= Functionality development complete and ready for release

= Functionality development incomplete, but on the short-term roadmap


FUTURE RELEASES (Last Updated 3/27/2021):


Q2 2021 Release Target (June?)

  • Add context-based tooltips and self-help options to the SimpleRisk UI
  • When a risk is updated, the audit log should reflect what was changed, in addition to who changed it and when.
  • Notification: Allow customization of language of notifications
  • Customization: Ability to create multiple, customizable, risk forms
  • Incident Management Extra: Add user permissions.


Q3 2021 Release Target (September?)

  • Add customizable reports to automatically send via email
  • Custom Authentication: Enhancements to setting of teams and roles via AD and SAML attributes.
  • Incident Management Extra: Add an action menu allowing you to "Escalate", "Close" or "Reopen" an incident.
  • Incident Management Extra: Set the time along with the date for the start date and detection date.
  • Incident Management: Integration with the Email Notification Extra for sending notifications of actions
  • Incident Management: Dynamic Incident Report


Q4 2021 Release Target (December?)

  • Risk Assessment: Hosted proxy and the ability to export an assessment to CSV, fill it out offline and then import the results.


PAST RELEASES:


Q1 2021 Release Target (March 5, 2021)

  • Add a "Current Control Maturity" value for each control to define the existing level of maturity for that control.
  • Add a "Desired Control Maturity" value for each control to define the desired level of maturity for that control.
  • Added a "Control Gap Analysis" report to show all controls where the current control maturity is less than the desired level of maturity.
  • Added the ability to filter columns in the Active Audits table so that they may be searched and filtered the same way the Dynamic Risk Report works.
  • Added the ability to filter by control name on the Define Tests menu of Compliance.
  • Added the ability to filter by control family on the Define Tests menu of Compliance.
  • When Exporting to XLS via the Dynamic Risk Report all filters and configurations are now respected.
  • When using the printer friendly version of the Dynamic Risk Report column filters will now affect the generated document for printing.
  • Added the Mitigation Percent field to the mitigation columns available for display in the Dynamic Risk Report.
  • Added a last review date field to the Governance Document Program to bring its feature set in line with other repeating tasks in SimpleRisk.
  • Added a field for Team to the Document Program.
  • Level of Mitigation effort now sorts based on magnitude and no longer alphabetically.
  • Updated the Asset Selection widget to show available items on the left and selected items on the right.
  • Updated the OWASP Risk Scoring methodology so that the resulting risk score is reflective of their Overall Risk Severity.
  • Updated the Risk Catalog to have the latest information from ComplianceForge.
  • Created a new Threat Catalog with the latest information from ComplianceForge.
  • Added Assessment Uploads to the Fix Encoding page.   Now any broken attached files to assessments will be identified so they may be replaced. This only applies to files uploaded in version 20201005-001.
  • Fixed a bug where the default custom display settings for a user would be empty.
  • Fixed an issue where enabling extras in a specific order could generate an error.
  • Fixed an issue where users could create a mitigation for a risk that does not exist.
  • Fixed an issue where updating a risk could set the submission date to 00:00 of the current day.
  • Fixed an issue where using the sorting function on the comment section of the Dynamic Risk Report did not function as intended.
  • Fixed a bug where the risk appetite report would be affected by closed risks.
  • Fixed a bug where Next Review Date in the Document Program did not respect the configured date format
  • Fixed an issue where users could add projects to the system without the correct privilege to do so when executing a review or adding a risk during after an assessment.
  • When admins change a users Role or Permissions the changes will now take affect immediately instead of when the next session is set.
  • Disabling a user now immediately destroys their session.
  • Customization: Fixed an XSS vulnerability in Customization Extra Asset Field Name.
  • Customization: Fixed an issue where removing the risk mapping it could no longer be restored to the original placement.
  • Customization: Fixed an issue where custom fields would not sort properly in the Dynamic Risk Report.
  • Risk Assessment: Fixed an issue where users may record an undefined index error when submitting a new tag with a risk assessment questionnaire question.
  • Import-Export: Added the NIST 800-171 Controls to the one-click framework installation option.
  • Import-Export: Added the ability to export the list of users currently in SimpleRisk along with their roles, permissions and teams.
  • Import-Export: Added the ability to import a list of users along with their roles, permissions and teams.
  • Import-Export: Now when exporting XLS from the Dynamic Risk Report all filters will be respected in the generated export.
  • Import-Export: When creating a printable version of the Dynamic Risk Report the column filters will now be reflected in the printed version.
  • Import-Export: Fixed an issue where importing control frameworks from the GitHub was not properly capturing the framework_id.
  • Import-Export: Added the ability to map mitigating controls when importing risks.
  • Import-Export: Fixed an issue where Close Reason could not be null when importing risks.
  • Notification: Updated the user interface to use twisties to hide the details of notifications.
  • Notification: Made improvements to the notification of document reviews and fixed an issue where users would not receive them at the configured time.
  • Notification: Fixed an issue where notify on review and notify on close settings were not functioning.
  • Notification: Added new configurations for document exception notifications to bring it in line with other scheduled notifications.
  • Jira: Fixed an issue that would cause an error to be logged when submitting risks with this extra.


