MyCSF User Group May 20, 2019
Moderators:
Michael Frederick: Vice President, Operations
Wade Hansford: Senior Product Specialist, MyCSF
James Nutkis : Manager, MyCSF Project and Development
Dennis Palmer: Director, Information Security
2 © 2019 HITRUST
Today’s Topics and Discussions
Agenda
3 © 2019 HITRUST
User Group Topics
• Roadmap
– Continuous Monitoring
– Customized Assessments
– Tailorable Roles
– LDAP/AD Integration
– Centralized CAP Repository
– Embedded Dashboards
– Chatting and Tagging
• Survey for Enhancements
• UI Reveal
• Q & A
4 © 2019 HITRUST
Ground Rules
• Purposefully interactive
– Intended to be engaging enabling you to dictate the discussions.
– Please raise your hand and we’ll get to you.
• Mutually beneficial for you as well as us.
– We will take all feedback from this session and use to shape and prioritize future enhancements to MyCSF.
• Feel free to come and go
– If there’s a topic that isn’t of interest to you, we will be not be distracted by those that step out.
– Be respectful of others in the room if you do.
5 © 2019 HITRUST
Roadmap and Feedback
• We currently have over 100 things documented in the backlog. Every
two weeks, these items are evaluated by our Steering Committee.
• Ideas originating from users are weighted most heavily in the
selection process
• How do I submit Feedback?
– Use the “Help” tab on every MyCSF page
– Emailing [email protected]
6 © 2019 HITRUST
Roadmap – Continuous Monitoring
• Functionality that facilitates a persistent review of an Assessment to enable a current outlook of an environment’s risk stature.
– Review intervals are based upon the measurement requirements of the HITRUST CSF.
• Promotes a more insightful outlook of HITRUST CSF compliance over-time.
• Why do it?
– Better visibility into your Organization’s continued security practices
7 © 2019 HITRUST
Roadmap – Customized Assessments
• Capability for a User to generate an Assessment by picking from the
Assessment Statements predefined in our Library.
• Integration with the HITRUST Assessment Xchange (HAX) to
disperse these Questionnaires to your Vendors leveraging a managed
service.
• Why do it?
– Permit Organizations the flexibility to craft their own Assessments that
differ from the options presented today.
8 © 2019 HITRUST
Roadmap – Tailorable Roles
• Feature that permits Account Administrators to define and manage their own permission sets for their Organization. These roles would be modifiable not only for Assessment Administration but also Subscription Administration.
• Allows Admins to have total autonomy over their entity’s Access Control
• Why do it?
– Provide a more customizable solution for each Organization
9 © 2019 HITRUST
Roadmap – LDAP/AD Authentication
• Mechanism for Organizations to link-up their internal Directory System
with the HITRUST Portal and utilize its credentialing process.
• Gives Accounts a means for managing their user population by
interfacing with external technologies.
• Why do it?
– Integration of proprietary Single-Sign-On (SSO) solutions or other
platforms where user data is managed.
10 © 2019 HITRUST
Roadmap - Centralized CAP Repository
• Feature that permits Subscribers to define and maintain a list of Corrective Actions at the Organizational Level.
• The CAPs could then be associated to individual Assessment Statements as to minimize redundancies of these mitigation steps prevalent across multiple Assessments.
• Why do it?
– Ability to manage all CAPs from a dedicated space
– Document other CAPs that aren’t related to a HITRUST Assessment
11 © 2019 HITRUST
Roadmap – Embedded Dashboards
• Redesign to the existing “Analytics” functionality that will merge the
existing charts into the Assessment component of MyCSF.
• Organization-wide charting would still be available
• Why do it?
– Improved Navigation as an Assessment’s dashboards would be
integrated directly into an Assessment Object.
12 © 2019 HITRUST
Roadmap – Chatting and Tagging
• Repurpose the “Diary” functionality and create a section within an
Assessment Statement that allows for commentary.
• Ability to tag individuals with the Chat causing an alert to be sent to
that individual with whatever message was directed at them.
• Why do it?
– More useful than existing feature for logging notes and alerting
respondents
13 © 2019 HITRUST
Roadmap Survey
• Please raise your hand if you would find the following beneficial:
– Continuous Monitoring
– Customized Assessments
– Tailorable Roles
– LDAP/AD Integration
– Centralized CAP Repository
– Embedded Dashboards
– Chatting and Tagging
14 © 2019 HITRUST
UI/UX Improvement Initiative
• Currently working with a leading UI/UX firm to enhance the user-
interface as well as dissect high usage features and offer workflow
improvements.
• Initially, we will address the UI before we move onto any workflow or
feature analysis
• Start incorporating UI fixes in July
15 © 2019 HITRUST
UI/UX Improvement Initiative – HITRUST Portal Login
16 © 2019 HITRUST
UI/UX Improvement Initiative – HITRUST Portal Landing
Option #1
19 © 2019 HITRUST
UI/UX Improvement Initiative – Homepage
20 © 2019 HITRUST
UI/UX Improvement Initiative – Factors
21 © 2019 HITRUST
UI/UX Improvement Initiative – Assessment
22 © 2019 HITRUST
UI/UX Improvement Initiative – Domain
23 © 2019 HITRUST
UI/UX Improvement Initiative – Documents
24 © 2019 HITRUST
UI/UX Improvement Initiative – Variant 2
25 © 2019 HITRUST
UI/UX Improvement Initiative – Variant 3
26 © 2019 HITRUST
Q & A
• What questions do you have?
27 © 2019 HITRUST
Visit www.HITRUSTAlliance.net for more information
To view our latest documents, visit the Content Spotlight