■ = Functionality development complete and ready for release
■ = Functionality development incomplete, but on the short-term roadmap
Q4 2019 Release Target (December?)
- Add filterable and sortable columns for Dynamic Risk Report and similar tabular views of data
- Import-Export: Support for mapping of custom fields
- Notification: Allow customization of language of notifications
- Custom Authentication: Enhancements to setting of teams and permissions via AD and SAML attributes
- Jira: Integration with Jira (Official Release)
- Fix for creation of circular references with control framework parent-child relationships
- Fix for different looking Action buttons on the Audit Timeline report
Q1 2020 Release Target (March?)
- Development of Organization Hierarchy Extra
Q4 2019 Special Release Target (November 30, 2019)
- Added a selection to view the Date Closed value on the Dynamic Risk Report.
- Jira: Integration with Jira (Beta)
- Risk Assessment: Created a new "Control Audit" button when viewing a questionnaire result that will show all controls mapped to the question asked, their associated frameworks, and whether the answer was a "Pass" or "Fail".
- Risk Assessment: Made it so that each time a pending risk is accepted it did not reload the entire page.
- Risk Assessment: Fixed an issue where you would receive a datatables error if you added a text filter for questionnaire questions and select a filter template.
- Email Notification: Fixed an issue where the scheduled reporting section of the Notification Extra would send e-mails to users it should not send emails to.
- Upgrade: Fixed an issue where the Upgrade Extra would throw an error regarding undefined available_extras when attempting to upgrade even if no upgrade was needed.
- API: Added an API query to update the values of a risk.
- API: Fixed an issue in the API Extra when attempting to create a new API key for a user.
- Customization: Fixed an issue where required asset fields would inhibit database upgrades.
- Import-Export: Added support for asset groups to Tenable and Rapid7 integrations.
- Import-Export: Fixed an issue where you could not import fields set to be encrypted using the Customization Extra.
Q3 2019 Release Target (September 30, 2019)
- Ability to define a custom "risk appetite" value
- Creation of a new "Risk Appetite" report that shows separate tabs for risks within and outside the appetite
- Ability to save selections in the Dynamic Risk Report with a name
- Ability to share saved selections in the Dynamic Risk Report with other users
- Customization: Ability to define custom fields as required
- Risk Assessment: Ability to add sub-templates as questionnaire logic
- Customization/Encryption: Ability to define custom fields as encrypted
- Risk Assessment: Ability to audit questionnaire responses against a defined control framework
Q2 2019 Release Target (June 30, 2019)
- Addition of a "Manager" value for each user that will automatically populate the "Owner's Manager" field for risks
- Fix for IE10 compatibility issues
- Add the "Mitigation Control" value to the Dynamic Risk Report
- Updated handling of roles so that user permissions change when role permissions are changed
- Fix so that updating a control in the Governance section doesn't refresh the entire page
- Add an audit trail entry for Accepting and Rejecting a Risk Mitigation
- Add functionality to combine multiple assets into an "Asset Group" that can be added to a risk
- Add translations for the Mongolian language
- Association of teams with audit tests
- Ability to delete active audits
- Risk Assessment: Ability to select multiple contacts for an assessment
- Import-Export: Ability to import vulnerabilities with Rapid7 Nexpose
- Import-Export: Export of controls to a CSV file
- Ability to specify your own scores for risks depending on the likelihood and impact values
- Team-Based Separation: Restrict access to audit tests by associated team
- Advanced Search: Creation of a new SimpleRisk Extra to enable more targeted search criteria
Q1 2019 Release Target (March 31, 2019)
- Addition of tagging of risks and assets
- Addition of asset groups
- Addition of text-based description for asset valuation range
- Enable project selection as part of risk review
- Association of Frameworks and Controls with Policies, Guidelines, Standards, and Procedures
- Ability to Document Exceptions to Policies and Controls
- Addition of a help menu
- Addition of the Audit Timeline report
- Customization of e-mail prepend value
- Ability to export the audit log
- Import-Export: Ability to import assets with Rapid7 Nexpose