MyCSF User Guide. Prepared By: HITRUST Frisco Square Blvd. Suite 327. Frisco, Texas P: (469) F: (469)

Similar documents
The MyCSF Administrator s Tool Guide

Secure Transfer Site (STS) User Manual

Talent Connect User Guide

erequest How to apply guide

Partner Side SMART Guide

Hewlett Packard Enterprise Smart Quote

PCS-Tender. Supplier Response Guide

HITRUST CSF Updates: How v10 and MyCSF 2.0 Improve Your HITRUST Experience. Michael Frederick, HITRUST VP Operations Ken Vander Wal, HITRUST CCO

Daman isupplier Portal User Guide. Procurement

The Social Value Portal

Ferring Pharmaceuticals Inc. Educational Grant Applicant Working Guide

1. More about the Online Record Book (ORB)

HOW TO SUBMIT A TENDER/Quotation

Test Information and Distribution Engine

Gateway. User instructions for Co-ordinators September 2017 V3.0

erequest Frequently Asked Questions

Secure Data Portal Users Guide

HITRUST CSF Assurance Program HITRUST, Frisco, TX. All Rights Reserved.

SECURETexas Health Information Privacy & Security Certification Program

Online Record Book. Participant Web User Guide The Duke of Edinburgh s International Award Foundation. 30/08/2017 Version: 1.4

MAXIMUS Provider Billing Application v.3 Sign In and Forgot Password

Stroma Software 2016 v1.0 Tracker User Guide

Parent Portal User Guide

EHS RegTracker. User Guide. (800)

NQF ONLINE MEASURE SUBMISSION FORM USERS GUIDE

eprotocol Committee Manager & RCA Role Manual

eprotocol Committee Manager & RCA Role Manual

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

erequest Frequently Asked Questions

PowerTeacher Administrator User Guide. PowerTeacher Gradebook

Filing Forms Electronically COGCC Denver, CO

ELSEVIER REFERENCE MODULES EDITORIAL-PRODUCTION SYSTEM (EPS) AUTHOR GUIDE

TAS User Guide. 12 January Version 1.0

HITRUST CSF Roadmap for 2018 and Beyond HITRUST Alliance.

ipcr Web Training Manual

PATRON PORTAL LOG-IN GUIDE

Great Start to Quality STARS Quality Improvement Consultants User Manual STARS - Systematic Tiered Assessment and Rating Solution

ISUPPLIER PORTAL USER MANUAL ADERP VERSION 1.0

Terex Management System (TMS)

Welcome to the Vale Vendor Portal Guide

Connecticut Alternate Assessment System Training Required for Teachers Administering the Alternate

USER GUIDE FOR SUPPLIERS. OpusCapita Business Network

JITs Portal. User Manual

BBVA Compass Spend Net Payables

NCSR GENERAL USER GUIDE

Building Standards Department Markham eplan Applicant Handbook For Building Permits, Sign Permits and Zoning Preliminary Review

Online Record Book. Participant Web User Guide The Duke of Edinburgh s International Award Foundation. 02/04/2018 Version: 1.7

Locating and Responding to a Solicitation

People. Processes. Integrating Globally.

ONLINE RESULTS SHEETS. Teacher Online Results Sheets (ORS) Information Booklet

Fluor Procurement. RFx SmartSource. Bidder s Guide

Test Operations Management System

Model Approach to Efficient and Cost-Effective Third-Party Assurance

Regions OnePass USER GUIDE. It s time to expect more. Regions Bank Member FDIC Revised

User Guide. PartnerPortal Support at your Fingertips

How to Export a Report in Cognos Analytics

Table of Contents. 2 P a g e A I M Q U I C K R E F E R E N C E G U I D E

Online CDC service. HowTo guide for applicants

Online Record Book. Award Leader Web User Guide The Duke of Edinburgh s International Award Foundation. 02/04/2018 Version: 1.7

Frequently Asked Questions. What is the Certificate in Commercial Credit programme?

