Legacy Release Notes

27 min read

Isora v1.1.3

August 7, 2024

What's New

  • Unit Answer Info in Risk Register
    • Added the ability to view question text in the “Description” field and a link to the report of a Risk Register entry that was published from a report.
    • Additional details about assessment, question, and answer data will be available soon in the UI. These details are currently accessible with an API request.
    • API Endpoints: api/riskscores and api/riskscores/<riskscore_uuid>
  • Third-Party Product Deployment Enhancements
    • Added functionality to view and search by organization unit code and organization unit name in a dropdown list, formatted as “org_code - org_name.”
    • When setting Owning Users, the dropdown now displays the user’s first name, last name, and email.
  • Login Page: New login page design for enterprise customers.
  • Org Unit Assessments Enhancements
    • Introduced a new Assessment Mean dashboard that displays a row for all units involved in the assessment, accessible to users with relevant permissions.
    • Added NIST CSF to the Implementation Breakdown widget, displaying Total, Missing, Partial, Implemented, and Not Assessed.
    • API Endpoint: api/reports/<report_uuid>
  • Risk Register History and Sorting
    • Users can now view updates to custom attributes for a Risk Register entry, including the Created By Info and the Last Editor Info.
    • Added the ability to sort by Category and Organization on the Risk Register table.
    • API Endpoint: api/riskscores and api/riskscorelogs

API Updates

  • api/riskscores/<riskscore_uuid>
    • Enabled deletion of custom attributes for a risk score via an API PATCH request by setting the “answer” value to “null.”
      • Example:
       {
          "custom_attributes": [
                  {
                      "id": "custom_attribute_uuid",
                      "response_group": "response_group_uuid",
                      "answer": null
                  }
          ]
       }
    • Introduced Risk Treatment and Risk Priority fields with configurable default values:
      • risk_treatment: Accept, Avoid, Mitigate, Transfer
      • risk_priority: Low (default), Medium, High
      • These fields can be customized or hidden upon request.
      • Example:
          "risk_treatment_info": {
              "name": "risk_treatment_name",
              "description": "risk_treatment_description"
          },
          "risk_priority_info": {
              "name": "risk_priority_name",
              "description": "risk_priority_description"
          }
  • api/riskscores and api/riskscores/<riskscore_uuid>
    • Unit Answer Info in Risk Register:
      • Added the ability to view the assessment name, organization unit, and question/answer data for a Risk Register entry. This feature will also be available in the UI soon.
      • Example:
       		"unit_answer_info": {
      				"target": "target_uuid",
              "survey": "survey_uuid",
              "survey_report": "survey_report_uuid",
              "survey_org_unit": "survey_org_unit_uuid",
              "survey_org_unit_name": "survey_org_unit_name",
              "assessment": "assessment_uuid",
              "assessment_name": "assessment_name",
              "question_snapshot": "question_snapshot_uuid",
              "question_category_snapshot": "question_category_snapshot_uuid",
              "question_category_name": "question_category_name",
              "question_text": "question_text",
              "question_help_text": "question_help_text",
              "answer": int,
              "answer_choice": "answer_choice",
              "answer_details": "answer_details"
          },
  • api/reports/<report_uuid>
    • NIST CSF has been added to the Implementation Breakdown widget.
    • Example:
    "frameworks": {
                "cmmc": {
                    "cmmc_readiness": {
                        "cmmc_level1": {
                            "total": 17,
                            "missing": 2,
                            "partial": 11,
                            "implemented": 4,
                            "not_assessed": 0
                        },
                        "cmmc_level2": {
                            "total": 110,
                            "missing": 14,
                            "partial": 44,
                            "implemented": 52,
                            "not_assessed": 0
                        },
                        "cmmc_level3": {
                            "total": 200,
                            "missing": 14,
                            "partial": 44,
                            "implemented": 52,
                            "not_assessed": 90
                        }
                    },
                    "nist_implementation": {
                        "total": 110,
                        "missing": 14,
                        "partial": 44,
                        "implemented": 52,
                        "not_assessed": 0
                    },
                    "sprs_implementation": {
                        "sprs_score": -48,
                        "sprs_summary": {
                            "-1": 28,
                            "-3": 5,
                            "-5": 23
                        },
                        "sprs_deducted": 158,
                        "sprs_max_score": 110
                    }
                }
            },
  • api/riskscores and api/riskscorelogs
    • Custom Attribute Changes Tracking:
      • Added the ability to view changes made to custom attribute fields, including the “created_by_info” and the “last_editor_info.”
      • Example:
                  "created_by_info": {
                      "id": "created_by_info_uuid",
                      "username": "username",
                      "first_name": "first_name",
                      "last_name": "last_name",
                      "email": "email",
                      "active": true/false
                  },
      
