Rethinking the Role of Compliance

Global Aerospace & Defense Company

Qmulos modernized compliance at the company, allowing its ISSOs to automate NIST 800-53 technical evidence collection and review.

Commercial organizations are under increased pressure to establish continuous control monitoring – the ongoing detection of risks and problems within IT environments using real-time data – and automated cyber compliance to safeguard their systems and data amidst ongoing security threats.

The Continuous Monitoring (ConMon) framework was established by the National Institute of Standards and Technology (NIST) to ensure organizations meet ongoing authorization requirements through its NIST 800-137 controls. The ongoing manual monitoring of vulnerability scans and the continuous need to ensure timely remediation can easily become a daunting task. The purpose of ConMon is to maintain a consistent level of security throughout operations, through the continuous collection and analysis of data in real-time.


Customer Challenge:

A large aerospace and defense contractor was in need of a cohesive compliance solution for restricted programs. Its assessments were paper-based and manually driven, requiring time-consuming data calls and evidence collection. Each ISSO in the organization manages multiple systems, in isolated networks, creating bottlenecks and backlogs around assessments and audits as well as blind spots around threat detection. The lack of automation and continuous monitoring was impacting its security posture and making it difficult to meet ConMon security controls and NIST 800-53 security and privacy controls.

The organization’s traditional, manual approach to compliance was creating lots of headaches, causing a drain on resources, inefficiencies, and drawn-out timelines for maintaining the ConMon security authorization.


Qmulos Solution:

With a vision and desire to be technologically innovative and progressive, the company and Qmulos kicked off a collaborative partnership to identify the strategic needs across sales, delivery, and development, and better understand the company’s biggest pain points.

The Qmulos implementation, engineering, and customer success teams moved quickly to support the contractor to roll out Q-Compliance – an all-in-one solution that optimizes risk management efforts with real-time continuous monitoring – and Q-Audit – Qmulos’ Splunk-powered real-time audit software – to implement continuous control monitoring with the goal of supplementing homegrown threat detection solutions with Qmulos’ more robust threat alert system.

Starting with technical evidence collection, through data validation, control state analysis, creation of POAMs and SSPs, reporting, dashboard, audit and assessment support, Qmulos is supporting the mapping of data to specific controls as outlined in the ConMon framework and automating every phase of the company’s compliance workflow.


Results:

The company’s journey to replace its traditional approach to cyber compliance with Qmulos’ flexible, scalable, converged compliance solutions that meet the various demands of the DoD and FSI space is well under way with positive early successes. Q-Compliance is helping decrease the amount of time spent on manual data calls by using real-time technical evidence and control monitoring, accelerating assessment and audit readiness. Q-Audit is supplementing the company’s suite of applications with a more robust insider threat hub and alert system.

Qmulos helped the company tailor a solution that focuses on ConMon controls and prepared the organization to achieve NIST compliance. The contractor believes in the vision and the ability to drive change and deployment at scale, across hundreds of isolated system authorizations. Using a train-the-trainer model and mutual collaboration across the enterprise, Q-Compliance and Q-Audit is being rolled out quickly, helping the company raise the bar and transform legacy security, risk, and compliance processes into modernized, automated, and machine-augmented functions.


The power of converged continuous compliance for NIST 800-53:

UP TO 80% time savings via technical evidence collection and review instead of manual data collection and

UP TO 80% time savings in control review by leveraging automated pass/ fail, POAM creation, control alert logging, and more

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.