Rethinking the Role of Compliance

Q-Compliance V3.3, The #1 Splunk Compliance Solution

V3.3 Overview

Maintaining compliant systems is an ongoing process requiring well-coordinated efforts from many stakeholders. The latest version of Q-Compliance, Q-Compliance V3.3, is aimed at simplifying compliance tasks and identifying problem areas requiring attention. With new customizable Compliance Notifications, getting ahead of upcoming and overdue compliance tasks across your systems, such as upcoming audits and open POAMs, has never been easier.

V3.3 also introduces the new Risk Scorecard dashboard, allowing system owners to use risk-based scoring to prioritize controls that will mitigate the most risk. In addition, we’ve added a graphical Framework Management capability that makes it easier to use one of our most popular features – the Framework Scorecard that maps controls to other compliance frameworks.

Compliance Notifications

Maintaining compliance across an enterprise’s systems is a huge endeavor. Determining where to start can be overwhelming, especially for an organization new to compliance activities. Version 3.3 introduces Compliance Notifications to enable users to focus efforts on the most relevant compliance activities.

Compliance Notifications

Compliance Notifications are Q-Compliance’s out-of-the-box alerts. Designed to help security professionals track their compliance activities, the User Actions Dashboard organizes and tracks the tasks and systems that the user is responsible for maintaining. System
owners can also customize users’ Compliance Notifications for specific systems and/or specific controls to avoid overwhelming staff with alerts. To make these notifications actionable, you can convert any Compliance Notification into trackable tasks for yourself or other assigned users. Compliance Notifications are presented on a dynamic and intuitive User Actions dashboard consisting of 4 sections:
Assigned Tasks – lists all the Compliance Notification tickets assigned to the current user.• Top 10 Controls by Notifications – lists the 10 controls with the greatest number of outstanding compliance activities. These compliance activities are grouped by priority, organizing daily tasks appropriately for security professionals.• System Compliance Notifications – lists the compliance activity counts for each user-accessible system grouped by priority.

Notification Details – displays additional information about the Compliance Notifications selected either through the Top 10 Controls by Notifications or the System Compliance Notifications. The Notification Details section only displays after a user makes a selection by clicking on a non-zero count priority bubble.

In summary, the User Actions Dashboard is your one-stop-shop for all things compliance. Staying organized has never been this easy.

Risk Scorecard

As a way to prioritize and track risk, Q-Compliance V3.3 includes Risk Scorecards, allowing users to create Threat Scoring Categories to model their risk. Within each threat category, you can assign a Threat Impact and a Threat Strength. Additionally, controls are mapped to Threat Categories and assigned Control Strengths based on their ability to prevent or mitigate threats. These categories and parameters feed into a risk-based scoring algorithm that allows organizations to identify risk and quantitatively prioritize compliance activities to reduce those risks.Risk Scorecard through Q-Compliance V3.3

The Overall Risk Grade at the top of the page signals either Low, Medium, High, or Critical overall risk. The grade is calculated as the Total Actual Risk being below 25% (Low), below 50% (Medium), below 75% (High), or greater than or equal to 75% of the original maximum risk (Critical).Risk Scorecard Overall Risk Grade

Next, risk is split into single value charts, in order to follow the same grading convention. If a user is looking at multiple systems at once, the maximum and current risk scores are the averages of those values across all systems.Risk Scorecard Single Column

The column chart section of the scorecard compares the maximum risks and the current risks of each scoring category. Clicking on any of the columns shows a table of mitigating controls.Risk Scorecard Column Chart

The table of mitigating controls shows controls applicable for the currently selected scoring category and their subsequent control strength. Additionally, it shows the current overall compliance status, meaning the percentage that are passing their audits/assessments.Table of Mitigating Controls Q-Compliance V3.3

The Framework Management Page

Version 3.3 of Q-Compliance offers a graphical user interface to create, modify, import, and export frameworks with the Framework Management page. Navigating to the Framework Management Page is easy, and once there, taking action is as easy as clicking a button. When creating a new framework or editing an existing one, you can create/edit custom scoring categories and control mappings. With the pre-existing custom mappings, its as simple as point-and-click!

Process Mapping of The Framework Management Page of Q-Compliance V3.3Now that Q-Compliance gives users the ability to create, modify, import, or share frameworks within the user interface (UI), there is no need to upload or edit complex .csv files.

Wrapping Up!

With the new items, Q-Compliance V3.3 offers the most robust compliance monitoring and reporting automation solution available. Creating, modifying, importing, and exporting frameworks from the UI can now be done at the click of a button. This makes custom frameworks through Q-Compliance much more attainable and requires no Splunk experience. The new Compliance Notifications functionality makes staying organized easier than ever. And furthermore, the new Risk Scorecard functionality prioritizes your tasks as a mathematical risk equation.
These changes allow compliance and security professionals to sit back and watch their systems maintain compliance. With an easily customizable solution, there is no more rigorous manual effort, just button clicks!
Now that’s simple!

If you’re ready to get your hands on Version 3.3, please email to obtain your license before upgrading.

A Big Thank You

At Qmulos, we pride ourselves on constantly improving our solutions for current and future customers. And we are thankful for the valuable feedback from our customers and the incredible Qmulos development team who made Q-Compliance V3.3 possible.

Others have also read ...


Qmulos Announces General Availability of Q-Compliance V4.4.0 and Q-Audit V3.70

Qmulos announced the new versions and general availability of its two flagship products, Q-Compliance V4.2.0 – an all-in-one solution for any enterprise, environment, framework, control, and datasource, and Q-Audit V3.4.0 – Qmulos’ Splunk-powered real-time audit software, an enterprise-grade tool designed to meet the most stringent audit requirements.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.