Search
Related topics are listed below.
External Inheritance
Inheritance » External Inheritance
External Inheritance allows users to “inherit” assessment results that are shared by the same or different organizational entity. Access and use of external inheritance is subject to the following requirements and available functionality: The owner of the…
How To Delete External Inheritance Requests
Inheritance » External Inheritance » Inheritance Requestors » How To Delete External Inheritance Requests
Follow the same steps in 8.1.3 for deleting internal inheritance requests. 1. Locate the Inheritance Request in the Inheritance modal, then click on the trash can icon to delete. 2. Confirm the removed. 3. The request has been deleted.
How To Apply Approved External Inheritance Requests
Inheritance » External Inheritance » Inheritance Requestors » How To Apply Approved External Inheritance Requests
1. From anywhere within the Assessment view, go to the ‘Inheritance’ request page by clicking on the ‘Inheritance’ link located on the left-hand side panel after the ‘Documents’ section. 2. From the ‘Inheritance’ request page, click on the…
Submitting External Assessor Reverted Controls Back to the External Assessor
Assessment Questionnaire » Submitting an Assessment » Submitting External Assessor Reverted Controls Back to the External Assessor
When an External Assessor reverts an Assessment Statement back to their client, the returned Assessment Statement will display a “Response Needed for External Assessor” status. To address these Assessment Statements, you as the client will need to do the…
How To Create External Inheritance Requests by Requirement
Inheritance » External Inheritance » Inheritance Requestors » How To Create External Inheritance Requests by Requirement
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button to open the Inheritance Modal window. 2. From the ‘Requests’ tab within the Inheritance Modal, select ‘External’ from the drop-down for the…
How To Submit External Inheritance Requests for Approval
Inheritance » External Inheritance » Inheritance Requestors » How To Submit External Inheritance Requests for Approval
1. From anywhere within the Assessment view, go to the ‘Inheritance’ request page by clicking on the ‘Inheritance’ link located on the left-hand side panel after the ‘Documents’ section. 2. From the ‘Inheritance’ request page, click on the…
Inheritance
Inheritance
Inheritance is a feature within MyCSF that allows maturity level scores associated with specific requirements to be transferred, or “inherited”, from previously scored assessment objects. Maturity scores that originated from an “inheritable” assessment…
How To Request Inheritance Using the Offline Assessment Template
Inheritance » External Inheritance » Inheritance Requestors » How To Request Inheritance Using the Offline Assessment Template
To create inheritance requests using the offline assessment, first generate the offline assessment worksheet using the process outlined in the Creating an Offline Assessment section of the User Guide. Locate and click the “Inheritance” tab in the Offline…
Internal Inheritance
Inheritance » Internal Inheritance
Internal Inheritance allows users to “inherit” assessment results that are shared by the same internal organizational entity. Access and use of internal inheritance is subject to the following requirements and available functionality: The owner(s) of both the…
How To Delete Internal Inheritance Requests
Inheritance » Internal Inheritance » How To Delete Internal Inheritance Requests
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button to open the Inheritance Modal. 2. Within the Inheritance Modal, go the ‘Requests’ tab and select ‘Internal’ from the drop-down. 3. Click…
How To Create/Apply Internal Inheritance Requests
Inheritance » Internal Inheritance » How To Create/Apply Internal Inheritance Requests
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button (yellow underline) to open the Inheritance window. 2. From the ‘Requests’ tab within the Inheritance window, select ‘Internal’ from the…
Submitting an Assessment
Assessment Questionnaire » Submitting an Assessment
Whether submitting a Self-Assessment or a Validated Assessment by your assessor organization, the Assessment Questionnaire can be submitted either by each fully completed domain (Validated only) or by completing the entire Assessment (Self-Assessment/Validated…
Offline Assessment – Inheritance
Assessment Questionnaire » Completing an Assessment » Offline Assessment – Inheritance
The Offline Assessment feature may be used to populate inheritance requests. For more information refer to the following link: How to Request Inheritance using the Offline Assessment Template
External Reports
Analytics » Reports » External Reports
These reports are available for subscribers to view their MyCSF Scoping Information as well as Documents, CAPs entered, Maturity Scores, and the state of your Assessment in the ‘QA Progress Report’. Internal Reports After authenticating through the…