                  "last_editor_info": {
                      "id": "last_editor_info_uuid",
                      "username": "username",
                      "first_name": "first_name",
                      "last_name": "last_name",
                      "email": "email",
                      "active": true/false
                  },
  • api/riskscores/summary
    • Risk Scores Summary is a new endpoint providing summarized risk data including:
      • Total number of Risks.
      • Number of Risks in each Category
      • Number of Risks owned by each Org Unit
      • Number of Risks in each Current Impact * Current Likelihood combination
    • Filtering options include:
      • status=<status_uuid>
      • org_unit=<org_unit_uuid>
      • risk_category_name=<risk_category_name>
      • assigned_user=<assigned_user_username>
      • current_likelihood=<current_likelihood>
      • current_impact=<current_impact>
      • target_due_date=<target_due_date>
      • risk_treatment=<risk_treatment_uuid>
      • risk_priority=<risk_priority_uuid>
    • Example:
    {
        "total_risks": int,
        "risk_categories": [
            {
                "name": "category_name",
                "code": "category_code",
                "category_id": "category_uuid",
                "count": int
            },
        ],
        "org_units": [
            {
                "name": "org_name",
                "code": "org_code",
                "org_id": "org_uuid",
                "count": int
            },
        ],
        "risk_scores": [
            {
                "current_impact": int,
                "current_likelihood": int,
                "count": int
            },
        ]
    }

Isora v1.1.2

July 15, 2024

What's New

  • Added Vertical Score to Categorical Overview: Introduced the vertical score in the Categorical Overview of assessment reports, showcasing how the target performed relative to the Assessment Mean in each category. Category scores are calculated by averaging the question scores within each category.
    • API endpoint: api/report/<uuid>
  • CSV Uploader for Vendors and Vendor Products: Implemented the capability to upload Vendors and Vendor Products using a CSV uploader in the Inventory/Third Parties tab.
    • Import API endpoints: api/vendors/csv and api/vendorproducts/csv
    • Template API endpoints: api/vendors/csv/template and api/vendorproducts/csv/template
  • Third-Party Report Header in PDF Exports: Added the Third Party Report header and deployment details to the PDF export for completed assessments.
  • Read-Only Comment History: Enabled read-only comment history in report responses.

Bug Fixes & Improvements

  • Third-Parties Inventory Download: Fixed a bug when downloading the Third-Parties Inventory that was missing the Vendor URL field. Downloads of Third-Party Inventory are now seamless.
  • Third-Party Vendors Search Bar: Further optimized the search functionality within the Third Party Vendors section.
  • Vendor Score Calculation: Fixed a bug that affected the calculation of the vendor score average by product latest score. The average is now correctly calculated based on the most recent score.

API Updates

  • Enhanced Reporting Capabilities:
    • api/reports/all?assessment_id=<assessment_uuid>
      • Enabled the ability to pass the Assessment ID to the reports/all endpoint.
    • api/reports/<report_uuid>
      • Added the vertical score to the Categorical Overview in a report.
      • Example:
      "vertical": {
                      "current": [
                          {
                              "name": "01. Documentation",
                              "parent": "parent_uuid",
                              "mean": 100.0
                          },

Isora v1.1.1

June 28, 2024

Bug Fixes & Improvements

Survey Comment Threads

  • You now have the ability to add/edit comments, search comments and replies, and delete a comment or comment thread.
  • Access the comment functionality through the chatbox icon next to a survey question or at the top right of the survey page to search comments.
  • Filter comments to show only your own by clicking “Your Threads.”
  • API Endpoint: api/commentthreads

Ability to Disable the Settings Tab for Non-Admins

  • Admins can now hide the “Settings” tab in the navbar for non-admin users. Non-admin users will only see their own Profile in the Settings tab.
  • Contact the support desk to enable this setting.

Default the Third-Parties Tab to Display Only My Deployments

  • This feature queries vendors with my_deployments=True.
  • Contact the support desk to enable this feature.

Vendor Report Public Option Default

  • If set to True (default setting), users can view reports only within their organization.
  • If set to False, users can view reports across any organization.
  • Contact the support desk to change this to False.

Vendor Report Public Option Disabled

  • If set to True, the vendor report public option is shown and disabled.
  • If set to False (default setting), the option is shown and enabled.
  • Contact the support desk to change this to True.

Updated Permissions for the Vendor Requester Role

  • Users with the Vendor Requester role can now create and delete Third-Party Vendor Deployments and Third-Party Assessments for their organizational unit.

Third-Party Searchbar

  • Enhancements and bug fixes have been made to the Third-Party search bar for more seamless vendor and product searches.

Assign a User to a Risk Register Entry

  • You can now assign a user to a Risk Register entry. This field can be hidden if not needed.
  • API Endpoint: /api/riskscores

API Updates

  • api/vendorproducts/csv/template
    • Enhanced the CSV files by adding the “vendor_url” field to the vendor product CSV template.
    • New vendor names inserted into the CSV that do not exist will be automatically created.
  • api/commentthreads
    • Added functionality to add comments, search comments and replies, and delete a comment or comment thread.
  • api/reports
    • Added a summary of NIST CSF Policy Scores for a NIST CSF survey report. Example snippet for the “Detect” policy:

Isora v1.1

May 10, 2024

Bug Fixes & Improvements:

