Check out our latest releases and updates to the platform.
IntelliGRC now has ISO 27001 Security Controls!
ISO 27001 is now available in the core application. Relevant interview questions and assessment objectives are available in the Compliance section. You can add this to a current evaluation or start a brand new one with just ISO 27001 content. If you use it as part of a multi-framework evaluation, don't forget to adjust your Framework Views.
You can now perform evaluations using multiple frameworks. When a Working Evaluation has multiple frameworks selected, the Intelligent Control Library determines what content (assessment objectives, controls, SPRS Score, etc.) is displayed from each framework. However, you can easily reconfigure your view to display content from a specific framework throughout all sections of the core app. A you change views from one framework to another, you can see how your progress is collectively advancing each separate framework.
Introducing SOC 2
AICPA TSC2017 (SOC 2) framework is coming based on popular demand. Along with CMMC 2.0 L1/L2 and NIST800-171 r2, our index of frameworks provides several security standards to evaluate information system boundaries. You can even add SOC 2 to your previously created evaluations. We will be announcing additional frameworks that are slated to be added in the immediate future! Stay tuned as we are In Search Of feedback for what frameworks will be added next.
Optimized Interview Question Workflow
The interview process in the core application has undergone a complete overhaul to be streamlined and efficient. Questions are now generated dynamically based on factors like what frameworks are in your Working Evaluation and responses to previous questions, removing redundant prompts and including only questions that matter to your selected framework(s). Questions now come in several formats like Yes/No or multiple choice so there is no more ambiguity about how to respond to them. You can also upload evidence directly to questions and save time on mapping them later.
(*Check out the gif below)
Automatic Asset Tagging
Scoping information system boundaries has never been faster now that assets can have assigned categories. Some security standards use categories to organize assets. When creating or updating an Information System Profile associated with such a security standard, the core application will automatically add all assets in your inventory to the boundary.
Auto-Fill Validation Methods
Identifying and listing validation methods in the Gap Analysis for each objective in the SSP would take a significant amount of time. Now, the Validation Methods field has an Auto-Fill function that automatically populates this data. This reduces the time from one to two minutes per objective, to a few seconds!
File Export Format
One of the most tedious tasks of attestation is renaming and formatting evidence for submission to certifying organizations. With our new file export feature, you can get your evidence as is in the app or in DIBCAC format. The core application automatically renames and creates the appropriate folder structure for submission. This can save days of preparation work and effort. Additionally, exporting files includes an evidence matrix to help navigate the new format.
You can now view data from the Recon Agent scanning tool over the course of a 30-day period. Previously, only the most recent results were available to view. This gives a more comprehensive view of your compliance posture as it has changed over a period of time. You can also view data from specific days in the 30-day window.