How To Use the Kanban View To Track Inheritance Requests
Inheritance » External Inheritance » Inheritance Requestors » How To Use the Kanban View To Track Inheritance Requests
The Kanban reporting view can be used to confirm the submitted inheritance requests. Find the Kanban board by: 1. Clicking the Views option in MyCSF and selecting the Kanban View. 2. Then filter for the assessment object name. Hovering over the assessment tile…
Request a Revision for an Issued Report
Reports » r2 and i1 Assessments » Request a Revision for an Issued Report
If you have discovered a spelling error or any type of inaccuracy in your ‘Draft Report’, you can request a revision by pressing the ‘Request Revision’ button. You will be able to place your comment in a text box that you can send to the HITRUST Assurance…
Adding CAPs to a Statement
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment » Adding CAPs to a Statement
For Statements that have been identified as a Gap or as requiring a Corrective Action, CAPs can be added directly from an Assessment Domain. In order to do this, it does require the “Can Manage CAPs” permission to be set if you are not an Account Administrator.…
Linking CAPs to a Statement
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment » Linking CAPs to a Statement
For Statements that have been identified as a Gap or as requiring a Corrective Action, CAPs in your Repository can be linked directly from an Assessment Domain. In order to do this, it does require the “Can Manage CAPs” permission to be set if you are not an…
Logging in to the HITRUST Portal
HITRUST Portal » Logging in to the HITRUST Portal
Follow the steps below on how to login to the HITRUST Portal: Using an Internet Browser, go to the web address https://portal.mycsf.net. A page will load that requires you to enter your Email Address and Password. Once entered, click the ‘Login’…
Submit a Domain to an Assessor
Assessment Questionnaire » Submitting an Assessment » Submit a Domain to an Assessor
When you are ready to submit your domain to your assessor for validation, press the link located in the green banner above the Assessment Statements for the Domain that you’ve finished. This link will not become available until all of the Assessment Statements have…
How to Publish (Enable) Assessment Inheritability
Inheritance » External Inheritance » Inheritance Providers » How to Publish (Enable) Assessment Inheritability
From the ‘Name & Security’ pre-assessment page, check the box next to “Published” and click Confirm when prompted to agree to the Inheritance User Terms and Conditions. A published assessment will show a banner icon with a hover-over tooltip next the…
How to Unpublish (Disable) Assessment Inheritability
Inheritance » External Inheritance » Inheritance Providers » How to Unpublish (Disable) Assessment Inheritability
From the ‘Name & Security’ pre-assessment page, uncheck the box next to “Published” and click Confirm when prompted. *Note: The system will automatically unpublish an assessment on its date of expiration—for the r2 Certification: the 2-year…
Applying to be an Internal Assessor
Internal Assessors » Applying to be an Internal Assessor
Internal Assessors are those personnel who facilitate the CSF Assessment process by performing in-house testing in advance of an External Assessor’s validated assessment fieldwork. Internal Assessors are part of an “Internal Assessment Function.” This function…
Assigning Internal Assessors to an Assessment
Internal Assessors » Assigning Internal Assessors to an Assessment
If an Internal Assessor Function has been chosen for an Assessment (Link to Enabling Internal Assessors On Your Assessment), the Subscriber People table will be augmented to include a new column that is reserved for Internal Assessors. Those that have been delegated…
How To View Internally-Inherited Assessment Scores
Inheritance » Internal Inheritance » How To View Internally-Inherited Assessment Scores
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button to open the Inheritance Modal. 2. Within the Inheritance Modal, click on the ‘Scoring’ tab. The first line shows the internal assessment from which…
How To View Externally-Inherited Assessment Scores
Inheritance » External Inheritance » Inheritance Requestors » How To View Externally-Inherited Assessment Scores
1. From the Assessment Domain, expand the requirement statement view and click on the ‘Inheritance’ button to open the Inheritance Modal. 2. Within the Inheritance Modal, click on the ‘Scoring’ tab. The first line shows the external assessment from which…
Adding a New Person to the Portal
Administration » Organization Consolidation » User Management » Adding a New Person to the Portal
Follow the instructions below to add a new person to your Portal Account: From the Portal Administration page, click the ‘Add Person’ button on the User Management table. From the modal, enter the ‘First Name’, ‘Last Name’, and ‘Email’. Click the…