  1. NEW Third-Parties Enhancements are now launched in the New UI:
    1. NEW and improved Third-Parties View
      1. Nested Table: Manage third-party vendors, their products, and associated deployments within their organization.
    1. Search Functionality:
      1. Search by Vendor and Product name in the search bar.
    1. "Mine" Filter
      1. Description: View deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user.
      1. Access: See the profile icon on the top right.
      1. API Endpoint: api/orgs/all?mine=true
    1. Assessments Sidebar
      1. Function: View all assessments related to the Vendor Product within a dedicated tab.
    1. Vendor Details Sidebar:
      1. Create and Delete Vendor
        1. Create Vendor: Added a “Create Vendor” button.
        1. Delete Vendor: Enabled the ability to delete a Vendor.
    1. Product Details Sidebar:
      1. Create and Delete: Enabled the ability to create and delete a Vendor Product in the sidebar.
      1. API Endpoint: api/documentation endpoint enabled in the Vendor Product sidebar.
    1. Deployment Details Enhancements
      1. Deployment Details sidebar
        1. Function: Displays editable fields from the api/vendorproductdeployments endpoint.
        1. Can now delete a Deployment.
        1. Can view the Contacts tab.
        1. Column Management: Enabled the ability to show/hide columns.
    1. Vendor Product and Deployment Table View
      1. Overview: Provides an overall view of important details about the Vendor Product/Deployment in a table format.
      1. Add Deployment: Enabled the ability to add a new Deployment in the Vendor Product sidebar.
  1. Risk Register CSV upload.
    1. There was a bug with the Risk Register CSV upload, but it now correctly creates a new risk register entry with the existing Risk Category and Risk (from Settings).
  1. We added support for Hidden Attributes in the Risk Register settings:
    1. Hidden Attributes options you can choose to keep hidden:
      1. 'Inherent_impact',
      1. 'Inherent_likelihood',
      1. 'Inherent_score',
      1. 'Target_impact',
      1. 'Target_likelihood',
      1. 'Target_score',
      1. 'Target_mitigation_control',
      1. 'Notes'
  1. We enabled the ability to edit these Risk Register field labels:
    1. Inherent Impact
    1. Inherent Likelihood
    1. Current Impact
    1. Current Likelihood
    1. Target Impact
    1. Target Likelihood
    1. Notes
    1. Target Mitigation Control
    1. Current Mitigation Control

API Updates:

  1. api/vendors: Added Vendor Hierarchy filters:
    1. Deploying unit
      1. /api/vendors?deployed_org_name=<org_name>
      1. /api/vendors?deployed_org_code=<org_code>
    1. Owning unit(s)
      1. /api/vendors?deployed_owners_orgs_code=<org_code>
      1. /api/vendors?deployed_owners_orgs_name=<org_name>
    1. Owning user(s)
      1. /api/vendors?deployed_owners_people_username=<username>
  1. api/vendorproducts: Added ‘most_recent_score’ field to api/vendorproducts endpoint.
    1. This field calculates the most recent score from the report data associated with the Vendor Product instance.
  1. api/riskscores: Added ‘assigned_users’ and ‘assigned_users_info.’ Both are saved in a list.
    1. ‘assigned_users’: [‘username’]
    1. ‘assigned_users_info’: [

"username": "username",

"first_name": "first_name",

"last_name": "last_name",

"email": "user_email"

]

  1. api/orgs/all: Enabled a “mine” filter option that allows you to view deployments that are deployed by your org unit, owned by your org unit, or where you are listed as the owning user.
    1. api/orgs/all?mine=true
  1. api/apps: Added filtering options:
    1. api/apps?last_assessed_date_gt=<YYYY-MM-DD>
    1. api/apps?last_assessed_date_lt=<YYYY-MM-DD>
    1. api/apps?deployed=<true/false>

Isora v1.0.4

April 12, 2024

API Updates

  1. The /api/documentation endpoint now offers new fields and filtering options that provide additional details about the documentation and allow you to filter the documentation by inventory types and records:
    1. New fields:
      1. TBD
    1. Filtering options:
      1. TBD
  1. We’ve upgraded the /api/config to allow customization of /api/riskscores fields
  1. For those utilizing the /api/riskscores, we've introduced qualitative labels like Insignificant, Minor, Moderate, Major, and Severe, alongside the existing integer values for 'inherent' and 'likelihood' fields. Yes, you can edit these labels too!
  1. We added a new deployment field to /api/assessments which will enable the ability to track third-party vendor assessments against vendor deployments and associate attester contacts to the specific deployments (coming in then next version).

Bug Fixes & Improvements

  • Fixed a bug where users weren't redirected correctly after logging out. Now, you'll land exactly where you're supposed to.
  • Fixed a bug where pagination for the third-party vendor table in the assessment wizard was not working.

Isora v1.0.3

March 22, 2024

API Updates

  • Added the following new fields to the /api/vendorproductdeployments endpoint:
    • owners_people_info: Provides information about the people associated with the vendor product deployment.
    • owners_orgs_info: Provides information about the units associated with the vendor product deployment.
    • org_info: Provides information about the deploying unit.
    • created_date: Includes the creation date of the vendor product deployment.
  • Added uploaded_by details to the /api/documentation endpoint, providing information about the user who uploaded the documentation.

