Rethinking the Role of Compliance

General Availability of Q-Compliance V4.3.0 and Supporting Apps/Add-Ons

Qmulos is thrilled to announce the general availability of the Q2 release of our Converged Continuous Compliance solution, Q-Compliance, along with new versions of supporting apps and technical add-ons (TAs).

We’ve added support for several new and updated compliance frameworks and standards.  In addition, we’ve added many exciting new features that improve and streamline integration with the DoD’s eMASS system, the set-up of new systems/accreditation boundaries, data onboarding, assessment, and continuous monitoring of controls.  The following versions of the applications are now available with these new features:

  • Q-Compliance V4.3.0
  • Qmulos Compliance Content V1.10.0 and V1.11.0
  • Qmulos TA VMware V1.0.0, Qmulos TA Solaris V1.0.0, Qmulos TA Windows V2.1.0, Qmulos TA Linux V1.6.1 along with many other new or updated TAs

 

New/Updated Compliance Frameworks

In our latest release, Qmulos has added new compliance content and analytics to support the following compliance standards and frameworks:

  • SOC 2 – a standard from the American Institute of Certified Public Accountants (AICPA) that specifies how customer data should be protected; an important standard to consider for organizations that want to assure their customers that their data is secure.
  • NIST SP 800-172 – enhanced security requirements for protecting Controlled Unclassified Information (CUI); these controls will be the basis for CMMC 2.0 Level 3 requirements; organizations that handle critical CUI for DoD programs need to start looking at these controls to prepare for the forthcoming CMMC Level 3 requirements.
  • PCI DSS 4.0 – standard from the Payment Card Industry for securing payment card processing systems; any organization that has payment processing capabilities in their systems need to implement these controls.
  • OMB M-22-09 – Zero Trust mandate from OMB issued January 2022 with specific goals and actions that agencies must implement by the end of FY2024; our solution helps agencies assess their compliance with the technical actions specified in M-22-09.

 

Streamlining Integration with eMASS

Version 4.3.0 of Q-Compliance now supports the ability to import and export a system implementation plan with the DoD’s eMASS system.  DoD customers who have all their systems’ compliance information in eMASS can now export that out of eMASS and import it into Q-Compliance to quickly set up their systems in Q-Compliance.  At the click of a button, users can now import an entire system with its applied controls, implementation statements, test procedures, monitoring frequencies, and assessment statuses automatically into Q-Compliance.  With this capability, organizations can now set up hundreds of systems a day in Q-Compliance to leverage the power of its data analytics and automation capabilities to perform control assessments and continuous monitoring.  In addition, all of the information can be exported out Q-Compliance and imported back into eMASS for reporting purposes.

 

New Technical Add-Ons for Data Onboarding

Our Data Engineering team has developed several new and updated TAs to ease the on-boarding and mapping of data to power Q-Compliance.  By popular request from customers, we’ve added a TA for VMware to capture key activities and events from hypervisors and virtual machines that need to be monitored to address compliance requirements from NIST SP 800-53 and other standards.  In addition, we’ve also added a new TA to onboard data from the Solaris operating system.  Solaris is still being used today to power many mission-critical applications and it is critical to monitor the compliance posture of those Solaris devices.  We’ve also made some significant updates to our Windows and Linux TAs to capture additional data for increased visibility into activities that can impact the compliance posture of those devices.  In addition, there are several other new TAs that are available for commonly used tools and data sources.  Please consult the Qmulos Technical Add-Ons space in our customer portal to see the entire list.

 

Additional Analytics and Automation

The latest releases of Qmulos Compliance Content (QCC), V1.10.0 and V1.11.0 add several new alerts to automatically detect issues that impact the compliance posture of systems.  There is a new alert to detect open ports on each host to assess compliance against a system’s ports, protocols and services (PPS) policy for controls such as NIST SP 800-53 “CM-7 Least Functionality”.  There is a new alert to detect hosts missing recent backups for assessing compliance against NIST SP 800-53 “CP-9 Information System Backup”.  There’s also an alert to detect inactive accounts that have not been disabled to detect violations against requirements for NIST SP 800-53 “AC-2(3) Account Management | Disable Accounts”.  These are but just a few of the new alerts that have been added.  For a complete listing, please check out the release notes for QCC V1.10.0 and V1.11.0.

In addition to the new alerts in QCC to automatically detect compliance issues, we’ve also added some automation to pass or fail NIST SP 800-53 controls based on the compliance scores of each control’s objectives (aka the “Determine if …” statements from NIST SP 800-53A).  Now organizations that conduct assessments against individual control objectives can have the overall control automatically pass or fail when the control’s objectives’ score exceed or drop below a configurable threshold.

Others have also read ...

Blog

What is ISO 27001 Compliance?

ISO 27001 compliance involves adhering to the international standard for information security management systems (ISMS). This standard provides a systematic approach to managing sensitive information and ensuring data security.

Qmulos’ platform supports ISO 27001 compliance by automating the processes required to implement and maintain an ISMS. Our solutions provide real-time visibility into compliance status, ensuring that organizations can continuously meet the requirements of the standard.

Read More »
Press

Qmulos Recognized in 2024 Splunk Regional Partner Awards

Qmulos Named 2024 Regional Partner of the Year Winner for Outstanding Public Sector
Partnership – Qmulos, a next-generation compliance, security and risk management automation provider, announced today it has received the 2024 Regional Partner of the Year award for exceptional performance and commitment to their Splunk partnership.

Read More »
Blog

What is Continuous Authority to Operate (cATO)?

Continuous Authority to Operate (cATO) is a dynamic and ongoing process for maintaining the authorization to operate IT systems within a federal agency. Unlike traditional ATO processes, cATO involves continuous monitoring and assessment of security controls to ensure compliance.

Qmulos supports cATO by providing continuous monitoring and real-time reporting capabilities. Our platform enables federal agencies to maintain their ATO status by continuously assessing and addressing security controls and compliance requirements.

Read More »
Blog

What is M-21-31 Compliance Automation?

M-21-31 compliance automation refers to automating the processes required to comply with the U.S. Office of Management and Budget’s (OMB) memorandum M-21-31. This memorandum outlines requirements for federal agencies to implement zero trust architecture and modernize cybersecurity defenses.

Qmulos offers solutions that help organizations automate M-21-31 compliance, providing real-time visibility and reporting capabilities. Our platform ensures that organizations can efficiently meet the requirements of the memorandum and enhance their cybersecurity posture.

Read More »
Blog

What is Compliance Workflow Automation?

Compliance workflow automation involves using technology to automate the processes and tasks involved in managing compliance. This includes automating data collection, reporting, and monitoring to streamline compliance activities and reduce manual effort.

Qmulos provides comprehensive compliance workflow automation solutions that enhance efficiency and accuracy in compliance management. Our platform automates key compliance processes, enabling organizations to focus on strategic initiatives and maintain continuous compliance.

Read More »
Blog

What is IT Risk Management?

IT risk management is the process of identifying, assessing, and mitigating risks associated with an organization’s information technology systems. This includes managing risks related to data breaches, cyberattacks, and system failures.

Qmulos’ IT risk management solutions integrate risk assessment and management into our broader compliance platform. Our approach ensures that organizations can effectively identify and mitigate IT risks while maintaining compliance with regulatory requirements.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.