Adding a User to an Assessment Domain
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding a User to an Assessment Domain
Assigning a User to an Assessment Domain is a beneficial tool to better manage resources and aggregate a collection of responses. From the Assessment Questionnaire, click on the Assessment Domain you wish to assign. From the Assessment Domain, click on the…
Assessment Questionnaire
Assessment Questionnaire
After completing the Scope of your Assessment, you can begin answering the questions that have been generated based on your scope. Topics range from: Completing an Assessment, Marking Not-Applicable, Assigning a User, CAP Management, Authoritative Sources, Assessment…
Enabling Internal Assessors On Your Assessment
Internal Assessors » Enabling Internal Assessors On Your Assessment
After your Internal Assessor application has been approved, the Name and Security page on your Organization’s Assessment will be altered to include a checkbox allowing you to mark your Assessment as having been tested by Internal Assessors. When selected, you will be…
Assessor Timesheet
Documents » Assessor Timesheet
Required for all Validated Assessments, assessor organizations must record all individuals that assisted with the submission of the assessment. External Assessor Time Sheet 1. On the sidebar, click the ‘Time Sheet’ label to be rushed to the Time Sheet page.…
HITRUST’s Criteria for Submission
Assessment Questionnaire » Submitting an Assessment » HITRUST’s Criteria for Submission
If you have completed all of the Assessments Statements in either your Self or Validated Assessment to HITRUST, please verify that the below is covered before submitting it. 1. Ensure that the following Required Documents have been uploaded with the correct dates as…
Reports
Reports
Reports issued against the HITRUST CSF are uploaded and shared within MyCSF. Follow the steps outlined in these topics for help downloading, approving, and requesting changes for a Report. From the MyCSF Homepage, click on the Assessment name of the report you…
r2 and i1 Assessments
Reports » r2 and i1 Assessments
Report creation and distribution for i1 and r2 assessments follow the same workflow in MyCSF: Downloading the Report Request a Revision for an Issued Report Approving a Draft Report
Completing your Internal Assessor Time Sheet
Internal Assessors » Completing your Internal Assessor Time Sheet
Like External Assessors, Internal Assessors are obligated to document both the individuals who performed Internal Assessor duties on the Assessment as well as the hours they each committed. On the sidebar, click the ‘Internal Assessor Time Sheet’ label to be…
Internal Assessors
Internal Assessors
Organizations, that are capable of demonstrating proficiency within their Internal Audit departments, are permitted to test their own Requirement Statements and enable their External Assessor to rely on the results. Click here to learn more. Sub-topics Applying to…
Uploading Evidence
Documents » Uploading Evidence
Upload a piece of evidence you believe will aid you in your assessment. The documents you provide will help support the ‘Assessor’ on why certain Maturity Value selections were made. From the MyCSF Homepage, click on the Assessment name you would like to…
Reports
Analytics » Reports
Find your Internal and External Reports housed under the ‘Reports’ section of the ‘Analytics’ portion of ‘MyCSF’. Reports After authenticating through the MyCSF Portal, click on ‘Analytics’ in the top Menu bar. Once…
MyCSF Compliance and Reporting Packs
Analytics » MyCSF Compliance and Reporting Packs
MyCSF Compliance and Reporting Pack for HIPAA Step 1: Create a readiness, validated, or targeted assessment using v9.5.0 or later which includes the HIPAA breach notification rule and/or HIPAA security rule. Step 2: Go to Analytics > Compliance Packs > Select…
Library Retention
Pre-Assessment » Scoping an Assessment » Library Retention
The Library Retention feature provides visibility into specific changes associated with HITRUST CSF version updates, and allows users to apply those changes to assessment objects created under previous versions of the framework. To begin the update process, open an…
Making a Reservation
Reservations » Making a Reservation
Reservations allow you to have more awareness into when your validated assessment will be reviewed by the HITRUST Quality Assurance team. You can set one up seamlessly within your assessment. From the MyCSF Homepage, click on the i1 or r2 validated assessment for…
Linking Statements and Documents
Assessment Questionnaire » Completing an Assessment » Creating an Offline Assessment » Linking Statements and Documents
If you have documents in your Document Repository and/or have added new documents in the excel spreadsheet, you have the ability to link them to your Assessment Statements. *Please note that Account Admins, Assessment Leads, and Assessors can do the below. 1. From…