Q4 2020 Release Target (January 21, 2021)

  • Adding a new report to visually show relationships between frameworks, controls, risks and assets
  • Adding a new report to view latest comments and updates to risks
  • Added Last Test Date to the audit timeline report.
  • Added searchable fields from the Dynamic Risk Report to all other reports in the reporting section.
  • Re-ordered the control dropdown menus to be in alphabetical order.
  • Changed the format on the Document Program so the edit buttons are easier to use.
  • Fixed an issue where Next Review Date and Approval Date fields would display in different date formats when editing items in the Document Program.
  • Fixed an issue where users were unable to set a Last Test Date prior to the current day when editing Compliance Tests.
  • Fixed an issue where searching for items in the Document Program using Framework or Control would not function if the item belongs to multiple selections.
  • Fixed an issue where Timezone was not being displayed correctly according to what was configured in Settings.
  • Fixed an issue where editing the tags associated with an asset would submit them twice.
  • Fixed an issue where the tabs to switch between risks and the risk list would break when a risk was edited.
  • Changing a value in the Add and Remove values now records an audit entry as expected.
  • Fixed an issue where the User Permissions in the User Management were not correctly spaced.
  • Fixed a XSS vulnerability on the Settings page under the Configure menu.
  • Organizational Hierarchy Extra: Update to not show assets that are not in the same Business Unit(s) as the current user.
  • Team-Based Separation: Apply team separation to the viewing and use of assets in dropdowns, searches, and asset management.
  • Incident Management Extra: Add the ability to edit existing playbooks and add your own custom playbooks.
  • Incident Management Extra: Added incident closure states for Duplicated, Error, Expected, False Positive, Inconclusive, Precursor and True Positive.
  • Incident Management: Add an Overview report for the current month of Incidents.
  • Incident Management: Add an Incident Trend report for the past 13 months of Incidents.
  • Incident Management: Add a Lessons Learned report to show lessons learned and associated incidents.
  • Incident Management: Add an "Add and Remove Values" menu under Configure to allow users to add dropdown items.
  • Incident Management: Add a "Settings" menu under Configure to enable Incident Management configuration settings.
  • Incident Management: Updated Incident Management to use tags the same way as the rest of SimpleRisk.
  • Incident Management: The “Collected on” field will now save properly when users have a date format set other than default.
  • Incident Management: Editing and saving incidents no longer duplicates notes/evidence.
  • Customization: Fixed an XSS on the Customization Extra configuration page.
  • Customization: Fixed an issue where users could not disable the Risk Mapping field.
  • Customization: Fixed an XSS on the All Open Risks By Team By Risk Level report while using Custom Fields.
  • Customization: Fixed an XSS on the Management Review page when using Custom Fields.
  • Risk Assessment: Fixed an issue where after Assessments was turned on for the first time some text would be displayed somewhere randomly on the next page loaded.
  • Risk Assessment: Fixed an issue where adding a new tag to an answer would not make it available for later use in dropdowns.
  • Risk Assessment: Unified how tags work in Assessments to match the rest of SimpleRisk.
  • Risk Assessment: Changed the separator for multiple tags on active/closed risks on the questionnaire results page as commas were found to be misleading.
  • Jira: Added the ability to have a risk added in Jira trigger a new risk in SimpleRisk.
  • ComplianceForge SCF: Fixed an issue where users would receive an error when disabling the ComplianceForge SCF Extra.