ATS Questionnaire Management Interface (QMI) School Administrator Manual

Applying for Jobs with Sharyland ISD

Introduction. Welcome to PeopleAdmin 7, the new and improved Online Employment System. This system allows applicants to:

MyFloridaMarketPlace. Sourcing and equote Training Vendors

Regions OnePassSM USER GUIDE. It s time to expect more. Regions Bank Member FDIC Revised

Supplier Response Guide. Access Supplier Portal to Review and Respond to Bid Opportunities

ADERP ISUPPLIER PORTAL USER MANUAL VERSION 1.2

page I Recipe for Success

Protocol Management System (PMS) Investigator User Guide. Harris Health System Administrative Approval

Respondent Help Guide

ACCESSING TIDE. Connecticut Comprehensive Assessment Program CSDE CONNECTICUT STATE DEPARTMENT OF EDUCATION

Purchasing Portal of RAI. Activation Guide to Supplier List

Provider Portal User Guide. For the Provider Portal External Use

1st Reviewer. Last Updated: March 31, 2015

KSU/SPSU Consolidation Projects Manager

Both of these paths will eventually lead you to the Welcome page starting on page 5.

ICON Laboratory Services, Inc. isite User Guide

Administrator Quick Guide

TransUnion Direct User Guide

e-services User Manual

UNDP etendering: User Guide for Bidders. January 2018

AvePoint Online Services for Partners 2

Competition and Travel Management System CTMS

CONTENTS 1) GENERAL. 1.1 About this guide About the CPD Scheme System Compatibility. 3 2) SYSTEM SET-UP

Logging in 3. Forgot Password 3. Registering An Account 4. Landing Page 4. Resources 5. My Account 5. Search Education 5. Purchasing 6.

2013 MEDICARE SALES TRAINING AND CERTIFICATION PROGRAM Amerigroup Medicare Sales Sentinel User Guide

Assessment of Student Performance and Progress. Test Operations Management System: Adding and Managing Users Guide

A step-by-step guide to eportfolio for assessors.

Eforms Full Application Guide New Contractor

Frequently Asked Questions

Compliance Document Manager User Guide

User Manual for. Contractor Performance Assessment Reporting System (CPARS) December 2014 Current Version UHTTPS://

Chapter 2. Passwords, Access, and Logon

Electronic Committees (ecommittees) Frequently Asked Questions v1.0

A Supplier s Guide to E-Bidding

MyFloridaMarketPlace. equote Training State Agencies

Online Reporting and Information Management System (ORIMS) Manage Financial Returns User Guide for Banks & Trust Companies

Table of Contents 1. ABOUT THE GIS PANGEA SYSTEM 5 2. HOME DASHBOARD OVERVIEW MANAGER DASHBOARD OVERVIEW 66

COMPASS Corporate User Guide

Admissions & Intro to Report Editing Participants Guide

Transcription:

MyCSF User Guide Prepared By: HITRUST 6136 Frisco Square Blvd. Suite 327 Frisco, Texas 75034 P: (469)269-1110 F: (469)269-1101 www.hitrustalliance.net 1 P a g e

Table of Contents MyCSF User Guide Browser Support:...4 Login...4 MyCSF Library:...5 CSF Library Searches... 6 Need Help Scoping an Assessment?...6 MyCSF Assessments...7 Administrative Details and Factors... 7 Scoping an Assessment Object...8 Organization Information Tab... 8 Factors Tab... 8 Systems Tab... 9 Facilities Tab... 9 Generate/Update the Baseline Assessment... 11 Completing the Baseline Assessment... 12 How to Answer Questions... 12 Setting Not Applicable... 14 Illustrative Procedures... 15 Diary... 16 Assigning Requirements... 16 Tracking an Assessment... 19 Assessment Home Page... 19 Visual profile... 20 Response Navigator... 21 2 P a g e

Dashboards... 22 Uploading Documents to MyCSF... 23 Submitting an Assessment... 25 Submitting the Assessment... 25 Downloading Your CSF Assessment Report... 26 Adding an Object... 28 How to Add an Object... 28 Changing Your Password... 32 Configuring Password Reset Questions... 34 Resetting Your Password... 35 Revised 08/2014 3 P a g e

