- Dark mode
- Support for the Department of Defense’s Cyber Security Maturity Model
- Data Sources Dashboards
- Automatic POAM creation
Read on for more details on each of these key features …
As you can see from the screenshots, Q-Compliance now has a configurable dark mode option to make things easier on the eyes of our nocturnal security brethren. Yes, it took a while, but we’ve had a lot of other important features to build, i.e. features that actually streamline compliance and add security value. In any case, we think that once you see it, you’ll agree that it has been worth the wait.
Support for the DoD CMMC
Earlier this year, the Department of Defense released the long awaited Cyber Security Maturity Model, see our blog here for more details on CMMC [add link to our CMMC blog], and we’ve added several important features in Q-Compliance to help you streamline and automate the assessment of your compliance against the CMMC. First, we’ve added a custom control library and overlays based on the practices and processes defined in CMMC to supplement the app with specialized compliance content for CMMC requirements that aren’t covered by existing NIST 800-53 controls. Second, we’ve added a purpose-built CMMC scoring dashboard that scores your organization’s and systems’ compliance posture across the five CMMC levels in both the process and practice dimensions. With these two features, you can now use the power of Q-Compliance’s compliance automation capabilities to measure how your organization stands up against the CMMC requirements.
Data Sources Dashboards
You’ve been asking and now we’ve delivered! People who have been awed by our demos have always asked what specific data sources (i.e. cyber security tools) do they need to have integrated with Splunk to light up the control dashboards and take advantage of Q-Compliance’s automation capabilities. While we’ve always had documentation that listed the required data sources, we thought it would be even cooler to have dashboards directly in the app to provide this information. So our security and compliance research team has been hard at work researching the most common tools that are used to implement the NIST security controls and we’ve taken the results of that to populate new Data Sources Dashboards in the app that lists specific vendors and products that are relevant for each control. The list of cyber security tools is almost endless so this content will be regularly updated with each release of Q-Compliance.
Automatic POAM Creation
Plans of Actions and Milestones (POAMs) – don’t we all love them?! Regardless of how you feel about POAMs, they are how compliance findings are documented and tracked to ensure that they eventually get fixed and we’ve added a new feature that should make your lives a little easier when dealing with POAMs. This feature is a Splunk custom alert action that will allow you to automatically create a POAM whenever any Splunk alert triggers. Think about all the POAMs you’ve had to create for each unpatched asset every time you run a vulnerability scan. Well now you can automate that by simply creating an alert using the analytics we have for the RA-05 Vulnerability Scanning control and adding the POAM alert action.
There are many other features and enhancements in Q-Compliance V3.2 that we can’t list them all in one blog post. If you want more details on any of the features we’ve just described or want to find out about other updates in this release, please contact firstname.lastname@example.org, one of our valuable partners, or visit www.qmulos.com for more information.