Q4 2020 Bug Fix Release (November 23, 2020)

  • Added a page to identify any broken files as a result of the 20201005-001 upload bug. You will
    find this page in the Configure menu at the top followed by Fix Upload Issues on the left. If
    you do not see it then you have not been affected by this bug. If you do see this page you need
    to go into it and it will allow you an easy place to identify the broken uploads and upload
    replacements to replace them.
  • Added a warning when the max tag length of 255 is exceeded.
  • Fixed the display issue causing problems viewing the edit and delete buttons in the Governance
    Document Program.
  • Fixed a UI bug in the User Management page.
  • Custom Authentication: Fixed an issue where SAML authentication did not work if SimpleRisk was not being run out of the web server context root.
  • Custom Authentication: Fixed a bug that would leave a php warning in the log when an AD user’s account is
    created upon the first login.
  • Customization: Fixed an issue where the Risk Mapping field was unable to be removed from a template.
  • Risk Assessment: Fixed a bug where the questionnaire tracking table was not set to use innodb.
  • Encryption: Fixed an issue with hitting the API while encryption is on.
  • Encryption: Fixed an issue where users were unable to sort by a given column on the Dynamic Risk
    Report as long as Encryption was enabled.
  • Organizational Hierarchy: Fixed a performance issue for SAML users with Organizational Hierarchy enabled.
  • Import-Export: Saved Reports will now export to XLS properly on the Dynamic Risk Report.
  • Import-Export: Fixed an issue where exported affected assets not properly escape certain symbols.
  • Import-Export: Added the FedRAMP Low Baseline Controls to the one-click framework installation option.
  • Import-Export: Added the FedRAMP Moderate Baseline Controls to the one-click framework installation option.
  • Import-Export: Added the FedRAMP Low Baseline Controls to the one-click framework installation option.
  • Import-Export/Risk Assessment: Added NIST SP 800-171 DoD Assessment to the one-click assessment installation option.
  • Email Notification: Fixed an issue preventing scheduled notifications from being sent.
  • Incident Management: Fixed an issue where updating the incident subject didn't show after being saved.
  • Incident Management: Fixed an issue where updating the incident status didn't show after being saved.
  • Incident Management: Fixed an issue where the risk subject was not decrypted with Encryption enabled.
  • Incident Management: Fixed an issue where the asset name was not decrypted with Encryption enabled.


Q4 2020 Bug Fix Release (November 6, 2020)

  • Fixed a bug causing empty files to be uploaded for every file upload function in SimpleRisk.