Bug Fixes & Improvements

  • Fixed a bug that prevented the deletion of vendors with deleted products. Vendors can now be successfully deleted regardless of the status of their associated products.
  • Fixed a bug that caused the risk register matrix report in the old user interface to not function properly. The report now generates and displays as expected.
  • Fixed a bug that prevented users from saving edits made to risk records. Users can now successfully save their changes to risk records.

Isora v1.0.2

March 15, 2024

What's New

  • Introduced a protocol selector for URL fields to clarify protocol requirements.
  • Added additional assessment details to PDF exports.
  • Added a new endpoint /api/vendors/hierarchy that serializes vendor products and deployments to optimize search functionality.
  • Added a FEEDBACK_URL field to /api/config, allowing customers to customized the feedback URL to a custom URL if they choose.

Bug Fixes & Improvements

  • Corrected calculations in the score distribution widget and historical data switcher.
  • Improved score rounding for enhanced accuracy.
  • Resolved a bug affecting external survey link functionality in SSO environments.
  • Fixed an issue with lengthy third-party vendor product statuses not truncating correctly.
  • Addressed a bug that prevented some users from launching or publishing assessments due to assessment instruction issues.
  • Fix validation error when a vendor is added with the same name.

Isora v1.0.1.1

February 16, 2024

What's New

  • Added Isora version information to the user menu dropdown.

Bug Fixes & Improvements

  • Resolved an issue with the search bar in report responses that was not returning any results. It now correctly returns results from categories and questions.
  • Addressed a bug preventing unit assessments with asset enrichment from being launched or acknowledged.
  • Addressed a bug that was restricting users from accessing reports.

Isora v1.0.1

February 9, 2024

What's New

  • Introduced a "Partially Launched" status on the unit assessment dashboard for a more intuitive understanding of assessments with mixed "Active" and "Launched" survey states.
  • Refactored the assessment page for better performance, significantly reducing loading times, especially with large datasets.
  • Introduced a new endpoint for Vendor to serialize vendor products, enhancing search efficiency on the frontend.
  • Added a launch_all_surveys parameter and launchsurveys endpoint to AssessmentViewSet.

Bug Fixes & Improvements

  • Fixed a bug where the deploying unit field was not correctly displaying the unit hierarchy tree in the setup wizard.
  • Improved the bell curve report widget to ensure data accuracy.
  • Corrected inaccuracies in column names within the .docx response export feature.
  • Adjusted the letter grade algorithm to ensure accurate grading.
  • Addressed issues with user roles and permissions that previously restricted access to certain features.
  • Fixed a performance issue on the Settings > Assessment page by allowing the addition of ?exclude=survey_details to the assessments URL.
  • Updated the /api/unitanswers/csv to include all questions, regardless of whether they have been answered.

Version 2024.01

  • FIX: Temp fix for querying /api/questionsnapshot/<id>, if survey is in query parameters.
  • NEW: Making Isora Lite configurable from a regular instance, so Lite is easier to maintain.
  • NEW: New UI Changes: risk register, add new fields to vendorproduct and vendorproductsurvey, add new fields to app and appsurvey, add new fields to classificationsurvey, update statuses on assessment and surveys, add new deployment environment - Evaluation, add default instructions - set it on all existing surveys, add ability to launch all surveys from an assessment request, add ability to save launch options to surveys so users can save as draft, add ability to import previous survey responses on launch for vendorproductsurveys, adding report mean to app and vendor most_recent_report representation.
  • NEW: New UI: Adding new attribute for participants to Assessment - it's a combination of all users who might participate in the assessments surveys (ou heads, assessment managers, IT contacts, delegate users).
  • FIX: Fix Classification and App Survey Statuses.
  • FIX: New UI: Fix for final_acknowledged_date in report for when the survey is in pre-final acknowlegement phase.
  • NEW: Add filter_queryset to querysets for reports/all and reports/listdetails endpoints to honor any query parameters passed to them for the New UI.

Version 2023.12

  • FIX: Inventory updates: Fix vendorproduct.assessment_type filtering and add filtering to VendorProductContacts.
  • NEW: Add system_type breakdown for classification surveys to ReportData for use in New UI reports.
  • NEW: Add bulkremove option for attachments in UnitAnswerViewSet for New UI.
  • NEW: Surveys - updating statuses and adding new attribute for assessment status.
  • NEW: NEW UI: Add participants and system_types to reports and product filter to surveys.
  • NEW: Three changes for the New UI display of question lists: We are giving the users a preview of the question list they select when creating/previewing/launching surveys. 1. Making QuestionViewSet AdminOrReadOnly instead of AdminOnly. 2. QuestionListViewSet adding Classification Surveys to queryset. 3. Making QuestionCategoryViewSet AdminOrReadOnly instead of AdminOnly.
  • NEW: Add new entry 'Evaluation' to DeploymentEnvironments.
  • NEW: Add Default AssessmentInstructions, attach it to all assessments for New UI.
  • NEW: Add findings count to reportdata.questions.unit.current for all answers not NA or Favorable.
  • FIX: Fixing order of answer choices ordering by multiplier then text, so that when answer choices have the same multiplier, they are ordered by text.
  • NEW: Summarize CMMC report on backend: future frameworks will be summarized on the backend so that rendering in the New UI is easier.
  • NEW: Updates to SurveyViewSet filters: 1. Filtering out deleted assessment_types for survey param. 2. Added filter by product.
  • NEW: Add grade, grade description, and findings count to report question summary for New UI.
  • NEW: Add listdetails endpoint to reports, ability to filter by specifying ids: it is similar to the reports endpoint except the user can filter on report ids as well.

