Rethinking the Role of Compliance

Q-Compliance V3.4: Rev. 5 Controls, GRC Integration, and more!

2020 was a year of change and adaptation. Within the cyber-compliance sphere alone, we have seen huge changes, such as the creation of CMMC, the Department of Defense’s new cybersecurity certification standard for awarding and maintaining contracts, as well as the recent, much anticipated release of NIST 800-53 Rev 5 controls. Qmulos’ flagship solution, Q-Compliance incorporated some fantastic new features too: the addition of Risk Scoring, a User Actions dashboard, and the ability to create FedRAMP SSPs with the click of a button.

We continue to delight our customers with our latest release of Q-Compliance V3.4.0 with features that address some of their most pressing needs and respond to the latest developments in industry. These features include integration with customers’ legacy GRC tools to help them transition to the modern (and more effective!) way of performing cybersecurity compliance and continuous monitoring. In addition, we’ve added support for the NIST 800-53 Rev. 5 controls for those customers that want to get a head start on adopting the new and improved version of the world’s most comprehensive security control standard.

Legacy GRC Integration

Adopting new, game-changing technologies is difficult.  Most organizations have invested years of time and millions of dollars in their legacy GRC tools and processes so they can’t just drop all of that to adopt a game-changing solution like Q-Compliance. That is why we’ve added features to allow customers to exchange the most critical datasets such as Plan of Actions and Milestones (POA&Ms) and control assessment results between Q-Compliance and their legacy GRC tools, such as the DoD’s Enterprise Mission Assurance Support Service (eMASS). With these import/export features, customers can gradually transition their compliance processes by first adopting Q-Compliance for their most critical security controls that require real-time visibility and automation while continuing to use their legacy GRC tools for some of the more manual policy and process-oriented controls. We developed these features with an extensible framework so that we can easily add support for more legacy GRC tools.

If you have questions about how V3.4 could integrate with your tools, contact us.

NIST 800-53 Rev. 5 Controls

The much-anticipated release of the new NIST Rev. 5 controls marks the end of NIST’s multi-year effort to modernize the standards used by the federal government and other critical infrastructures to secure their systems and organizations. Q-Compliance was originally designed to enable organizations to meet the controls set forth in the RMF and NIST 800-53 Rev. 4. However, with the new changes to 800-53, Q-Compliance V3.4 now includes support for both revisions 4 and 5. Every organization has different priorities, so the ability to choose when you move to Rev. 5 is yours! When we write it (my hope is 2 weeks from now) I will link to the rev 5 blog here.

Color-Coding on the Control Compliance Hub

With the holiday season upon us, we thought it would be a great time to add more festive colors to our Control Compliance Hub, the one-stop shop for managing your evidence and compliance activities for each system’s security controls. This feature color codes the tabs for each control and control enhancement to quickly indicate their assessment and audit statuses.

Control Compliance Hub on Q-Compliance V3.4

Users are able to quickly identify which controls within a control library, control category and even a sub-category, are passing, failing, not reviewed, or not applicable. Besides the eye candy, based on early customer feedback, this feature has been a huge time saver allowing them to quickly identify which controls to focus on based on their compliance statuses. We love our early adopters who are always quick to update to the latest versions!

To recap, the biggest changes from V3.3 to V3.4 for Q-Compliance are:

  • The ability to seamlessly integrate with 3rd party GRC tools, such as eMASS.
  • The addition of the NIST 800-53 Rev. 5 controls.
  • The ability to view control status by color and drill down from there.

If you have more questions about V3.4, or you’d like to see a demo of how our capabilities can make your security team more effective and efficient, contact

Others have also read ...


What is ISO 27001 Compliance?

ISO 27001 compliance involves adhering to the international standard for information security management systems (ISMS). This standard provides a systematic approach to managing sensitive information and ensuring data security.

Qmulos’ platform supports ISO 27001 compliance by automating the processes required to implement and maintain an ISMS. Our solutions provide real-time visibility into compliance status, ensuring that organizations can continuously meet the requirements of the standard.

Read More »

Qmulos Recognized in 2024 Splunk Regional Partner Awards

Qmulos Named 2024 Regional Partner of the Year Winner for Outstanding Public Sector
Partnership – Qmulos, a next-generation compliance, security and risk management automation provider, announced today it has received the 2024 Regional Partner of the Year award for exceptional performance and commitment to their Splunk partnership.

Read More »

What is Continuous Authority to Operate (cATO)?

Continuous Authority to Operate (cATO) is a dynamic and ongoing process for maintaining the authorization to operate IT systems within a federal agency. Unlike traditional ATO processes, cATO involves continuous monitoring and assessment of security controls to ensure compliance.

Qmulos supports cATO by providing continuous monitoring and real-time reporting capabilities. Our platform enables federal agencies to maintain their ATO status by continuously assessing and addressing security controls and compliance requirements.

Read More »

What is M-21-31 Compliance Automation?

M-21-31 compliance automation refers to automating the processes required to comply with the U.S. Office of Management and Budget’s (OMB) memorandum M-21-31. This memorandum outlines requirements for federal agencies to implement zero trust architecture and modernize cybersecurity defenses.

Qmulos offers solutions that help organizations automate M-21-31 compliance, providing real-time visibility and reporting capabilities. Our platform ensures that organizations can efficiently meet the requirements of the memorandum and enhance their cybersecurity posture.

Read More »

What is Compliance Workflow Automation?

Compliance workflow automation involves using technology to automate the processes and tasks involved in managing compliance. This includes automating data collection, reporting, and monitoring to streamline compliance activities and reduce manual effort.

Qmulos provides comprehensive compliance workflow automation solutions that enhance efficiency and accuracy in compliance management. Our platform automates key compliance processes, enabling organizations to focus on strategic initiatives and maintain continuous compliance.

Read More »

What is IT Risk Management?

IT risk management is the process of identifying, assessing, and mitigating risks associated with an organization’s information technology systems. This includes managing risks related to data breaches, cyberattacks, and system failures.

Qmulos’ IT risk management solutions integrate risk assessment and management into our broader compliance platform. Our approach ensures that organizations can effectively identify and mitigate IT risks while maintaining compliance with regulatory requirements.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.