Tests Page details & feature sets

Secureframes Test Pages provides a comprehensive list of all Tests (passing, failing, at risk, and not-applicable) based on the frameworks you have purchased.

The Test page provides users who are not as familiar with Controls/Requirement an easy list of items needed to complete before audit. 

Each tests are mapped with the respective Framework, Controls, Requirement so that your efforts seamlessly translate to additional frameworks if applicable.

  • Passing Tests - the test have met all individual evidence criteria and is currently passing
  • Failing Tests - the test have not met all the individual evidence criteria (ex, 1 of 5 users have acknowledged policies)
  • At Risk Tests - this test is part of the tolerance window configuration where a test will move from "passing" to "at risk" instead of failing instantly. The test is "At Risk" to failing. 
  • Not Applicable Tests - the tests are not applicable based on the framework you currently have enabled, or the Test in question is not currently mapped to any controls which keeps the test in a Not Applicable status. 



What is a Test?

A Test proves whether a Control is or is not operating as designed. A Control is operating as designed when the Test(s) that make up a Control are all passing. A Test can satisfy multiple Controls and multiple Controls can be satisfied by a Test. Typically, there are multiple Tests that support a single Control.

Secureframe has three types of tests available within the platform:

  • Integration tests: leverage our integration automations to verify your setup is meeting test requirements

  • Platform tests: completed within the Secureframe platform eg. Policy acceptance, Security training, etc…

  • Upload tests: tests that require a file upload as evidence

Test Panel (slide out) Overview

Click on any Test to launch a detailed page containing the Test Name, Description, along with an Overview with Remediation Guidance, Evidence, Controls the test relates to, and a Comments section.

Screenshot_2023-03-29_at_2.40.23_PM.png

  • Overview: Secureframe's recommendation for taking action on what is causing a test to fail by either correcting the underlying configurations or resolving other issues. There are detailed instructions on how to make changes to your systems in order to achieve a passing test. Make sure to check the Evidence tab on the test in order to determine which resources need to be remediated as a test will show as a failure even if only one resource is failing.
  • Evidence: These are the results for your test and include additional details on what is missing or failing (if applicable). To see additional information on why an item is failing, hover over the result under "Message".
  • Evidence Types: Not all files are supported in Secureframe. We recommend .jpg, .png, .pdf, .docx, .xlxs, .csv, and more. (Note: We do NOT support .doc, because this file type uses a binary format that is less efficient with newer tools.)
  • Additional Evidence: For platform and integration tests you have the ability to upload supplemental  or multiple pieces of evidence to support a current test. Note: This is not the same as pass with upload.
  • Controls: Here you can view which Controls a particular test maps to for each framework.
  • Comments: Collaborate with other users at your company using the comments section.  You can take notes, work through remediation steps, and chat with your fellow team members in this tab.
  • Finding Noted: Users can now add comments or findings to evidence uploaded. Please note Evidence with findings noted will not pass the upload tests. IF tests exist with findings you will also see a banner on your tests page to filter those labeled "Tests with Findings"

Test Page Filters & Columns

The Test page offers a variety of Columns and Filters to help provide the data you need when reviewing Tests at a high level.

  • Columns allow you to enable/disable data rows that are relevant to your test page.
  • Filters allow you to access a subset of data in the test page based on your chosen criteria.

Ex, Type is exactly = upload test, plus Owner contains "name of admin" to narrow down upload specific tests that are assigned to one of your admins. 

Both Columns and Filter sets can be saved by using the Save View button, or they can be reset by using the Clear All Filters button.

Test Columns options:

  • Vendors - vendor associated with the test, typically from Integrations
  • Owners - owner assigned
  • Resource Category - Risk, Network, Personnel, etc..
  • Type - Upload, Platform, Integration test
  • Domain - Risk Management, Network Security, etc..
  • Function - Vendor Management, Training, Security Monitoring, etc..
  • Author - Secureframe test, Custom Test, etc..
  • Next Due Date
  • Test Interval - weekly, monthly, quarterly, yearly
  • Last Refreshed - date in which the test was last refreshed
  • Last Uploaded - indicates a date the last file (evidence) was uploaded
  • Tags

Test Filters options:

  • Tags
  • Status
  • Type
  • Domain
  • Function
  • Author
  • Owner
  • Next Due Date
  • Test Interval
  • Has Findings
  • User Authored
  • Vendors Frameworks
  • Last Uploaded (identify old evidence)

When to utilize Pass with upload

Pass with upload (manually uploading evidence) should be utilized when a failing test should be a passing test but is not currently recognized by the system. An example of this would be if you perform testing outside of your version control tool, thus causing our API to not pick up the testing performed. In this case, you will want to take an example of how testing is performed outside of the version control tool (a screenshot of SAST testing performed on a PR for example) and select Pass with upload.

