2020 was a year of change and adaptation. Within the cyber-compliance sphere alone, we have seen huge changes, such as the creation of CMMC, the Department of Defense’s new cybersecurity certification standard for awarding and maintaining contracts, as well as the recent, much anticipated release of NIST 800-53 Rev 5 controls. Qmulos’ flagship solution, Q-Compliance incorporated some fantastic new features too: the addition of Risk Scoring, a User Actions dashboard, and the ability to create FedRAMP SSPs with the click of a button.
We continue to delight our customers with our latest release of Q-Compliance V3.4.0 with features that address some of their most pressing needs and respond to the latest developments in industry. These features include integration with customers’ legacy GRC tools to help them transition to the modern (and more effective!) way of performing cybersecurity compliance and continuous monitoring. In addition, we’ve added support for the NIST 800-53 Rev. 5 controls for those customers that want to get a head start on adopting the new and improved version of the world’s most comprehensive security control standard.
Legacy GRC Integration
Adopting new, game-changing technologies is difficult. Most organizations have invested years of time and millions of dollars in their legacy GRC tools and processes so they can’t just drop all of that to adopt a game-changing solution like Q-Compliance. That is why we’ve added features to allow customers to exchange the most critical datasets such as Plan of Actions and Milestones (POA&Ms) and control assessment results between Q-Compliance and their legacy GRC tools, such as the DoD’s Enterprise Mission Assurance Support Service (eMASS). With these import/export features, customers can gradually transition their compliance processes by first adopting Q-Compliance for their most critical security controls that require real-time visibility and automation while continuing to use their legacy GRC tools for some of the more manual policy and process-oriented controls. We developed these features with an extensible framework so that we can easily add support for more legacy GRC tools.
If you have questions about how V3.4 could integrate with your tools, contact us.
NIST 800-53 Rev. 5 Controls
The much-anticipated release of the new NIST Rev. 5 controls marks the end of NIST’s multi-year effort to modernize the standards used by the federal government and other critical infrastructures to secure their systems and organizations. Q-Compliance was originally designed to enable organizations to meet the controls set forth in the RMF and NIST 800-53 Rev. 4. However, with the new changes to 800-53, Q-Compliance V3.4 now includes support for both revisions 4 and 5. Every organization has different priorities, so the ability to choose when you move to Rev. 5 is yours! When we write it (my hope is 2 weeks from now) I will link to the rev 5 blog here.
Color-Coding on the Control Compliance Hub
With the holiday season upon us, we thought it would be a great time to add more festive colors to our Control Compliance Hub, the one-stop shop for managing your evidence and compliance activities for each system’s security controls. This feature color codes the tabs for each control and control enhancement to quickly indicate their assessment and audit statuses.
Users are able to quickly identify which controls within a control library, control category and even a sub-category, are passing, failing, not reviewed, or not applicable. Besides the eye candy, based on early customer feedback, this feature has been a huge time saver allowing them to quickly identify which controls to focus on based on their compliance statuses. We love our early adopters who are always quick to update to the latest versions!
To recap, the biggest changes from V3.3 to V3.4 for Q-Compliance are:
- The ability to seamlessly integrate with 3rd party GRC tools, such as eMASS.
- The addition of the NIST 800-53 Rev. 5 controls.
- The ability to view control status by color and drill down from there.
If you have more questions about V3.4, or you’d like to see a demo of how our capabilities can make your security team more effective and efficient, contact firstname.lastname@example.org.