Q3 2020 Release (October 5, 2020)

  • Ordering of Past Audits under Compliance by time, in addition to date, so that the last one completed displays at the top.
  • Rewrote the API health check to more closely reflect an actual API call.
  • Updated the way that SimpleRisk handles user permissions to make it easier to add new permissions going forward.
  • Updated the way that SimpleRisk handles sessions for improved visibility and consistency.
  • Ability to customize views for the Plan Mitigation, Perform Reviews and Review Regularly pages
  • Ability to filter by asset tags in the Risks and Assets report
  • Creation of a Printable View of the groupings in the Dynamic Risk Report
  • Added GUI-based notifications of when licensed Extras have expired.
  • Fixed a console message about refusing to load the image URL because it violates the CSP directive.
  • Custom Authentication Extra: Added ability to select sAMAccountName and userPrincipalName as a Username Attribute when using LDAP authentication.
  • Notification Extra: Fixed a bug affecting scheduled notifications.
  • Import-Export Extra: Added the ability to install and uninstall frameworks from the GitHub repository with the click of a button.
  • Import-Export Extra: Added AICPA 2017 SOC2 Trusted Services Criteria (TSC) to the one-click framework installation option.
  • Import-Export Extra: Added CIS Critical Security Controls v7 to the one-click framework installation option.
  • Import-Export Extra: Added CMMC v1.02 Maturity Level 1 to the one-click framework installation option.
  • Import-Export Extra: Added CMMC v1.02 Maturity Level 2 to the one-click framework installation option.
  • Import-Export Extra: Added CMMC v1.02 Maturity Level 3 to the one-click framework installation option.
  • Import-Export Extra: Added CMMC v1.02 Maturity Level 4 to the one-click framework installation option.
  • Import-Export Extra: Added CMMC v1.02 Maturity Level 5 to the one-click framework installation option.
  • Import-Export Extra: Added Information Security Regulation Version 2.0 to the one-click framework installation option.
  • Import-Export Extra: Added NIST 800-53 to the one-click framework installation option.
  • Import-Export Extra: Added NIST Cybersecurity Framework (CSF) to the one-click framework installation option.
  • Import-Export Extra: Added PCI DSS v3.2.1 to the one-click framework installation option.
  • Import-Export Extra/Risk Assessment Extra: Added the ability to install and uninstall assessment templates from the GitHub repository with the click of a button.
  • Import-Export Extra/Risk Assessment Extra: Added NIST Cybersecurity Framework (CSF) to the one-click assessment installation option.
  • Import-Export Extra/Risk Assessment Extra: Added PCI DSS v3.2.1 Self-Assessment Questionnaire D for Merchants to the one-click assessment installation option.
  • Incident Management Extra: Bug that each playbook is not treated as per incident.
  • ComplianceForge SCF Extra: Updated to display the SCF Control Number as part of the control short name and both the SCF Control Number and SCF Domain as part of the control long name.
  • Risk Assessment Extra: Addition of a risk catalog linked to questionnaires and the Secure Controls Framework
  • Risk Assessment Extra: Updating the Additional Notes with Assessment Information


Q2 2020 Release (July 11, 2020)

  • Ability to attach files to policy and control exceptions
  • New permissions under Risk Management for creating, deleting, and managing projects
  • New permissions under Compliance for defining tests and initiating and managing audits
  • Ability to save the column filter selections in the Dynamic Risk Report
  • Fixed a bug with sorting by Subject in the Dynamic Risk Report
  • Fixed a bug where the "Define Tests" page under Compliance would refresh after a new test had been added
  • Added a report under Configuration -> User Management to track users and all of the responsibilities they are associated with.
  • Added a report under Configuration -> User Management to track users and all of the roles they are associated with.
  • Updated the Risks and Controls report to sort by the inherent risk score for the "Risks by Control" view.
  • Added the ability to select a "Document Owner" from the Document Program menu under Governance
  • Added an "Additional Stakeholders" user multi-select dropdown in the Document Program menu under Governance
  • Added an "Approver" user select dropdown in the Document Program menu under Governance
  • Added a "Next Review Date" date select field in the Document Program menu under Governance
  • Added a "Review Frequency" field in the Document Program menu under Governance
  • Added the ability to choose whether to sort by Asset Name or Asset Risk in the Risks and Assets report
  • Added the ability to choose the columns displayed for the Active Audits page under Compliance
  • Removed Obsolete Reports from Reporting
  • Updated to invalidate the old password reset token for a user if a new token is generated
  • Change "Review Date" to "Approval Date" in the Document Program menu under Governance
  • Changed the Health Check to a tab layout and added a Summary tab
  • Added a new health check to ensure the SimpleRisk Base URL defined in Settings matches the base URL that is being used to access the instance
  • Import-Export Extra: Added the ability to save custom fields in the Import/Export mappings.
  • Team-Based Separation Extra: Added a report under Configuration -> User Management for users mapped to teams and teams mapped to users.
  • Email Notification Extra: Added the ability to send automated notifications for document reviews.
  • Organizational Hierarchy Extra: The Organizational Hierarchy Extra enables the ability to define multiple Business Units which can include any number of teams. Users can then be assigned across one or more teams under various Business Units. This affects a user's ability to see and use the teams, users, and assets which they are not associated with.
  • Incident Management Extra: The Incident Management Extra is based on the NIST 800-61 Computer Security Incident Handling Guide and provides incident management capabilities from within the SimpleRisk system.


