The SimpleRisk 20220331-001 release contains a large number of bug fixes as well as improvements to the user experience. Assets can now be associated with controls and users can now track the control maturity level of each asset and how well that asset conforms to the associated control. Users will also find that the Governance section has been updated to use the rich text fields bringing it in line with much of the rest of the application.
This release includes just a couple of new features:
- Updated the Governance module to use the rich text editor seen in other sections of SimpleRisk such as Notifications and Assessments.
- Added the ability to associate Assets with Controls.
The following changes were made to improve the user experience:
- Updated audit entries for updating information to include the specifics of the changes made.
- Added a filter for status (Open/Closed/All) to the Risks and Controls report.
- Updated text editor hyperlinks to no longer move the user away from the page and instead open the link in a new window.
- Greatly improved the speed of the Auto Asset Discovery function.
- Updated Past Audits to no longer use the term Desired Frequency as this is no longer a used value replaced by Test Frequency.
- Control Filters in the Governance section will no longer lose the filter selections when switching between pages of results.
- Added the updating of the php cacert.pem to the composers. Users should no longer have a need to update this manually and it will be updated when SimpleRisk is upgraded.
- Added an API call to delete assets.
- Added an API call to create assets.
- Reworked the asset update function to run more efficiently which should result in faster operation.
We made a single update this cycle to help secure SimpleRisk:
- Updated the SimpleRisk upgrade process to pull the new code from downloads.s3.amazonaws.com rather than github. Admins may need to make changes to firewall rules to account for this. Any rule used should be URL based as this server may change IPs.
This release included fixes for the following bugs:
- Moved the check for bad file encoding from the admin pages and will only call the check when loading the HealthCheck.
- Fixed an issue where the printable view would not display the correct mitigation percent associated with the risk.
- Updated a depreciated call on the Plan Projects page.
- Fixed an issue where some systems were unable to use the automated asset discovery function.
- Fixed a possible array offset that could be encountered on the HealthCheck page.
- Fixed an issue where systems with very large amounts of assets could no longer view pages that relied on the assets associations.
- Fixed an issue where editing a document in the document program would fail to load the associated control resulting in removal of the association if the control was not added back before saving.
- Fixed an issue where the submit risk page would load the affected assets widget before initialization had completed.
- Fixed an issue where the Owner's manager did not populate based on the owner selected as intended in various places across the application.
- Fixed an issue where 'Clear Form' did not properly reset the form on the Submit Risk page.
- Fixed an issue where users were unable to select risk mappings on the submit risk page.
- Fixed an issue where the Unassigned filter selection for frameworks in the Governance → Controls section would never return any results.
- Fixed an issue where the Risk Scoring Formula could not be saved when making changes.
- You can no longer hit “Select” and receive a blank user page when attempting to view the details of a user on the User Management page.
- Fixed an issue where the form would not be completely cleared if users started to add a document to the Document Program and then canceled, the form will now be empty if the add document button is pressed again.
- Fixed an issue where Display Names of users could not contain “/”.
- Updated installer healthcheck to recognize 1G properly for the memory amount, it will no long think this entry is insufficient.
- Fixed an issue when using an API call that returns the role of a user account and that user has no role an undefined index will be returned. This will now return the information as intended.
- Fixed an issue where the check preventing an admin from removing their admin privilege would also stop them from editing any other aspect of their user details.
- Fixed an error that was recorded to logs when viewing the Notification Extra Configuration page.
The SimpleRisk Extras are the paid for functionality that extend the features of the SimpleRisk Core. This release targets bugs that made it through the major updates to Import-Export as well as patching a bug and updating the Compliance Forge SCF extra.
The full list of updates to Extras are as follows:
Risk Assessment Extra
- Added the ability to create multiple choice multiple selection questions. This allows the user to create a question with 3 answers for example and all 3 options can be selected generating 3 different pending risks if configured to do so.
- Added the ability to import and export multiple choice multiple selection questions.
- Fixed an issue where sub-templates did not respect the question order of the sub-template.
- Fixed an issue where a depreciation warning could prevent refreshing the table when making a copy of the questionnaire.
- Fixed a warning that could be displayed when rendering the mitigation control dropdown.
- Fixed an issue where variables could be edited in the rich text editor for the email templates when they should not be.
- Fixed an issue where editing a questionnaire the already assigned assets and asset groups in the risk details section did not display with proper color coding.
- Updated when an assessment only contains one template that it will no longer prefix the name of that template with a number.
- Updated the hyperlink feature so when a link is clicked in an assessment that is part of the question text browsers will no longer open the link in the same tab losing assessment progress and instead will open them in a new tab instead.
- Fixed an issue where importing mapped control numbers would not properly associate the control with the framework.
- Fixed an issue where users could not update the mitigation team of a risk using the import extra.
- Fixed an edge case where when encryption was enabled and an asset import fails the assets that were imported aren’t ordered properly.
Incident Management Extra
- Fixed an issue where users could not rename Playbooks after they were created.
- Replaced depreciated command running in the Incident Management Extra.
- Fixed an issue that would prevent the Incident Trend chart from rendering.
Team-Based Separation Extra
- Fixed an issue where assets that belong to multiple teams would not function as intended.
Vulnerability Management Extra
- Fixed an issue where Nexpose users were unable to import whenever the import contained multiple assets or risks that have the same tag.