Browser Support: MyCSF supports the following browsers: Internet Explorer (IE 11 users may experience difficulties and is not recommended) Firefox Safari (Safari is not currently supported however it is slated to be provisioned shortly.) Pop-Up Blocker will need to be disabled for MyCSF. Login To access MyCSF, proceed to https://portal.hitrustalliance.net and enter the username/password that you registered with. If you do not have an account, click the link adjacent to No Account? and we will provision an account on your behalf. (Note: The provisioning can take up to one business day) 4 P a g e

MyCSF Library: Click the MyCSF Library tab to view the HITRUST Common Security Framework (CSF). The CSF is a comprehensive and prescriptive framework that can be scaled and tailored based on an organization s type, size and complexity. This library will include the most interactive and upto-date source for the CSF. Expand a Control Category by clicking the plus symbol 5 P a g e

CSF Library Searches Located in the MyCSF Library tab is a search field. While highlighting the HITRUST CSF Library, you may query the library for keywords. Search the CSF for specific content by using the Search Field Need Help Scoping an Assessment? If you are unsure about the scoping process, refer to the following documents available on the HITRUST Alliance website (www.hitrustalliance.net). It provides broader guidance on planning for an assessment including system identification and grouping: Planning and Leveraging the HITRUST CSF HITRUST CSF Assessment Methodology MyCSF vs. GRC Tool HITRUST Executive Summary and Introduction 6 P a g e

MyCSF Assessments This tab is home to all MyCSF Assessments. Click on the MyCSF Assessments tab to see your current list of Assessment objects. To open an object, highlight it and double click or click the Open button. Search by status, type, entity, by altering the drop down. Resultingly, this will group the objects into the appropriate category as selected by the user. Note: The number of Objects available to create is defined by your organization s purchased Subscription Tier. See the MyCSF Pricing Sheet for more information. Administrative Details and Factors After opening your object from the MyCSF Assessment Tab, you will be presented with the page below. Click the Administrative Details & Factors link to begin scoping the assessment object 7 P a g e

Scoping an Assessment Object Begin scoping an object by inputting data into the Organization Information, Assessment Options, Factors, Systems, and Facilities Tabs. Required fields are denoted by a red bar to the left of the field. Organization Information Tab Under this tab, Contact Information, Organizational Profile, and Environment are defined. Factors Tab Rick factors are input through the Factors tab. Inputs into these fields determine which controls and what implementation levels will be included in your Baseline Questionnaire. 8 P a g e

Systems Tab Use this screen to build a list of systems that are being considered during the overall assessment for the organization. This should be leveraged as a reference to which systems are contained in the scope current assessment object. This does not prohibit you from assessing these systems individually in the future. Logical application systems should be documented. Specific server, device names, etc. are not required. Click Add -> Systems Facilities Tab Use this section to build a list of Facilities that are being considered during the assessment. 9 P a g e

Click Add -> Facilities IMPORTANT: Adding a System or Facility does NOT create new assessments to be completed. To assess each facility and/or system separately, individual objects will have to be utilized for each. This screen is only for building simple lists of systems and included in the scope of the assessment and assessed as a whole. (Check out the MyCSF Education Video Configuring an Organization Object in the MyCSF Video Library) 10 P a g e

Generate/Update the Baseline Assessment Pop-Up Blocker will need to be disabled for these steps! Once the Baseline Assessment Scoping information is submitted, the following dialogue boxes will appear. Click OK or Cancel as appropriate. 11 P a g e

IMPORTANT: If you are simply updating the risk factors for an existing baseline assessment, the questionnaire will be updated and no information will be lost. For the requirements that no longer apply to the scope originally submitted, they will be marked No Longer In Scope. Note: If you answered Yes to creating a Detailed Assessment, you will be presented with additional dialogue boxes. Completing the Baseline Assessment How to Answer Questions To view the Baseline Questions, double click the Object from the MyCSF Assessments tab. Click the Baseline Assessment link. Click the + to expand a Domain to access the questions. Double-click the requirement statement to start providing the maturity inputs. 12 P a g e