Version 2023.11

  • NEW: Risk Register downstream activities: enabling risk register downstream, i.e. the ability to create a risk score from an advanced report missing control, from the detailed control breakdown.
  • NEW: New UI Changes: risk register, add new fields to vendorproduct and vendorproductsurvey, add new fields to app and appsurvey, add new fields to classificationsurvey, update statuses on assessment and surveys, add new deployment environment - Evaluation, add default instructions - set it on all existing surveys, add ability to launch all surveys from an assessment request, add ability to save launch options to surveys so users can save as draft, add ability to import previous survey responses on launch for vendorproductsurveys, adding mean app and vendor most_recent_report representation.
  • NEW: Add CSV Imports and Exports to /api/apps backend.
  • NEW: New UI frontend changes: Added feature flag for new UI - can turn it on and off per instance. Converts app, vendor, classification links to new UI.
  • NEW: Added attested_surveys to vendorproductcontacts API endpoint: New UI change so we can see which survey / product the contact attested in the API.

Version 2023.10

  • NEW: Calculate average category score in report.

Version 2023.09

  • FIX: Assessment Type num_assessments fix, adding filters to apps and vendor products for assessment_type of surveys they've participated in:
    • Adding changes to return num_assessments in assessments types as what assessments the user can see (so there are no questions).
    • Adding filter to apps and vendorproducts for assessment_type for surveys the app participated in. Uses AssessmentSecuredQuerySets.get_surveys_queryset to honor permissions.
  • NEW: Added reports mean to surveys endpoint if the survey has a report generated.
  • NEW: Add CSV imports and exports to /api/vendors backend.
  • NEW: Added CSV Imports and Exports to /api/vendorproducts backend.
  • NEW: Added readonly field to questioncategorysnapshot endpoint for new UI.
  • NEW: Added status fields to assessments for new UI: Added number of surveys, added number of surveys completed, added status (Active, Draft, Complete).
  • NEW: Added level filter on /api/orgs endpoint for use in new UI.
  • NEW: New queries and attributes for new UI: assessment_types - filter on running (true or false), assessment_types - filter on target (1, 3, 6), assessment_types - count of assessments, assessments - filter by type (id), assessments - filter by product, app, ou (id), assessments - filter by target (1, 3, 6).
  • NEW: Allow vendors to upload documentation that matches Isora configurations (new UI).

Version 2023.08

  • NEW: Added question parameter (questionlist=questionlist_id) for returning categories, questions in tree order.
  • FIX: Fetch questionlists/all on the create assessment modal from assessments page.
  • NEW: Added tooltip to "Enable host categorization" checkbox in org unit assessment setup dialog.
  • FIX: Fixes external-user access to surveys.
  • FIX: Two updates to orgs endpoint to make working with it easier for the new UI: 1. Added param (parent=uuid) to orgs endpoint for querying level 2. Added attribute num_children.
  • NEW: Added created_date to vendorproducts API endpoint (new UI).
  • NEW: Added new notification options:
    • Adds a VendorRequester contact type.
    • Notifies the above (and some other roles) on vendor survey launch.
    • Adds a new event, vendor survey renewal, and notifies superusers when called.
    • Adds a script to run to send renewal notices.
    • Adds some notification variables useful for the above.
  • NEW: Adding user_total, user_remaining, user_complete to a survey’s progress for questions and classification indicating user specific progress to surveys api endpoint.
  • FIX: Fix for uploading documentation files larger than 2.5MB.
  • FIX: Fix Org Survey Launch Modal Options Bug.
  • FIX: Can now launch an assessment without favorable and unfavorable choice. UI does validation checking when a favorable and/or unfavorable choice is deselected, it is cleared.
  • NEW: Add CSV endpoint for downloading questions in question lists. The option shows up in “Settings” > “Question Configuration” > “Question Lists” as a download icon.

Version 2023.07

  • NEW: New Survey Status Attribute to surveys api endpoint. New Statuses are: Draft, Published, Active, Requires Acknowledgement (Questionnaire), Requires Acknowledgement (Enrichment), Requires Acknowledgement (Survey), Requires Acknowledgement (Assessment Report), Completed.
  • NEW: Add request timing info to logging-middleware output as a way to calculate timing info for API calls.
  • FIX: Risk Register: remove the requirements for the impacts and likelihoods, default them to 0.
  • NEW: Add help for CSV Upload button on survey page.
  • NEW: This patch introduces a comments backend for Isora GRC. It exposes a new endpoint: /api/comments. This endpoint is used strictly to add comments to an existing non-resolved thread.
  • NEW: Added the ability for admins to create org unit (classification) assessments without the host categorization portion.
  • NEW: Added Markdown support for email notifications, which is rendered to HTML before being sent (attached in addition to a plaintext version).
  • NEW: Made Deployment Environment field customizable for products.

