get in and get out with minimal button clicks and page turns. For each control, users can now see underlying control actions, their current scores and target scores, annotations, and relevant linked evidence all on one page!
To view evidence within the Questions List, follow the outlined guidance below:
- Navigate to the ‘Assessments’ tab within the home navigation bar.
- Click the name of the assessment whose Question List you’d like to view.
- Navigate to the ‘Controls’ tab within the assessment dashboard.
- Click ‘Questions List’ at the top right corner of the controls list.
- Navigate to the control you’d like to review and click the ‘Evidence’ tab.
Within the evidence tab, you will be able to see the following for each piece of evidence associated with a control:
- Location
- Description
- Added By
- Date Added
To review the artifact itself, click the link under the Location field to navigate to where the evidence is locally stored.
CSF Control List Filter
If you’re like us, the NIST CSF is your bread and butter. Those who know it, know it like the back of their hands. It’s one of the more versatile standards in the market; however, it’s not the only standard, and depending on your needs, there may be a framework out there that better fits the bill. When this happens, it can still be helpful to view the other framework through the lens of the CSF to better conceptualize the controls you’re working with. For this reason, we’ve made the controls list filterable by the CSF functions, categories, and subcategories.
To filter the controls list by the Cybersecurity Framework, follow the guidance outlined below:
- Navigate to the ‘Assessments’ tab within the home navigation bar.
- Click the name of the assessment whose Question List you’d like to view.
- Navigate to the ‘Controls’ tab within the assessment dashboard.
- Select the function, category, or subcategory you’d like to filter by from the Cybersecurity Framework dropdown field on the left-hand side of the page.
Note: Only one selection can be made in this field at a time.
The functions and categories within the dropdown menu can be expanded and collapsed by clicking on the triangle to the left of the function/category name.
- Click the blue ‘Search’ button at the top left corner of the controls list to apply the selected filter.
My Controls Expandable View
So, you may be thinking, “ok, you made the lives of auditors and reviewers easier… big whoop. What about me – the actual end-user of the platform, the one in the system every day actually doing the work?”
Repeat after me, Dave Buznik. Goosfraba.
Rest assured, we’ve got a banana for that anger monkey.
Within the ‘My Controls’ tab, users can now add evidence and annotations directly to the controls / control actions assigned to them or that they’re collaborating on without having to navigate to another page. This allows users to quickly add responses across controls and assessments without getting bogged down in the other fields within a control’s Score tab – although that option still exists if in-the-weeds is more your style.
To add evidence and responses via the My Controls view, follow the guidance outlined below:
- Navigate to the ‘My Controls’ tab in the top right corner of the home navigation bar to access the list of controls assigned to you.
- Find the control you want to add evidence or an annotation to and click the + icon to the left of the control label.
Once expanded, you will see a link for adding new evidence, a list of the underlying controls actions for that control, and an open text Annotation / POAM field next to each control action.
- To add evidence to a control, click the blue ‘+ Add New Evidence’ link above the first question.
If your Manager or Administrator has designated a Document Storage Location for the assessment a control belongs to, additional guidance will appear (as shown below) to instruct users where to upload their evidence.
- Populate the Location and Name fields and then click the blue ‘+ Add Evidence’ button below the Name field to submit your entries.
Once submitted, the linked evidence will appear above the ‘+ Add New Evidence’ link within the My Controls tab, as well as on the Supporting Evidence tab if you were to click into the control.
- To add an Annotation / POAM, click where it says ‘Add Response’ within the open text ‘Annotation / POAM’ field, enter your response, format it as appropriate, and then click the blue “Save” button below the field.
Once saved, your response will also appear on the Score tab of the control.
- Navigate to the ‘Administration’ tab within the home navigation bar and select ‘Assessments’ from the dropdown menu.
- Navigate to the assessment whose metadata you wish to edit and click the ‘Edit Assessment’ button with the pencil icon within the Actions column.
- Edit the metadata field as appropriate and then click the blue ‘Update Assessment’ button in the bottom left corner of the page to submit your changes.
Once you click ‘Update Assessment’, you will be taken back to the Manage Assessments page. To see the results of your changes, click the name of the assessment you just edited to navigate to the Assessment Dashboard.
Note: If you are crosswalking from a framework that has metadata, the metadata will not carry over to the new assessment. If you are crosswalking from a framework that does not have metadata to a framework that does have metadata, you will be prompted to populate the metadata fields on the final step of the crosswalking process.
Document Storage Location
Struggling with users not knowing where to put their evidence or each user putting it somewhere different? Easter egg hunts are fun (especially when you’ve got a relative that hides $20 bills), but if you’re anything like my family, you also know the pain of searching for that last egg that mom swears is out there, but she can’t remember where she put it and no one can find it.
When it comes to your risk assessments, the stakes are typically a bit higher than a $20 bill, so to make your life easier, we’ve created a map for your hunt! Now, when creating an assessment, Administrators and Managers can designate where they want users to store their evidence. This location will appear as a URL at the top of the evidence tab for each control and will take users directly to the designated evidence repository when clicked. Not rotten eggs hidden in trees this year!
To designate a Document Storage Location, follow the guidance outlined below:
- Navigate to the ‘Assessments’ tab in the home navigation bar.
- Click the blue ‘Create Assessment’ button in the top right corner of the page.