Screenshot_2023-03-29_at_2.50.36_PM.png

Note: This screenshot only captures one example of this test being performed. Without the integration operating continuously you will lose the ability for the test to continuously monitor for compliance. Please ensure that during an audit window the respective tests are being performed.

How to mark Tests as Not-applicable:

You have the ability to mark tests as not-applicable. Once marked as not-applicable, the test will not appear as failing regardless of the integration. Be careful when marking these tests and always put a detailed justification that will be used to communicate to your team and auditors the reason the test is not needed. Additionally, Secureframe automatically marks certain tests deemed not applicable to your organization, however, you may enable them for use at any time.

Screenshot_2023-03-29_at_2.51.45_PM.png

Reviewing old evidence

Regularly reviewing old evidence ensures your organization remains compliant with regulatory standards.

To do this quickly and efficiently in Secureframe, we recommend using the Last Updated feature on the Test Page.

This can also be used in combination with other filters like "Type = upload" indicating those test with manual uploads.

  • Last Updated Column - In the test section, enable the Last Updated column, which indicates a date the last file (evidence) was uploaded.
  • Last Updated Filters - In the test section, enable the Last Updated filter, which will provide parameters for finding evidence "before, after, exactly, or in between" a specific date. 
  • Screenshot 2024-12-18 at 10.51.26 AM.png

How to enable Non-applicable Tests

You have the ability to enable any non-applicable Test. Once a test is enabled it will automatically be mapped to the relevant Control(s).

Screenshot_2023-03-29_at_2.52.50_PM.png

How to use bulk actions on Tests

The Test Page offers a variety of options for Bulk Actions to make your work more efficient.

By selecting one or more of the Tests using the check box, a modal will appear in the bottom of the page.

This will allow you to use bulk actions on the following:

  • Property - ability to edit Owner, Tolerance Window, Test Interval, Edit Tags to selected tests
  • Comment - ability to add comments to selected tests
  • Tasks - ability to add Tasks to selected tests
  • Refresh - ability to bulk refresh selected tests
  • Disable - ability to bulk disable selected tests

"Select All" Test Page Features

Nearly every page has a Select All feature which, when selected, provides many additional helpful options for interacting with your data.

When using the Select All on the Test page, it provides a modal pop-up with many bulk feature actions described here

Frequently Asked Questions (FAQ)

How can I easy see old evidence that needs to be updated?

  • In the test section, you can use the Columns feature to display the Last Updated field. This will allow you to search through ALL test and identify those test with older and possibly stale evidence.
  • In the test section, you can use the Filters to display the Last Updated field with parameters. This will allow you to review evidence before, after, exactly, or in between a specific date. 
  • Screenshot 2024-12-18 at 10.51.26 AM.png

Where can I see historical data related to any test that shows changes and timestamps made in the test, regardless of whether it’s a platform, upload, or integration test?

  • Currently, Secureframe does not track or display this type of information.
  • However, we do currently have a feature request to introduce functionality that would allow users to view historical information for any test. This feature would include details such as changes made to the test, changes in ownership, timestamps for transitions (e.g., when the test transitioned to a failed state), and more.

What does it mean to be a Test Owner?

  • Test owners are responsible for the status of the test.  They will have their test statuses summarized in the "Owned by me" email they receive from Secureframe. 

I just added evidence to many of my tests, but they are still failing?

  • If you want to see your test percentage passing reflected right away, you will want to hit “Refresh all tests” in the top right of the page to ensure you are working with the most up to date information.
  • Otherwise, this information will be updated the following day as we perform daily refreshes. 

Why is a Test marked as Not-applicable?

  • A test can be marked as not-applicable if you deem it irrelevant to your business or if it is a General Test given to all Secureframe customers. If a test is marked not-applicable by Secureframe, this means that it is N/A for the frameworks you purchased.

How do I remove a finding?

  • First, understand that user who added the finding disables the "finding" flag from the comment.
  • Once you have resolved the finding, you can now delete or archive the evidence with the finding, and re-upload it to the test.

We understand this is not the best workflow, and our team is looking to improve this by possibly adding an option to satisfy a finding, rather than archiving the evidence itself.

 

Can I bulk assign owners to tests?

  • Yes, not only can you assign Test Owners in bulk. 
  • In addition you can use our Bulk feature to add test intervals, tolerance windows, tags, comments, tasks, refresh and disable tests.

I tried uploaded a .doc file type as evidence and I am getting an error?

  • We do not currently support .doc because this file type uses a binary format that is less efficient with newer tools.)
  • We recommend .jpg, .png, .pdf, .docx, .xlxs, .csv, and more. 

I've re-enabled a test that was previously disabled, but it still says Not applicable (User)?

  • In this scenario, it seems the test is currently missing a control mapping, which is keeping it in the disabled state.

  • You can either map this to an applicable framework, or if you have a control that you would like this mapped to, you can always add a control mapping by opening the test, clicking the Controls tab, then Edit Mapping.

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.