Listed below are the notable Content Releases (CR) and the resulting changes made to the CyberGRX Security Questionnaire for each.
CR # | Change | Date |
CR 22 | Business Resiliency Questions added to Control Family 2.6 | Q1 2019 |
CR 26 | Maturity Questions moved from Control Family level to Control Group level | Q1 2020 |
CR 27 | Section A and B content additions | Q2 2020 |
CR 28 | Privacy Control Group added and GDPR Control Group Removed | Q3 2020 |
CR 30 |
Content and syntax refresh Evidence Validation process change:
|
Jan 25, 2021 |
CR 31 | Content syntax changes | Apr 14, 2021 |
CR 33 | 10 additional critical controls were added to Evidence Validation selection (increasing from 50 to 60) | Jun 23, 2021 |
CR 34 |
Content syntax changes Static list of critical controls for Evidence Evaluation (applies to Tier 1 & 2) Updated Service Agreement for all existing and new customers |
Jul 12, 2021 |
CR 35 |
Updated 4.7.3.1 from Human Capital Training to Security Staff Training Pri.1.2.1 spelling mistake in timeliness 3.5.6.1 Coverage and 3.5.6.2 Coverage both had a bug on <25% option where it displayed blank. Updated Vendor Agreement |
Oct 12, 2021 |
CR36 |
An audit of the last five content releases resulting in many wording updates. |
Oct 29, 2021 |
CR37 |
Three new sub-controls: Metric answer updates: |
Nov 11, 2021
|
CR38 |
1.1.3.1.Strength: added clarity to answer options 1.1.4.1.Coverage: added clarity to answer options 1.2.1: Removed 'and budget' since budget is covered in 1.2.2 1.3.4.1.Strength: added clarity to an answer option 3.1.2.1.Coverage: Simplified terminology in a few answer options 2.4.2.1.Strength: Aligned answer option wording 2.6.2.1: Aligned wording to be business continuity plan, removed acronym BCP, removed all instances of contingency 2.6.3.1: Aligned wording to be business continuity plan, removed acronym BCP, removed all instances of contingency 2.6.4.1: Aligned wording to be business continuity plan, removed acronym BCP, removed all instances of contingency Replaced preventive with preventative to align with the rest of the questionnaire. |
Jan 07, 2022 |
CR39 |
Number: 2.5.2.1.Strength Number: 3.2.1.3.Coverage Number: 3.2.2.2.Coverage Number: 3.3.3.4.Coverage Number: 3.6.1.1.Strength Number: 3.6.1.4.Strength Number: 3.6.2.1.Strength Number: 3.6.4.2.Strength Number: 3.6.4.1.Strength Number: 4.1.3.1.Strength Number: 4.1.3.1.Coverage Number: 4.2.3.1.Coverage |
Jun 21, 2022 |
CR40 |
2.5.2.1.Strength answer option word misspelling correction: CR39 has 4.7.4.1.Timeliness answer option word change: 3.3.2.7.Timeliness answer options word change: Added new control 2.5.5 around security incident response. |
Aug 4, 2022 |
NA |
Business Background Section B: Cyber Security question section removed from Assessment |
Aug 30, 2022 |
CR41 |
Updated wording in "evidence and technology examples" provided during evidence collection phase of the Validation Workflow.
No changes to controls content. |
Oct 13, 2022 |
Comments
0 comments
Please sign in to leave a comment.