Factors
Pre-Assessment » Scoping an Assessment » Factors
The inputs on the Factors tab are used to measure the risk inherent to your environment. The information provided within will be used to narrow down the list of assessment statements for your questionnaire. General Factors – These factors are used to…
Scoping an Assessment
Pre-Assessment » Scoping an Assessment
The scope of the Assessment is the information about your organization that will be used to narrow down the most precise assessment for your compliance and security needs. Fields marked with red asterisks are mandatory. After authenticating through the HITRUST…
Assigning a User
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Assigning a User
Assigning a user to an Assessment Statement is a beneficial tool to better manage resources and aggregate a collection of responses. From the Assessment Domain, click on the Assessment Statement you wish to assign. Press the ‘Actions’ button and…
Administrating Organization Accounts
Administration » Organization Consolidation » Administrating Organization Accounts
A green “Admin” button has been added to the HITRUST application landing page (see Figure 1, top right corner). The administration function is only viewable to users with Administrator roles as determined by their Organization. Figure 1: Selecting the…
Metrics
Analytics » Dashboards » Metrics
The ‘Metrics’ section compiles industry data that is associated to your organization and reflects averages, standards, and patterns, to their security testing. Users can make quick comparisons on where their organization stands along with any discernment…
Creating and Importing Assessor Evaluation for an Offline Assessment
Assessment Questionnaire » Completing an Assessment » Creating and Importing Assessor Evaluation for an Offline Assessment
When a Validated Assessment has been submitted to an Assessor, you the Assessor has the ability to fill-out your evaluation outside of MyCSF using a spreadsheet and seamlessly import your evaluation back into the application. Follow the instructions below on Creating…
Recreating a Validated Assessment Object
Interim Assessment (r2 only) » Recreating a Validated Assessment Object
Once an Interim Assessment has been provisioned, please note that you will have to answer all the Pre-Assessment and Assessment Questionnaire identical to your CSF Certification. *If you still have access to the Original Certified Assessment Object, you do not need to…
Systems
Pre-Assessment » Scoping an Assessment » Systems
This is your catalog of systems that will be examined in your assessment. The ‘Selected Tab’ will show all of the systems that are to be assessed. The ‘Other Tab’ represents systems that have been applied to your organization previously but will not be…
Corrective Action Plans (CAPs) in Your Assessment
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment
Because CAPs can be linked to Statements within an Assessment, you may be interested in which CAPs have been associated collectively to an Assessment. This can be done by simply going to the Assessment (link to viewing an assessment) for which you wish to see the…
Answering Requirement Statements
Internal Assessors » Answering Requirement Statements
By Default, all Requirement Statements will be inherently owned by Management. If you wish to provide the scoring as an Internal Assessor, you can either designate individual Requirement Statements or entire Assessment Domains as having be addressed by an Internal…
Modifying CAPs
Corrective Action Plans (CAPs) » Modifying CAPs
For CAPs that have already been created, MyCSF allows you to easily make changes to this CAP either to record progress or refine the information currently documented. From your CAP Repository page (link), you will see a table cataloging all of the CAPs belonging to…
Filters
Analytics » Dashboards » Filters
Use the Filters module to narrow down a search on specific Statements you may be looking for and the Assessments they may lie in. This includes filters such as Not Applicable, In Scope, Required for CSF Certification, Maturity Rating, and Gap Rating. Filters –…
View the Illustrative Procedures
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » View the Illustrative Procedures
r2 Assessment: Use the Illustrative Procedures to help clarify the necessary components to accurately score the statement. From the MyCSF Homepage, click the Assessment name you would like to view. From the Assessment Domain, click on the Assessment Statement of…
Facilities
Pre-Assessment » Scoping an Assessment » Facilities
This is your catalog of facilities that will be addressed in your assessment. The ‘Selected Tab’ will show all of the facilities that will be addressed. The ‘Other Tab’ represents systems that have been applied to your organization previously,…
Missed My Submission Date