Version 2023.06

  • NEW: Added a bulk unitdelegate endpoint to create and delete in bulk through /api/unitdelegates/bulk?survey=SURVEYID endpoint.
  • NEW: Unit answers bulk update, adding category to success and error rows.
  • FIX: Fixes for auditor permissions.
  • NEW: Display assessment name for launched and completed vendor assessments.
  • NEW: Added number of sheets to the /api/orgs endpoint.
  • NEW: Adding categories/all endpoint to show more than 25 categories.

Version 2023.05

  • NEW: Added tooltip to Add Documentation button and related tooltip improvements.

Version 2023.04

  • NEW: Admin has ability to upload and download survey answers in CSV format.
  • FIX: Risk register report now pulls /api/riskscores/all endpoint
  • FIX: Custom attributes population - response groups needs /allRiskRegister endpoint - to limit all custom attributes that pertain to the Risk Register
  • NEW: Added due dates to Open App and Classification Surveys listings.
  • FIX: Fix to show VendorProductContactsin Vendor Product Deployments when you have more than 25 VendorProductContacts.
  • FIX: Fix for bulk lock and save not working when there are questions not answered.
  • FIX: Fix to show all Vendor Product Deployments in Vendor Products when there are more than 25 deployments total.
  • FIX: Fix to show all assessmenttypes (when there are more than 25) when launching an assessment on Assessments and Settings pages.
  • NEW: For app reports, added a new section to the reportdata blob, where we find all of the app reports matching the vertical and calculate the mean for the question categories if found. Since the app's vertical is not a requirement, this gave us some errors when trying to render the dynamic portion of the report blob. This PR accounts for this problem.

Version 2023.03

  • FIX: Fix migration conflicts for assessments.
  • NEW: Added the ability to delete a vendor product.
  • NEW: Allows users to add documentation to exception requests.
  • NEW: New model for adding Assessment Instructions, where admins can create them and add it as an attribute of an Assessment. Should be available to Surveys. Right now this is only available via the api.
  • FIX: Fix for previous answers that were NA.
  • FIX: Fix for when a user is an AppUserContact who can assess, can lock, but not unlock an answer on an app survey.
  • NEW: Added category as a searchable field for hosts through the api.
  • NEW: Add category as a searchable field for Apps through the api.
  • NEW: Added the ability to Import and Export Policies via CSV.

Version 2023.02

  • FIX: Fix for multiple leaf in migrations due to answer_text and question category merges.
  • NEW: Added sending notifications to question category delegates when they are added to a question category.
  • NEW: Add /all to /api/apps endpoint to provide an unpaged list of apps, so it's easier to query /api/apps/all?attribute=value.
  • FIX: TreeCsvUploadHandler - filtering out deleted things when looking up parent objects.
  • NEW: Push label of answer choice selected to unit answer and report.
  • NEW: Added chosen answer's text/label to csv export.
  • FIX: Bug in auto-lock/import logic for UnitAnswers that did not copy over new answer_text value from previous UnitAnswer objects.
  • FIX: Question CSV upload now filters out deleted parent and question categories so question is not attached to incorrect parent and/or question category.
  • FIX: Rendering of host-asset MAC addresses in Exception Request asset selector view.
  • FIX: Bug when trying to create a vendorverticalcategory record through the api.

Version 2023.01

  • NEW: Documentation upload for Assets (Hosts, Apps, Vendor Products)
  • FIX: Bug on the trend chart where a survey's assessment must have all surveys completed before this survey's score shows on the trend chart. This fix includes the survey in the unit trend line if its assessment has unfinished surveys. The org trend line will not have a point for the same time, until all surveys are completed.
  • FIX: Added ability to switch dashboards for apps. Apps now has 3 dashboards in the switcher: Current dashboard is now named: 1. Basic App Report (Default). 2 new dashboards: 1. DFARS & CMMC 2. Advanced App Report (exactly like vendor report)
  • FIX: Fixed local auth error message for invalid credentials

Version 2022.12

  • FIX: Advanced vendor report - in category breakdown, it previously showed all categories in all reports in the vertical when report being viewed doesn't have those categories. That muddies up report between hecvat versions, different question lists, etc. This visualization now compares only the categories in the current report across the vertical.
  • FIX: Update handling of N/A categories to re-calculate the category score if ANY answer is N/A

Version 2022.11

  • FIX: Fixing question list dropdown (not paginating) on new/edit assessment form
  • FIX: Adding Assessment Save UI Notification on Settings > Assessments > Assessments edit/new page
  • FIX: Adding a UI notifiation to the Host Classification Save All functionality. The notification shows up and the 'Save All' button is disabled when user clicks 'Save All'; the notification disappears and the 'Save All' button is enabled when success or fail is returned from server.
  • FIX: Dropdown fixes for safari browser to work properly
  • FIX: Child org unit risk register data is read only when the user is assigned the Risk Auditor role and Inherit is selected.

