Maintaining compliant systems is an ongoing process requiring well-coordinated efforts from many stakeholders. The latest version of Q-Compliance, Q-Compliance V3.3, is aimed at simplifying compliance tasks and identifying problem areas requiring attention. With new customizable Compliance Notifications, getting ahead of upcoming and overdue compliance tasks across your systems, such as upcoming audits and open POAMs, has never been easier.
V3.3 also introduces the new Risk Scorecard dashboard, allowing system owners to use risk-based scoring to prioritize controls that will mitigate the most risk. In addition, we’ve added a graphical Framework Management capability that makes it easier to use one of our most popular features – the Framework Scorecard that maps controls to other compliance frameworks.
Maintaining compliance across an enterprise’s systems is a huge endeavor. Determining where to start can be overwhelming, especially for an organization new to compliance activities. Version 3.3 introduces Compliance Notifications to enable users to focus efforts on the most relevant compliance activities.
• Assigned Tasks – lists all the Compliance Notification tickets assigned to the current user.• Top 10 Controls by Notifications – lists the 10 controls with the greatest number of outstanding compliance activities. These compliance activities are grouped by priority, organizing daily tasks appropriately for security professionals.• System Compliance Notifications – lists the compliance activity counts for each user-accessible system grouped by priority.
• Notification Details – displays additional information about the Compliance Notifications selected either through the Top 10 Controls by Notifications or the System Compliance Notifications. The Notification Details section only displays after a user makes a selection by clicking on a non-zero count priority bubble.
In summary, the User Actions Dashboard is your one-stop-shop for all things compliance. Staying organized has never been this easy.
As a way to prioritize and track risk, Q-Compliance V3.3 includes Risk Scorecards, allowing users to create Threat Scoring Categories to model their risk. Within each threat category, you can assign a Threat Impact and a Threat Strength. Additionally, controls are mapped to Threat Categories and assigned Control Strengths based on their ability to prevent or mitigate threats. These categories and parameters feed into a risk-based scoring algorithm that allows organizations to identify risk and quantitatively prioritize compliance activities to reduce those risks.
The Overall Risk Grade at the top of the page signals either Low, Medium, High, or Critical overall risk. The grade is calculated as the Total Actual Risk being below 25% (Low), below 50% (Medium), below 75% (High), or greater than or equal to 75% of the original maximum risk (Critical).
Next, risk is split into single value charts, in order to follow the same grading convention. If a user is looking at multiple systems at once, the maximum and current risk scores are the averages of those values across all systems.
The column chart section of the scorecard compares the maximum risks and the current risks of each scoring category. Clicking on any of the columns shows a table of mitigating controls.
The table of mitigating controls shows controls applicable for the currently selected scoring category and their subsequent control strength. Additionally, it shows the current overall compliance status, meaning the percentage that are passing their audits/assessments.
The Framework Management Page
Version 3.3 of Q-Compliance offers a graphical user interface to create, modify, import, and export frameworks with the Framework Management page. Navigating to the Framework Management Page is easy, and once there, taking action is as easy as clicking a button. When creating a new framework or editing an existing one, you can create/edit custom scoring categories and control mappings. With the pre-existing custom mappings, its as simple as point-and-click!
Now that Q-Compliance gives users the ability to create, modify, import, or share frameworks within the user interface (UI), there is no need to upload or edit complex .csv files.
With the new items, Q-Compliance V3.3 offers the most robust compliance monitoring and reporting automation solution available. Creating, modifying, importing, and exporting frameworks from the UI can now be done at the click of a button. This makes custom frameworks through Q-Compliance much more attainable and requires no Splunk experience. The new Compliance Notifications functionality makes staying organized easier than ever. And furthermore, the new Risk Scorecard functionality prioritizes your tasks as a mathematical risk equation.
These changes allow compliance and security professionals to sit back and watch their systems maintain compliance. With an easily customizable solution, there is no more rigorous manual effort, just button clicks!
Now that’s simple!
If you’re ready to get your hands on Version 3.3, please email email@example.com to obtain your license before upgrading.
A Big Thank You
At Qmulos, we pride ourselves on constantly improving our solutions for current and future customers. And we are thankful for the valuable feedback from our customers and the incredible Qmulos development team who made Q-Compliance V3.3 possible.