- Populate the fields on the ‘Create Assessment’ page. For the ‘Document Storage Location’ field, provide the URL of the storage location where you would like users to add their evidence.
Note: The URL provided must be a valid URL beginning with “https://”. If it does not, the following error will be displayed.
- Click the blue ‘Create Assessment’ button in the bottom left corner of the page.
Once you have created the assessment, you will be taken to the Assessment Dashboard. To view the Document Storage Location, follow the guidance outlined below:
- Navigate to the ‘Controls’ tab within the assessment.
- Click the name of a control to navigate to the control’s Score tab.
- Navigate to the control’s ‘Supporting Evidence’ tab.
The link labeled ‘here’ in step #1 will navigate users to the designated Document Storage Location when clicked.
To log evidence stored within the designated Document Storage Location within CyberStrong, follow the guidance outlined below:
- Click the link labeled ‘here’ in step #2.
- Provide a URL and a description for the evidence, then click the blue ‘Save’ button in the bottom right corner of the popup window to submit your entries.
Control Views
Evidence on Questions List
Audits are a lot like divorces. They’re long, painful, and expensive. If you want to keep your house, you can’t really skip steps. But what if you could expedite the steps? Loophole!
Unfortunately, there’s no easy button for divorces (add that to Staples’ to-do list), but there is a fast pass for audits! Cue the Questions List. Say goodbye to obnoxiously high hourly rates from auditors with our latest enhancements to the Questions List. With the addition of evidence to the Questions List, auditors and the like can get in and get out with minimal button clicks and page turns. For each control, users can now see underlying control actions, their current scores and target scores, annotations, and relevant linked evidence all on one page!
To view evidence within the Questions List, follow the outlined guidance below:
- Navigate to the ‘Assessments’ tab within the home navigation bar.
- Click the name of the assessment whose Question List you’d like to view.
- Navigate to the ‘Controls’ tab within the assessment dashboard.
- Click ‘Questions List’ at the top right corner of the controls list.
- Navigate to the control you’d like to review and click the ‘Evidence’ tab.
Within the evidence tab, you will be able to see the following for each piece of evidence associated with a control:
- Location
- Description
- Added By
- Date Added
To review the artifact itself, click the link under the Location field to navigate to where the evidence is locally stored.
CSF Control List Filter
If you’re like us, the NIST CSF is your bread and butter. Those who know it, know it like the back of their hands. It’s one of the more versatile standards in the market; however, it’s not the only standard, and depending on your needs, there may be a framework out there that better fits the bill. When this happens, it can still be helpful to view the other framework through the lens of the CSF to better conceptualize the controls you’re working with. For this reason, we’ve made the controls list filterable by the CSF functions, categories, and subcategories.
To filter the controls list by the Cybersecurity Framework, follow the guidance outlined below:
- Navigate to the ‘Assessments’ tab within the home navigation bar.
- Click the name of the assessment whose Question List you’d like to view.
- Navigate to the ‘Controls’ tab within the assessment dashboard.
- Select the function, category, or subcategory you’d like to filter by from the Cybersecurity Framework dropdown field on the left-hand side of the page.
Note: Only one selection can be made in this field at a time.
The functions and categories within the dropdown menu can be expanded and collapsed by clicking on the triangle to the left of the function/category name.
- Click the blue ‘Search’ button at the top left corner of the controls list to apply the selected filter.
My Controls Expandable View
So, you may be thinking, “ok, you made the lives of auditors and reviewers easier… big whoop. What about me – the actual end-user of the platform, the one in the system every day actually doing the work?”
Repeat after me, Dave Buznik. Goosfraba.
Rest assured, we’ve got a banana for that anger monkey.
Within the ‘My Controls’ tab, users can now add evidence and annotations directly to the controls / control actions assigned to them or that they’re collaborating on without having to navigate to another page. This allows users to quickly add responses across controls and assessments without getting bogged down in the other fields within a control’s Score tab – although that option still exists if in-the-weeds is more your style.
To add evidence and responses via the My Controls view, follow the guidance outlined below:
- Navigate to the ‘My Controls’ tab in the top right corner of the home navigation bar to access the list of controls assigned to you.
- Find the control you want to add evidence or an annotation to and click the + icon to the left of the control label.
Once expanded, you will see a link for adding new evidence, a list of the underlying controls actions for that control, and an open text Annotation / POAM field next to each control action.
- To add evidence to a control, click the blue ‘+ Add New Evidence’ link above the first question.
If your Manager or Administrator has designated a Document Storage Location for the assessment a control belongs to, additional guidance will appear (as shown below) to instruct users where to upload their evidence.
- Populate the Location and Name fields and then click the blue ‘+ Add Evidence’ button below the Name field to submit your entries.
Once submitted, the linked evidence will appear above the ‘+ Add New Evidence’ link within the My Controls tab, as well as on the Supporting Evidence tab if you were to click into the control.
- To add an Annotation / POAM, click where it says ‘Add Response’ within the open text ‘Annotation / POAM’ field, enter your response, format it as appropriate, and then click the blue “Save” button below the field.
Once saved, your response will also appear on the Score tab of the control.
*** This is a Security Bloggers Network syndicated blog from CyberSaint Blog authored by CyberSaint Customer Success. Read the original post at: https://www.cybersaint.io/blog/april-2022-product-update