Reservations » Rescheduling/Cancelling a Reservation » Missed My Submission Date
If the submission date that is defined for your reservation passes without your assessment having been previously submitted, your reservation will be automatically cancelled. You may be issued a cancellation fee if the submission date fell after the “Last day to…
Benchmarking
Analytics » Dashboards » Metrics » Benchmarking
This option enables a user to search through data that has been collected for relevant Validated Assessments to allow our users to do a quick comparison check against their industry standards. Metrics – The ‘Metrics’ section compiles industry data…
Library
Analytics » Dashboards » Library
Use the ‘Library’ to find all information associated with it, including a complete overview of the ‘Authoritative Sources’, ‘Control Categories’, and ‘Assessment Domains’. Library – The Library module is the…
Rescheduling/Cancelling a Reservation
Reservations » Rescheduling/Cancelling a Reservation
Once a reservation is made on your assessment, you are entitled to modify or cancel it. Follow the steps below to accomplish this. From the MyCSF Homepage, click on the i1 or r2 Validated Assessment for which you’d like to make a reservation. On the left-hand…
Downloading Evidence
Documents » Downloading Evidence
If you are looking to download evidence individually, follow the instructions below on Downloading Evidence. On the sidebar, click the ‘Documents’ icon to be redirected to the Assessment’s Document Repository. From the Document Repository, click the name of…
Approving a Draft Report
Reports » r2 and i1 Assessments » Approving a Draft Report
‘Draft Reports’ are automatically approved 30 days after posting. However, the reports can be manually approved prior to the 30 days, by selecting the ‘Approve HITRUST CSF Report’ button on the ‘CSF Reports’ section, HITRUST will then be notified to…
Viewing Notifications and Tasks
Homepage » Viewing Notifications and Tasks
Tasks can be assigned to anyone with access to MyCSF. Provision tasks to anyone that you may feel will be an asset to completing your Assessment. From the MyCSF Homepage, there is a ‘Your Notifications’ component positioned on the right-hand side of the view.…
Overriding a Potential Quality Issue
Assessment Questionnaire » Potential Quality Issues » Overriding a Potential Quality Issue
The analysis MyCSF runs to check for Potential Quality Issues may sometimes lead to false positives. Because of this, these occurrences can be overridden and excused from remediation. However, if a Potential Quality Issue is overridden, a detailed rationale must be…
Phone-Based Two-Factor Authentication Setup
HITRUST Portal » Configuring Two Factor Authentication » Phone-Based Two-Factor Authentication Setup
After successfully authenticating to the HITRUST Portal, you will be directed to the HITRUST Portal Landing page. Follow the steps below on how to properly configure SMS and Voice two factor authentication. From the HITRUST Portal, click the link “Setup how you…
Downloading Documents in Bulk
Documents » Downloading Evidence » Downloading Documents in Bulk
If you have a MyCSF Subscription, downloading documents in bulk is now available to do within an Assessment. Please follow the instructions below on how to bulk download documents within an Assessment. On the sidebar, click the ‘Documents’ icon to be…
Default Scoring Profile
Pre-Assessment » Scoping an Assessment » Default Scoring Profile
This option allows you to pre-score the maturity values for the Assessment. This is a desirable function for your organizations who have established trends within their Assessment. The Default Scoring Profile values defined will be applied to all Not Started…
Viewing an Assessment
Pre-Assessment » Creating a New Assessment » Viewing an Assessment
From the Hompage of MyCSF, you can view any Assessment that has been generated. To view an Assessment, please follow the steps below to access and view an Assessment within your MyCSF Account. From the Homepage, there is an ‘Assessments’ table that includes…
Performing an Interim Review Assessment
Interim Assessment (r2 only) » Performing an Interim Review Assessment
If you are coming up on your 1-year Anniversary of your CSF Certification, you will need to perform an Interim Assessment. The Interim Assessment is to ensure that the scope of your CSF Certification is still valid. From the Homepage, click on the Assessment with…
Uploading Documents in Bulk
Documents » Uploading Evidence » Uploading Documents in Bulk
If you have a MyCSF Subscription, uploading documents in bulk is now available to do within an Assessment. Please follow the instructions below on how to bulk upload documents within an Assessment. On the sidebar, click the ‘Documents’ icon to be redirected to…
Adding a Diary Entry
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding a Diary Entry
