We are fairly new to ConnectSecure and one large issue we are having with the platform is not being able to mark HIPAA Compliance Standards as Mitigated. There are many Standards that would not have a direct resolution but instead be mitigated. Below is an example:

164.312(a)(2)(iii) - Automatic Log off - Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity

The 164.312(a)(2)(iii) standard is listed as "Addressable". This signifies that the approach to comply with this standard is flexible and allows to put a technical procedure in place as screen timeout, screen lock and many others that would satisfy this standard.

Currently, there is no way to prove a client of ours is compliant with this standard as most of our clients have screen lockout and not Automatic logoff in place. We would like to see a suppression field similar to the Vulnerability Suppression field as shown in the attached image. This would be an amazing feature and allow compliance to be more flexible in approach.