Rethinking the Role of Compliance

General Availability of Q-Compliance V4.4.0 and Q-Audit V3.70

Qmulos is pleased to announce the general availability of Q-Compliance V4.4.0 and Q-Audit V3.7.0. These versions add capabilities to customize the approval process for system authorizations, i.e., Step 5 of the RMF; generate and export continuous monitoring (ConMon) reports for external auditors; and streamline alert investigations through enhancements to the Q-Audit alert dashboard and workflows.


Customizable Processes for System Authorization

Qmulos revolutionizes the Risk Management Framework (RMF) process by offering a data-driven approach that significantly streamlines and enhances the system authorization process. Unlike traditional methods that rely on extensive and often outdated documentation, our solution provides near-real-time information, enabling authorizing officials to make informed decisions based on the current state of the system. This approach eliminates the need for laborious hours of manual review by leveraging quantitative system data that is consistently updated.

Recognizing the differences in approval chains and the individuals involved in the Authorization to Operate (ATO) process across organization, Qmulos has updated the System Authorization dashboard and workflow to be customizable for each customer. These enhancements allow users to define approval chains with any number of steps and stakeholders and execute those workflows dynamically on the System Authorization dashboard.  Now the ATO process can require reviews from multiple roles of your choice, ensuring a comprehensive evaluation before the authorizing official makes the final decision.

Regardless of your role in the approval process, the System Authorization dashboard enables you to visualize the approval chain and monitor the workflow’s progress. Stay informed by choosing to “watch” the approval, receiving email notifications for any updates or changes in the workflow.


Generating ConMon Reports

Qmulos is at the forefront of facilitating Continuous Monitoring (ConMon) processes, aligning with the objectives outlined in NIST SP 800-37’s Monitor step. As defined, the goal is to “maintain an ongoing situational awareness about the security and privacy posture of the information system and the organization in support of risk management decisions.” Qmulos has been consistently delivering on this objective by providing customers with continuous visibility into their system’s security posture through our System Continuous Monitoring dashboard in Q-Compliance.

To substantiate the effectiveness of your continuous monitoring strategy, Qmulos empowers users to export ConMon control data into a Microsoft Excel spreadsheet directly from the System Continuous Monitoring dashboard. This comprehensive report encompasses human activity, assessments, implementations, and other control records, offering a detailed account that serves as crucial evidence for auditors of an effective continuous monitoring strategy implemented within your system.  Users can further customize the report by filtering it based on specific time ranges, monitoring frequencies, or configuring it to display ConMon data at the Common Control Identifier (CCI) level.


Streamlining Alert Investigations in Q-Audit

In this latest release of Q-Audit, Qmulos has improved the process of alert investigations through enhanced dashboard features and seamless ticketing integration. Now, users can gain deeper insights into triggered alerts by accessing the search query and raw results that led to the alert activation, facilitating informed assessments of potential threats. Rather than permanently deleting alerts, our system introduces an “acknowledgment” feature, preserving them as historical data in Q-Audit. Information System Security Officers (ISSOs) can leverage this to track past investigations, understanding who, when, and why alerts were acknowledged, enhancing transparency in the investigative process.

For a more collaborative approach to investigations, the integration of a ticketing system allows users to delegate alert analyses efficiently. Creating tickets directly on the Attributable Event Alerts dashboard streamlines the process, enabling users to tie one or multiple alerts to a single ticket for comprehensive investigation. The convenience doesn’t end there—automated ticket creation is available through our existing alert action, simplifying the workflow. Users can also make real-time edits, such as reassignment or status changes, directly within the Attributable Event Alerts dashboard. For a holistic view and further actions, users can seamlessly transition from the Attributable Event Alerts dashboard to the Qmulos Ticketing System (Q-Ticket 1.0.0 or above) app, ensuring a unified and efficient experience in managing and resolving security incidents.

Others have also read ...

Blog

What is ISO 27001 Compliance?

ISO 27001 compliance involves adhering to the international standard for information security management systems (ISMS). This standard provides a systematic approach to managing sensitive information and ensuring data security.

Qmulos’ platform supports ISO 27001 compliance by automating the processes required to implement and maintain an ISMS. Our solutions provide real-time visibility into compliance status, ensuring that organizations can continuously meet the requirements of the standard.

Read More »
Press

Qmulos Recognized in 2024 Splunk Regional Partner Awards

Qmulos Named 2024 Regional Partner of the Year Winner for Outstanding Public Sector
Partnership – Qmulos, a next-generation compliance, security and risk management automation provider, announced today it has received the 2024 Regional Partner of the Year award for exceptional performance and commitment to their Splunk partnership.

Read More »
Blog

What is Continuous Authority to Operate (cATO)?

Continuous Authority to Operate (cATO) is a dynamic and ongoing process for maintaining the authorization to operate IT systems within a federal agency. Unlike traditional ATO processes, cATO involves continuous monitoring and assessment of security controls to ensure compliance.

Qmulos supports cATO by providing continuous monitoring and real-time reporting capabilities. Our platform enables federal agencies to maintain their ATO status by continuously assessing and addressing security controls and compliance requirements.

Read More »
Blog

What is M-21-31 Compliance Automation?

M-21-31 compliance automation refers to automating the processes required to comply with the U.S. Office of Management and Budget’s (OMB) memorandum M-21-31. This memorandum outlines requirements for federal agencies to implement zero trust architecture and modernize cybersecurity defenses.

Qmulos offers solutions that help organizations automate M-21-31 compliance, providing real-time visibility and reporting capabilities. Our platform ensures that organizations can efficiently meet the requirements of the memorandum and enhance their cybersecurity posture.

Read More »
Blog

What is Compliance Workflow Automation?

Compliance workflow automation involves using technology to automate the processes and tasks involved in managing compliance. This includes automating data collection, reporting, and monitoring to streamline compliance activities and reduce manual effort.

Qmulos provides comprehensive compliance workflow automation solutions that enhance efficiency and accuracy in compliance management. Our platform automates key compliance processes, enabling organizations to focus on strategic initiatives and maintain continuous compliance.

Read More »
Blog

What is IT Risk Management?

IT risk management is the process of identifying, assessing, and mitigating risks associated with an organization’s information technology systems. This includes managing risks related to data breaches, cyberattacks, and system failures.

Qmulos’ IT risk management solutions integrate risk assessment and management into our broader compliance platform. Our approach ensures that organizations can effectively identify and mitigate IT risks while maintaining compliance with regulatory requirements.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.