The Diary will enable you to enter comments on each of your Assessment Statements to communicate within your organization or assessor. 1. From the Assessment Domain, click on the Assessment Statement that you wish to input a Diary entry. 2. Click on the ‘Diary…
First Login and Authentication
HITRUST Portal » Logging in to the HITRUST Portal » First Login and Authentication
If this is your first-time logging into the HITRUST Portal, follow the steps below to locate and change the temporary password associated with your MyCSF Account. Locate the email with the subject line: “HITRUST Login Registration – Account Lead Created” from…
Unlinking CAPs
Corrective Action Plans (CAPs) » Unlinking CAPs
As your CAPs are to be designed to be associated with the Gaps present within your Assessments, MyCSF provides a simple way through the Repository to unlink a Plan from a Statement. From your CAP Repository page (link), you will see a table cataloging all of the…
Unlinking CAPs from a Statement
Assessment Questionnaire » Corrective Action Plans (CAPs) in Your Assessment » Unlinking CAPs from a Statement
CAPs that you no longer wish to have linked to a Statement can be removed from a Statement in a few clicks. On the Statement, press the “CAP” button to expand the CAP table. Select the CAP you want to have disassociated from the active Statement. Once…
Scorecards
Analytics » Dashboards » Metrics » Scorecards
Determine how your Statement results comply with your average maturity scores to any of the sections of our more popular standardizing bodies. Review your outcomes and compare it to one of the ‘Authoritative Source Sections’ given to discover how secure the…
CSF Library
Analytics » Dashboards » Library » CSF Library
The ‘CSF Library’ function will have facts related to the Control Categories and its respective subsections. Library – The Library module is the gateway to entering the ‘MyCSF Library’ to review the most current up to date version of…
Setting Assessment Statements as Not Applicable
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Setting Assessment Statements as Not Applicable
Assessment Statements may need to be marked as Not Applicable (N/A). If there are Assessment Statements that you feel you do not need to comply, check the N/A box within a statement. *You will be required to provide rationale in the comments. From the…
Name & Security
Pre-Assessment » Creating a New Assessment » Name & Security
The Name & Security page is where you will be able to see the administrative information pertaining to the Assessment. You can navigate to this page while filling out this assessment whenever you like. 1. After authenticating through the MyCSF Portal, click on your…
Manually Generating an Interim Assessment
Interim Assessment (r2 only) » Manually Generating an Interim Assessment
If you are coming up on your 1-year Anniversary of your CSF Certification and have a MyCSF Subscription, please note that your Interim Assessment will auto-generate 90 days prior to the Anniversary of the Certification Date of your Original Assessment. If you wish to…
Re-validating the Assessment
Interim Assessment (r2 only) » Recreating a Validated Assessment Object » Re-validating the Assessment
As you would in any Validated Assessment, you as the Assessor will need to validate all of the Assessment Questions completed by your Client. You will have to ensure the maturity scores entered are identical to their Original CSF Certification. From the Homepage,…
Time-Based Two Factor Authentication Setup
HITRUST Portal » Configuring Two Factor Authentication » Time-Based Two Factor Authentication Setup
After successfully authenticating to the HITRUST Portal, you will be directed to the HITRUST Portal Landing page. Follow the steps below on how to properly configure time-based two factor authentication. From the HITRUST Portal, click the link “Setup how you want…
Deleting an Assessment
Pre-Assessment » Creating a New Assessment » Name & Security » Deleting an Assessment
Deleting an Assessment will be permanently removed from MyCSF. Only Account Admins and Assessment Leads have the privilege to delete an Assessment. The status of the Assessment must be ‘Not Started’ or ‘Answering Assessment’, as well as not submitted to the…
Answering an Assessment Statement
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement
There are many components to completing an assessment. This includes: Answering a Statement, Assigning a Respondent, Related Authoritative Sources, Risk Factors, History Assessment Log, Illustrative Procedures, Adding Documents, and CAP Management. r2 Assessment: …
Adding a Related Document
Assessment Questionnaire » Completing an Assessment » Answering an Assessment Statement » Adding a Related Document
If you wish to document evidence for an Assessment Statement, use the related documents functionality. You can either reference items previously uploaded or new items that are not yet in your Document repository. From the MyCSF Homepage, click the Assessment…