Version 10.2022

  • NEW: New Risk Register Reporting Page
  • FIX: Risk Register - Removed risksettings endpoint
  • NEW: Risk Register - Added scope to config
  • NEW: Risk Register - Ability to change labels through config
  • FIX: Risk Register - Cleaned up results on History Tab on Risk Score record
  • NEW: Risk Register - Added ability to create risk on upload if it doesn't exist
  • NEW: Risk Register - Added ability to create risk on risk score create / edit if it doesn't exist

Version 2022.09

  • NEW: On host, set last editor to the saving user and save edited date
  • FIX: Erroneous tooltip about expiration date in New Assessment dialog modal
  • FIX: Survey launch dialog, links to docs about notifications
  • FIX: Add the ability to edit exception requests

Version 2022.08

  • FIX: Cleanup display on hosts and surveys, save to pdf
  • FIX: Make UI changes to question helptext, Show a tooltip for extended helptext display on survey ou question template, Add a modal for displaying very long Question HelpText. Display HelpText in that modal instead of a popup when the HelpText is long.
  • FIX: Updated Delete dialogs for org units, questions and categories to be more useful

Version 2022.07

  • FIX: Added tooltips to drop-downs and checkboxes for data classifications and categories to show help text
  • NEW: Host bulk delete
  • FIX: Fix to logging for performance increases
  • NEW: Risk Register

Version 2022.06

  • FIX: Comment header in CSV file for Permissions upload
  • FIX: Lite sync script updates
  • NEW: Allow running assessments to have their question snapshots updated

Version 2022.05

  • FIX: Update exception request to use user profile username entry rather than user.username to avoid issues when users are deleted
  • NEW: Multiple vendor product deployments can now be added to an Organization's product inventory (previously, OUs could only add one deployment per vendor product). A given owner org unit can now add three deployments to their vendor product inventory representing test, development, and production environments.
  • FIX: Improved error message when trying to save a duplicate vendor product deployment to an org.

Version 2022.04

  • NEW: Advanced Vendor Dashboard: Gives users the ability to filter on various question attributes, compare category averages between the vendor and the vertical average, and understand high vs low risk vendor answers.
  • NEW: Added questions complete count in vendor and app survey listing in Assessments > Open tab.
  • FIX: Staleness indicator on vendor survey listing in Assessments > Completed tab.
  • FIX: Disable report dashboard dropdown when there's only one report dashboard.
  • FIX: Updates Basic Vendor Report > Answers tab to display consistently between browsers. Firefox and Chrome previously displayed differently.

Version 2022.03

  • NEW: Automated documentation now available for API endpoints: https://myisoraurl/api/schema/redoc/. Users must be authenticated into Isora to have the ability to read the api documentation.

Version 2022.02

  • NEW: Users can choose from additional options to increase the number of Hosts displayed per page when viewing a Sheet.
  • NEW: The filter popover menu has been redesigned on the Sheet view page.
  • NEW: Users and Vendor Requestors can now create and view exception requests for hosts on which they've been added as a delegate.
  • FIX: Users can now download attached files in completed assessments as expected.

Version 2022.01

  • NEW: New vendor assessment surveys now default to allow report to be viewed by others. This allows users who may be interested in a specific vendor to assess the vendor using the existing report.
  • FIX: Deleting vendor surveys from the Assessments page now works as expected.

Version 2021.12

  • NEW: As part of a settings config update, users can now view the Isora version in the bottom right-hand version on the Settings panel.
  • NEW: Org Unit Assessment survey types can now be deleted through the API by system admins. This functionality is in addition to existing delete capability by various roles for vendor and application assessments.
  • NEW: CMMC Dashboard updates - Adding question criticality filter to Detailed Control Breakdown filters (to be able to search by most critical controls). Added Unit to front of report header.
  • NEW: Added column to QuestionLists page to show target types
  • FIX: fixed capitalization issues
  • FIX: replaced Type with Series
  • FIX: fixed output display of question list target type
  • FIX: Tooltip improvements