Q1 2020 Release (March 28, 2020)

  • Add filterable and sortable columns for Dynamic Risk Report and similar tabular views of data
  • Enhance usability of the Dynamic Risk Report by creating expandable sections
  • Performance improvements by converting concatenated ids to junction tables and adding indexes
  • Ability to choose if High Risk Report is based on the Inherent or Residual risk score
  • Fix for creation of circular references with control framework parent-child relationships
  • Fix for different looking Action buttons on the Audit Timeline report
  • Added a new audit log type for user events
  • The Risks and Assets report now includes the risk's locations/teams in the row instead of the asset's locations/teams.
  • Group names are now included on the Assets by Risk report in brackets.
  • The Audit Trail now includes an entry when a framework is deleted.
  • After adding a test to a control, you are now brought back to the same place you were when you clicked "Add Test".
  • Changing user permissions while a session is open will now immediately take effect without the need to logout.
  • Added the ability to control whether the "High Risk Report" is based on the Inherent or Residual risk score.
  • Added a new health check to see if an Extra is compatible with the SimpleRisk instance version.
  • Added a new health check to see if an instance is running the most recent version of an Extra.
  • Added a new health check to check for proper MySQL database user permissions.
  • Sorted the "Mitigation Controls" dropdown when planning a mitigation in alphabetical order.
  • Fixed an issue in the Risks and Assets report where assets that were part of an asset group were not displayed when the asset was assigned to a risk and the asset group was not.
  • Fixed a bug where using the "Group By" feature on the Dynamic Risk Report would show both a column header and footer when that was not necessary.
  • Updated a function that caused an error when the SimpleRisk Base URL was not set.
  • Fixed a bug when updating your user profile language while selecting "--".
  • Fixed a bug where users would not receive password reset emails without setting the simplerisk_base_url value.
  • Fixed an issue where MySQL instances with STRICT_TRANS_TABLES enabled would throw an error if too many characters were entered into the Compliance related fields.
  • Fixed a bug where the risk levels for "Custom" Classic Risk scoring were not being set properly.
  • Removed Control Regulation from Add and Remove Values as this is now managed through the Governance section of SimpleRisk.
  • Fixed a UI bug that would occur when a Framework's name was too long.
  • Fixed an issue where reporting with Risks and Assets would cause an incorrect maximum quantitative loss when an asset group was attached to a risk.
  • Fixed a bug that was causing the Site/Location and Asset Valuation for assets to not accept new changes.
  • Fixed various issues that occur when SimpleRisk is run from a sub-directory of the virtualhost's web root.
  • Fixed a bug where all pages were making unnecessary calls to the SimpleRisk update server.
  • Fixed a bug where circular references could be made for Frameworks using parent/child associations.
  • Fixed undefined index errors on the Risk and Controls report.
  • Fixed a bug where the Contributing Risk popup window was named "SimpleRisk OWASP Calculator" instead of "SimpleRisk Contributing Risk Calculator".
  • Added the ability to set SimpleRisk to make requests via a proxy through the SimpleRisk UI under the "Security" tab in Configure -> Settings.
  • Open sessions are now immediately invalidated when a password is reset.
  • When account lockouts occur, any active sessions from that account are also invalidated.
  • Various security fixes
  • ComplianceForge SCF: Changed the user interface for enabling and disabling frameworks.
  • ComplianceForge SCF: Added functionality to dynamically download the current ComplianceForge SCF release and update SimpleRisk with the new controls and mappings.
  • Jira: Integration with Jira (Official Release)
  • Risk Assessment: Added a new "Fill in the blank" question type
  • Risk Assessment: Added the ability to send assessments to users already defined in SimpleRisk
  • Email Notification: Fixed an issue where email notifications were not sent with risk closures.
  • Custom Authentication: Added the ability to add a manager attribute through LDAP to the account created in SimpleRisk.
  • Custom Authentication: Added the ability to specify display name, email address, and manager username value attributes for SAML authentication.
  • Custom Authentication: Updated SAML authentication to handle when strict_user_validation is turned off.
  • Upgrade: Continuing to move closer to a true "one-click" upgrade process.
  • Customization: Added an option to have results in a single-select or multi-select dropdown displayed in alphabetical order.
  • Customization: Added a new "Hyperlink" custom field that allows users to create clickable hyperlinks in their templates.
  • Import-Export: Fixed a bug with importing existing assets with updated custom fields.
  • Import-Export: Fixed a bug where the "Export to XLS" button did not work in the Dynamic Risk Report unless a subject column was selected.
  • Import-Export: Added the "Date Closed" column for risk exports.
  • Import-Export: Added the ability to import a Mitigation Submission Date value.
  • Import-Export: Updated import mappings to store custom fields.
  • Import-Export: Added "Additional Stakeholders" to imports.


