Rethinking the Role of Compliance

Fast Forward CMMC Compliance with Cisco and Qmulos

With the debut of the Cybersecurity Maturity Model Certification (CMMC), any organization engaging with the DOD must quickly become compliant. Non-compliance with CMMC jeopardizes your organization’s continued participation in the DOD contracting ecosystem, your ability to bid on defense contracts, and potentially threatens your existing contracts. It can feel overwhelming even to figure out where to start.

Here’s the good news: Organizations can leverage Qmulos’ next-gen compliance solution, Q-Compliance, coupled with Cisco’s suite of security products, to automatically demonstrate compliance with built-in Qmulos-powered technical visualizations in record time! By record time, we mean as short as one day if you already have data from your Cisco products properly indexed into your Splunk instance! Otherwise, add a few weeks, but that’s still pretty fast compared to the manual alternatives.

Matt Coose, Founder and CEO of Qmulos said, “Qmulos is proud to be partnering with Cisco to greatly accelerate our customers’ roadmap to achieving CMMC compliance, leveraging the powerful suite of Cisco products. Together we are not only helping with compliance, but with fulfilling the intent of compliance: improving their actual security posture.”

Qmulos leverages a combination of Cisco products such as Identity Services Engine (ISE), Duo, Secure Network Analytics, Firepower, and the Adaptive Security Appliance (ASA), ingesting and contextualizing data from these products into Splunk, creating dynamic dashboards organized by business unit, system, and relevant CMMC controls and levels. The result is a single pane of glass to review the vital technical evidence necessary to prove compliance. As Douglas Hurd, Leader, Cisco Secure Technical Alliances said, “The Qmulos Q-Compliance dashboard for Cisco is a great example of how working closely with technical alliance partners creates added value for customers. In a single view, joint customers can see their status for much of their CMMC requirements without needing to analyze multiple reports from point products. It saves customers a lot of time.”

Qmulos’ approach drastically reduces the significant manual overhead traditionally required to collect evidence, allows for the upload of non-technical evidence, and helps customers achieve the intent of CMMC: the ability to monitor critical technical controls and drastically improve real operational security. Combined with other data sources you may already own, organizations can quickly populate any remaining controls to achieve up to Level 2 certification. This is the power of taking a data-driven approach to compliance! (See our blog for more details)

Figure 1: CMMC Scorecard providing a high-level overview of all controls.

Here’s how it works: Forwarders get your data into Splunk where it is tagged and made searchable. This data onboarding step only needs to be done once for each source. The tags provide necessary context to the data which enables the data to be presented in a series of dashboards. There are dashboards for every control. Various technical control dashboards contain pre-built searches that dynamically locate data that is relevant for that particular control’s requirements. As a dashboard for a given system and control is opened, the searches run, the search results are returned, and the technical evidence is presented that is needed to assess or audit that control. There are various alert actions that can be configured to do things like automatically set assessment or audit status, create a POAM, send an email, and many others. Other dashboards show scores for controls, systems, and/or entire frameworks so that customers know the status of their compliance posture at any given moment, based on near real-time technical evidence from the various products that are protecting our customers’ networks and systems.

Sounds magical, we know. It kinda is.

Once installed, customers can use the Data Sources dashboard to:
1. Identify which controls can be fulfilled by certain products;
2. View examples of products that fulfill a particular control; and
3. Which controls currently have technical evidence being ingested into Q-Compliance.

Figure 2: Cisco Data Sources dashboard.
Figure 2: Cisco Data Sources dashboard.


By the way, Qmulos’ capabilities aren’t limited to CMMC! If you have other compliance requirements that you need to follow, Q-Compliance can help you track them, all at the same time, and even for the same systems if needed. Several compliance frameworks are already built into Q-Compliance such as NIST RMF, HIPAA, FedRAMP, StateRAMP, NIST Cyber Security Framework, and many more. And if your compliance framework isn’t in Q-Compliance already, it’s easy to add custom control libraries, frameworks, and overlays.

About Qmulos

Qmulos is a cybersecurity company that builds innovative solutions to help security professionals improve their enterprise’s security posture. We build our solutions on Splunk’s robust, scalable technology to unlock the value of your data and automate initiatives ranging from compliance and auditing to cyber defense. Qmulos helps customers move to leading-edge compliance solutions that provide true security value. Our clients range from large federal agencies to Fortune 1000 companies.

For more information, please visit

Others have also read ...


What is ISO 27001 Compliance?

ISO 27001 compliance involves adhering to the international standard for information security management systems (ISMS). This standard provides a systematic approach to managing sensitive information and ensuring data security.

Qmulos’ platform supports ISO 27001 compliance by automating the processes required to implement and maintain an ISMS. Our solutions provide real-time visibility into compliance status, ensuring that organizations can continuously meet the requirements of the standard.

Read More »

Qmulos Recognized in 2024 Splunk Regional Partner Awards

Qmulos Named 2024 Regional Partner of the Year Winner for Outstanding Public Sector
Partnership – Qmulos, a next-generation compliance, security and risk management automation provider, announced today it has received the 2024 Regional Partner of the Year award for exceptional performance and commitment to their Splunk partnership.

Read More »

What is Continuous Authority to Operate (cATO)?

Continuous Authority to Operate (cATO) is a dynamic and ongoing process for maintaining the authorization to operate IT systems within a federal agency. Unlike traditional ATO processes, cATO involves continuous monitoring and assessment of security controls to ensure compliance.

Qmulos supports cATO by providing continuous monitoring and real-time reporting capabilities. Our platform enables federal agencies to maintain their ATO status by continuously assessing and addressing security controls and compliance requirements.

Read More »

What is M-21-31 Compliance Automation?

M-21-31 compliance automation refers to automating the processes required to comply with the U.S. Office of Management and Budget’s (OMB) memorandum M-21-31. This memorandum outlines requirements for federal agencies to implement zero trust architecture and modernize cybersecurity defenses.

Qmulos offers solutions that help organizations automate M-21-31 compliance, providing real-time visibility and reporting capabilities. Our platform ensures that organizations can efficiently meet the requirements of the memorandum and enhance their cybersecurity posture.

Read More »

What is Compliance Workflow Automation?

Compliance workflow automation involves using technology to automate the processes and tasks involved in managing compliance. This includes automating data collection, reporting, and monitoring to streamline compliance activities and reduce manual effort.

Qmulos provides comprehensive compliance workflow automation solutions that enhance efficiency and accuracy in compliance management. Our platform automates key compliance processes, enabling organizations to focus on strategic initiatives and maintain continuous compliance.

Read More »

What is IT Risk Management?

IT risk management is the process of identifying, assessing, and mitigating risks associated with an organization’s information technology systems. This includes managing risks related to data breaches, cyberattacks, and system failures.

Qmulos’ IT risk management solutions integrate risk assessment and management into our broader compliance platform. Our approach ensures that organizations can effectively identify and mitigate IT risks while maintaining compliance with regulatory requirements.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.