Version 2021.11

  • NEW: Users can bulk apply a Classification value to multiple hosts on a sheet using the Bulk Action drop-down selection menu. If the user selects the “Confidential” data classification from the pop-up window, then they will also be presented with the option to select data category values to bulk apply to the hosts.
  • NEW: When choosing to import previous answers at survey launch, all available previous answers will be imported regardless of any changes made to the underlying questions since the last survey took place. This assumes that most questions get edited to update language, correct errors, or adjust answer requirements, but leaves the intent of a question the same. If an imported answer fails to meet the updated intent or requirements of a question, the user will need to take action to meet those requirements.
  • NEW: Added ability for user to switch between the Comparative (default) and DFARS & CMMC (New) dashboards. The dashboard searches specific tag frameworks (NIST 800-171, CMMC Level, SPRS) to show a complete dashboard with SPRS Assessment Score, and a breakdown of NIST 800-171, CMMC Levels 1, 2, and 3. In the detailed control breakdown, users are able to search/filter questions, answers, categories and statuses.
  • NEW: Acknowledging a survey brings policies into the report data endpoint.
  • NEW: Isora Admins can now create asset statuses via the API and apply one or more to a vendor product via the UI. New status endpoint /api/assetstatuses.
  • NEW: Admins can now specify which notifications they want to send to users.
  • NEW: Users can bulk delete multiple hosts from a sheet using the Bulk Action drop-down selection menu.
  • NEW: Users can bulk apply a System Type value to multiple hosts on a sheet using the Bulk Action drop-down selection menu.
  • NEW: Users can bulk apply a Priority value to multiple hosts on a sheet using the Bulk Action drop-down selection menu.
  • NEW: Users will now see more-helpful context messages in confirmation dialogs when deleting certain assets from Isora GRC.
  • NEW: When disabling former users, disabled users will also be removed from all App and Vendor Product Deployment-related listings.
  • FIX: When canceling a bulk action, the bulk action dropdown menu will be disabled and greyed out.
  • FIX: Searching for hosts now works as expected.
  • FIX: Editing vendor products now works as expected (admin role only).

Version 2021.10

  • NEW: Expanded vendor inventory management capabilities – allowing units to create and manage local metadata for their respective vendors.
  • NEW: UI will now check for an answer and explanation before prompting the user to attach a file on an assessment question.
  • NEW: Users can now see additional metadata about duplicate hosts (e.g., by MAC, by IP, by sheet).
  • NEW: Users will no longer see Technical Contact and Delegate links on Open Unit and Application Assessments when the count of Technical Contacts and Delegates equal zero.
  • FIX: Corrected a problem where org unit question responses weren't correctly downloading as a CSV.
  • FIX: Corrected an issue where a report wouldn't appear on the reports page once an assessment was completed unless a hard browser refresh was triggered.
  • FIX: Users will now receive an improved error message when creating a new assessment.
  • FIX: api/metadata endpoint will now return data. Fixes bug after vendor/assessment merge.
  • FIX: The Vendor Product Description field has been expanded so users no longer need to scroll when viewing longer descriptions.
  • FIX: The App Description field has been expanded so users no longer need to scroll when viewing longer descriptions.
  • FIX: The Settings > Question Configuration > Question List treeview listing indents child questions appropriately.
  • FIX: Report csv downloads will now show question ID, which will allow users to find the text of the parent question.
  • FIX: Issue with a spinning hourglass when selecting the tree view in the Question Configuration section has been resolved and selecting the tree view now works as expected.

Version 2021.09

  • NEW: Users can now attach documentation to surveys with file names of up to 250 characters.
  • NEW: Users can now add a description to sheets.
  • NEW: New sheets that have never been edited now say “never edited” instead of showing the created date.
  • NEW: Users can now filter hosts by “seen_after” in API.
  • NEW: Improved save workflow on the Notifications page and added clearer success messaging.
  • NEW: Updated capitalization on delegates listing and host categorization page to be consistent with other UI style elements.
  • FIX: Moving hosts in bulk from one inventory sheet to a new inventory sheet, now works when choosing from the sheet suggestion list.

Version 2021.08

  • NEW: Super users can now enable API access when creating a new user as expected.
  • FIX: Assessments page will now refresh open assessments when a new vendor assessment is added.
  • FIX: Uploading and downloading documentation on external vendor survey links now works as expected.
  • FIX: Links to download attachments on answers in reports now works as expected. The issue was incomplete data available to the page when rendering to get to the proper download destination. Test coverage now includes checking for this necessary information.
  • FIX: Notifications now send to assessment managers and superusers on vendor/app survey final acknowledgement.
  • FIX: Sheet CSV exports now properly export the “category” field now as a nested CSV.
  • FIX: Allow org unit type assessment creation to progress beyond the first dialog page.

Version 2021.07

  • FIX: Shared Vendor Surveys now have a unique UUID for each organization that is able to view the survey.
  • FIX: Some host sheet downloads were failing due to Django update; issue has been fixed so that all host sheets download as expected.
  • FIX: Csvs upload as expected.

Version 2021.06

  • NEW: Settings UI updates.
  • NEW: Allow "enter" to activate the As-User form.
  • NEW: Allow As-User form to search users by name.
  • NEW: Allow moving hosts from one sheet to another.
  • NEW: As part of Location serialization, include number of assets in that location.
  • FIX: Updates to various builtin help texts.
  • FIX: Highlighting duplicated hosts in a more obvious way.
  • FIX: Prevent host info popup from appearing if user has selected text.
  • FIX: Return a more specific error (rather than 500) on user creation attempt when missing attributes.
  • FIX: Handle deletes of Locations more gracefully.
  • FIX: Allow searching of sheets to filter only sheet metadata (rather than linked assets as well).
  • FIX: Update dependencies, including to Django 3.2.
  • FIX: Bug wherein a user sheet owner might not see hosts in the express view.
Did this answer your question?