Q4 2019 Release (November 30, 2019)

  • Added a selection to view the Date Closed value on the Dynamic Risk Report.
  • Updated existing multi-select dropdowns to be searchable and scrollable.
  • Added the ability to search tags when filtering by tags in the Dynamic Risk Report.
  • Added a new filter on the Compliance Active Audits page that allows you to filter based on the "Test Name" column.
  • Added a new filter on the Compliance Past Audits page that allows you to filter based on the "Test Name" column.
  • Added a new "Actions" column in the Audit Timeline report enabling the user to initiate a new audit of the test, view active audits of the test, or view past audits of the test directly from the page.
  • Updated the Team field for assets to be a multi-select dropdown.
  • Updated the "Associated Frameworks" under the Audit Timeline report so that only active frameworks are displayed.
  • Added the ability for a user to select any document type as a parent in the Document Hierarchy on the Governance page.
  • Removed the ability to create a risk subject with only whitespace characters.
  • Removed the "report requires PHP >= 5.5" message if you are running PHP >= 5.5.
  • Added a health check to detect an outdated version of PHP.
  • The missing "Initiate Test" functionality was added back to the Initiate Audits page.
  • Fixed an issue where the pop up menus were no longer able to be scrolled through.
  • Fixed an issue where filtering by an asset or asset group in the Dynamic Risk Report did not work.
  • Fixed an issue where you could not make a tag that contained spaces in it.
  • Fixed an issue where you could not sort by Residual Risk Score in the Dynamic Risk Report after grouping by risk level.
  • Fixed an issue where the Dynamic Risk Report did not properly group by risk level when using custom risk level names.
  • Fixed an issue where changing tabs in the Configure -> Settings menu caused the Risk Appetite slider to disappear until the page is refreshed.
  • Fixed an issue where the "All" button on the Risk Appetite Report did not expand to show all risks under the selected tab.
  • Fixed a spelling issue for "Mitigation Supporting Documenttation" under the Mitigation tab in the Configure, Extras, and Customization menus.
  • Added additional code to prevent a time-based account enumeration attack on login.
  • Fixed a CSRF vulnerability with the new one-click-upgrade functionality.
  • Fixed a SQL Injection vulnerability with audit trail logs.
  • Fixed a Stored XSS vulnerability with the new risk appetite functionality.
  • Fixed a Stored XSS vulnerability with the Frameworks and Controls tabs.
  • Fixed an issue where any user could access the list of Framework Controls.
  • Fixed an issue where an unprivileged user could change the risk levels.
  • Jira: Integration with Jira (Beta)
  • Risk Assessment: Created a new "Control Audit" button when viewing a questionnaire result that will show all controls mapped to the question asked, their associated frameworks, and whether the answer was a "Pass" or "Fail".
  • Risk Assessment: Made it so that each time a pending risk is accepted it did not reload the entire page.
  • Risk Assessment: Fixed an issue where you would receive a datatables error if you added a text filter for questionnaire questions and select a filter template.
  • Email Notification: Fixed an issue where the scheduled reporting section of the Notification Extra would send e-mails to users it should not send emails to.
  • Upgrade: Fixed an issue where the Upgrade Extra would throw an error regarding undefined available_extras when attempting to upgrade even if no upgrade was needed.
  • API: Added an API query to update the values of a risk.
  • API: Fixed an issue in the API Extra when attempting to create a new API key for a user.
  • Customization: Fixed an issue where required asset fields would inhibit database upgrades.
  • Import-Export: Added support for asset groups to Tenable and Rapid7 integrations.
  • Import-Export: Fixed an issue where you could not import fields set to be encrypted using the Customization Extra.