Baseline Response Statuses: Not Started None of the Maturity Assessment Answers have been provided. Incomplete Some but not all of the Maturity Assessment Answers have been provided. Complete All of the Maturity Assessment Answers have been provided. Easily navigate to the next requirement by clicking the Right Arrow. Your answers and comments will be saved. Click Save & Close when you wish return to the Baseline Assessment. Use the Comments field to contain documents and names of documents to maintain access control, record why organization is not fully compliant and store information that support answers. Click the Refresh button if the status of the questions you answered are not updated automatically. 13 P a g e

Setting Not Applicable Marking a requirement Not Applicable can be achieved in one simple step. Located on the Baseline Requirement tab is a field labeled Is this Control Applicable? By default, it will be set to Yes, however, if this is a question that does not apply to your assessment at hand, feel free to modify this to read No. As a result, this requirement will not be counted in any assessment scores. While you won t be required to enter any maturity values, please provide justification in Your Comments field. Is this Control Applicable? IMPORTANT: Do NOT select Not Applicable on any of the maturity inputs IF you have not set the requirement as Not Applicable on the aforementioned attribute. This will score that portion of the assessment at a zero. 14 P a g e

Is this Control Applicable? is set to Yes Maturity Inputs set to Not Applicable Illustrative Procedures The Illustrative Procedures tab is another approach offered to answer requirements. The benefit of answering in this tab is that for every requirement, the Illustrative Procedures provide guidance on how to ensure the organization has implemented the requirement correctly for the 5 required Maturity Levels (Policy, Procedure, Implemented, Tested, and Managed). Example: The Related CSF Control is 00.a Information Security Management Program, Level 1 Illustrative Procedure Policy: Obtain and examine information security policies to determine if an information protection program has been established, includes scope, goals, governance, and roles/responsibilities, and is based on an industry-standard security framework (e.g., HITRUST, NIST, ISO). (Check out the MyCSF Education Video Answering Baseline Questions at MyCSF Video Library) 15 P a g e

Diary The Diary Tab allows you to make notes on each individual requirement while maintaining a log of the entries. This function is useful to centralize communication with those in your organization or a third party while undergoing a Validated Baseline Assessment. This feature is at the question level, so open your baseline assessment. Double a click question within your assessment. Choose the Diary Tab. Input entries. Click the Add Diary Entry. Click the Save &Close button once all entries are made to ensure they are saved. Comments are then added to the Information/Comments Diary field, after clicking Add Entry. (Check out the MyCSF Education Video Using the Diary at MyCSF Video Library) Assigning Requirements Standard users of the tool can assign specific assessment questions to individuals with the subject matter expertise needed to respond. To assign a user to a requirement: Click the MyCSF Assessments tab. Double click or highlight the assessment and click the Open button. Click the Baseline Assessment link. 16 P a g e

1. Expand a Domain 2. Highlight the question to be assigned. 3. Click the Assign button 4. Click Add. 5. Type the search criteria. Search by username, name or email address by checking one of the Search Keys. 6. Click Validate button. 17 P a g e

6. When Assignee is found, click OK. 8. Returns to the Permission Assignment window, with the assignee highlighted. Check Customer Respondent role. 9. Click Apply. 18 P a g e

Tracking an Assessment Assessment Home Page While this serves as the Home Page for your assessment, it also equipped to display your assessment progress at a glance with the Circle Chart (pictured second below). The chart updates in real-time as you advance through your assessment. 1. Click the MyCSF Assessments tab 2. Ensure Baseline Assessments is selected 3. Double-click the desired object 19 P a g e

Visual profile The Visual Profile is designed to provide a CSF profile of the controls and implementation levels for an assessed object. It is updated every time you make an adjustment to your Organizational, System or Regulatory factors defined in scoping your object. Profile Color Coding: Gold represents controls required for CSF certification. Red indicates the level of each control to implement. The visual profile can be accessed in two locations in MyCSF: 1. While entering the assessment risk factors under the Administrative Details & Factors link. 20 P a g e

2. On the MyCSF Visual Profile tab. (Check out the MyCSF Education Video The Visual Profile at MyCSF Video Library) Response Navigator The Response Navigator tab permits quick identification of Baseline Requirements and allows status updates of the questions. 21 P a g e