Configuring Two Factor Authentication
HITRUST Portal » Configuring Two Factor Authentication
The HITRUST Portal supports the use of SMTP, SMS, Phone Call, and Time-Based Authenticator Apps to receive the One Time Passcodes (OTP) necessary to finish the log-in process. By default, all accounts are automatically provisioned with the SMTP option active. If you…
Creating a Custom Assessment Library
Homepage » Creating a Custom Assessment Library
Account Administrators are able to create and manage a Custom Assessment using the HITRUST CSF and its Authoritative Sources using HITRUST provided questions. Please follow the steps below on how to create a customized Assessment Library. From the MyCSF Homepage,…
Managing Your CAP Repository’s Access
Corrective Action Plans (CAPs) » Managing Your CAP Repository’s Access
By Default, only Account Administrators are permitted to both view and edit an Organization’s CAP Repository as well as add/link CAPs to an Assessment. However, an Account Administrator can delegate these privileges to Standard Users within their entity in a few…
11.1.1. Downloading the Report
Reports » r2 and i1 Assessments » 11.1.1. Downloading the Report
Once your HITRUST CSF Report is available for download, you will receive an automated notification from HITRUST, like the one below. Your report will be available in the draft state for 30 days to allow you ample time for review. Follow the steps below to download…
Authoritative Sources
Analytics » Dashboards » Library » Authoritative Sources
Here in ‘Authoritative Sources’, find the entire listing of any governance and regulatory bodies that could be included in your Assessment and each of the sections per Source. Library – The Library module is the gateway to entering the…
Attaching the Management Representation Letter
Documents » Attaching the Management Representation Letter
Every Assessment submitted to HITRUST must include a Management Representation Letter executed on your Organization’s Letterhead, signed by the appropriate level of management overseeing the Assessment, and dated the last day of testing. 1. On the sidebar, click the…
Attaching Test Plans
Documents » Attaching Test Plans
Mandatory after April 1, 2019 for all Validated Assessments, thorough Test Plans must be submitted to meet the HITRUST Requirements covering the testing of all required controls. Test plans should document with signatures, the Engagement Executive, QA Resource, and…
Creating CAPs
Corrective Action Plans (CAPs) » Creating CAPs
There are two ways a CAP can be added to your Organization’s Repository: Either as a result of defining them within one of your Assessments or by adding them directly into the Repository. This topic will cover the latter. From your CAP Repository page (link), you…
Edit Existing User in the Portal
Administration » Organization Consolidation » User Management » Edit Existing User in the Portal
Follow the instructions below to edit an existing user in your Portal Account: From the User Management table, click the edit icon adjacent to the user’s name. From the modal, you will have the option to edit the user’s first name, last name, role, toggle…
Managing your Documents
Assessment Questionnaire » Completing an Assessment » Creating an Offline Assessment » Managing your Documents
All of the documents that exist in your Assessments Document Repository will be listed in the excel spreadsheet. You will have the ability to manage existing documents as well as adding new documents (without an attachment) in your Repository. !Please note that when…
Viewing Potential Quality Issues
Assessment Questionnaire » Potential Quality Issues » Viewing Potential Quality Issues
There are two ways within MyCSF to view the Potential Quality Issues raised within your Assessment. The first manner is observing them on a Statement while inside an Assessment Domain. The second option is to view all of the Potential Quality Issues in a consolidated…
HITRUST Portal
HITRUST Portal
This topic will instruct you on how to properly login to the HITRUST Portal, setup and manage Two Factor Authentication, change and/or reset a Password, and access the MyCSF and/or Assessment XCHANGE Application(s). HITRUST Portal Sub-Topics Logging in to the…
Attaching the Organizational Overview and Scope
Documents » Attaching the Organizational Overview and Scope
Uploading the details on the ‘Scope of Your Assessment’ along with the information regarding your ‘Company Profile’ can be placed here. 1. On the sidebar, click the ‘Organizational Overview & Scope label to be rushed to the Organizational Overview & Scope…
Attaching the QA Checklist
Documents » Attaching the QA Checklist
The HITRUST CSF Assessor Quality Checklist is a required Document that must be signed by the Engagement Executive and Assessor QA Resource for all Validated Assessments. 1. On the sidebar, click the ‘QA Checklist’ label to be rushed to the QA Checklist page.…