Q3 2019 Release (September 30, 2019)

  • Ability to define a custom "risk appetite" value
  • Creation of a new "Risk Appetite" report that shows separate tabs for risks within and outside the appetite
  • Ability to save selections in the Dynamic Risk Report with a name 
  • Ability to share saved selections in the Dynamic Risk Report with other users
  • Customization: Ability to define custom fields as required
  • Risk Assessment: Ability to add sub-templates as questionnaire logic
  • Customization/Encryption: Ability to define custom fields as encrypted
  • Risk Assessment: Ability to audit questionnaire responses against a defined control framework


Q2 2019 Release (June 30, 2019)

  • Addition of a "Manager" value for each user that will automatically populate the "Owner's Manager" field for risks
  • Fix for IE10 compatibility issues
  • Add the "Mitigation Control" value to the Dynamic Risk Report
  • Updated handling of roles so that user permissions change when role permissions are changed
  • Fix so that updating a control in the Governance section doesn't refresh the entire page
  • Add an audit trail entry for Accepting and Rejecting a Risk Mitigation
  • Add functionality to combine multiple assets into an "Asset Group" that can be added to a risk
  • Add translations for the Mongolian language
  • Association of teams with audit tests
  • Ability to delete active audits
  • Risk Assessment: Ability to select multiple contacts for an assessment
  • Import-Export: Ability to import vulnerabilities with Rapid7 Nexpose
  • Import-Export: Export of controls to a CSV file
  • Ability to specify your own scores for risks depending on the likelihood and impact values
  • Team-Based Separation: Restrict access to audit tests by associated team
  • Advanced Search: Creation of a new SimpleRisk Extra to enable more targeted search criteria


Q1 2019 Release (March 31, 2019)

  • Addition of tagging of risks and assets
  • Addition of asset groups
  • Addition of text-based description for asset valuation range
  • Enable project selection as part of risk review
  • Association of Frameworks and Controls with Policies, Guidelines, Standards, and Procedures
  • Ability to Document Exceptions to Policies and Controls
  • Addition of a help menu
  • Addition of the Audit Timeline report
  • Customization of e-mail prepend value
  • Ability to export the audit log
  • Import-Export: Ability to import assets with Rapid7 Nexpose