(Checkout the MyCSF Education Video Response Navigator Tab at MyCSF Video Library) Dashboards The Dashboards create an at-a-glance snapshot using graphics to how the assessment is progressing. You always know where you stand with the assessment to provide a quick update. To access, click the Dashboards tab and, subsequently, the assessment object you are wishing to view. 22 P a g e

Uploading Documents to MyCSF The Assessor and Customer links provide a way to securely upload documents to HITRUST. Click either the Assessor or Customer Document link dependent on your role. For Assessors this may be additional documents to support their 3rd party assessment. For Customers this would be their participation agreement, management rep. letter, etc. Note: The rep. letter is required to be a submitted on letterhead as a signed PDF. Click Add -> Document 23 P a g e

1. Click File Attachments link. 2. Browse to your file. 3. Click the Attach This File Button. Save. 24 P a g e

Submitting an Assessment Whether submitting a Self-Assessment or Validation by a Third Party can be achieved in one simple step. Your baseline questionnaire has to be completed prior to starting this process: Mandatory: Your rep. letter must be uploaded before review of the submitted assessment will begin. Must be on letterhead, signed and in PDF format. Submitting the Assessment Note: It is a 4-6 week turn around period for processing a submitted report. Please plan accordingly. 1. Click MyCSF Assessments Tab 2. Select the Object for which you are submitting an assessment. Open the Object by either double clicking it or click the Open button. 3. The Assessment will open. Scroll down to the Details/Workflow section. 4. Click the Action button. Select Submit Baseline Assessment. Note: Once submitted, it disables the client s ability to make changes or additions. 25 P a g e

Downloading Your CSF Assessment Report Once you receive HITRUST notification that the report is ready you can download your CSF assessment report. There is a link embedded at the end of the report notification that will bypass the following steps. 1. From the Assessment Homepage, click the Baseline Reports link. 2. Double click the report marked Report Completed. 26 P a g e

3. Click the Report Delivery Tab. Click the file attachment within the tab. 4. Click the link to download your report. 27 P a g e

Adding an Object ONLY the Account Administrator at an organization* or an Assessor have the ability to add an object. *If your organization has a Basic MyCSF subscription or you have only purchased a Self-Assessment report, then no additional objects can be added to the already existing object. To obtain additional objects contact Sales@HitrustAlliance.net. How to Add an Object Pop-Up Blocker will need to be disabled for these steps! To add a new Object, click the Add button. Choose Object from the list. The Create a New Object Window will appear next. 1. Type in the Object Name. 28 P a g e

2. The Object Type should ALWAYS be set to Assessment. Click Save. 3. After saving your choices, you will be returned to the MyCSF Assessment tab and the new object will be displayed in the Object Name list. You will receive this message if you are attempting to create more objects than allotted by your Subscription Tier. Refer to your Customer Lead or the HITRUST Pricing Sheet for more information. 29 P a g e

Generate Baseline Assessment Report Click the Reporting Tab (Only available to Professional, Corporate, Enterprise, and Performance customers) Click the link for the type of report you wish to generate (Note: The CAP Report is only available after Correct Action Plan steps have been entered into the Baseline Assessment : Click Preview button Fill out the necessary information in the parameter(s), if applicable. Click View Report button. Reporting results are generated in a PDF and Excel format and can be exported only in these two formats at this time. 30 P a g e

Example of a baseline assessment report. 31 P a g e

Changing Your Password Once you are logged into the portal, at the landing page, click Change Password. You will arrive at the User Profile Screen. Click here to Change Password 32 P a g e

Type in your new password. Re-Enter the same password. Password format must be between 8-20 characters and contain at least one uppercase and lowercase letter, number and special character. Click OK then Close. 33 P a g e

Configuring Password Reset Questions Once you are logged into the HITRUST portal, on the landing page, click Change Password. Click here to set up your Security Questions Check the box next to the security questions of your choice and type in the corresponding answer. (We recommend answering at least 3 of the 5 questions.) Click Save to retain your answers. Click Close to return to the User Profile Screen. 34 P a g e

Resetting Your Password At the HITRUST Portal log in page, click the Forgot your password option. Note: you will not be able to use this feature until your security questions are set up in the portal. Type in your user id (email address). Answer the security question and click OK. You will be sent a temporary password that you will be required to modify on login. 35 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback