Qmulos is pleased to announce the general availability of Q-Compliance V3.5.0. This latest release of Q-Compliance includes some important new features that will really streamline the activities of system owners, information system security officers (ISSOs), and information system security managers (ISSMs). Some of the highlights include:
- Major enhancements to control inheritance capabilities
- New interactive Security Controls Traceability Matrix (SCTM) dashboard
- Improvements to System Security Plan (SSP) generation, overlay management, implementation statements, test procedures, and much more!
Control Inheritance Enhancements
With the enhancements to control inheritance capabilities in V3.5.0, you get increased flexibility into how you can manage shared responsibilities across multiple control providers and unprecedented visibility into the compliance posture of your control providers. For example, a complex control like AC-02 Account Management may require the use of multiple systems or tools to implement all of the control requirements. Requirement AC-02.e “Requires approvals by organization-defined personnel for requests to create information system accounts” may be implemented by a change control/ticketing system while requirement AC-02.f “Creates, enables, modifies, disables, and removes information system accounts …” may be implemented by a domain controller system. Using multiple inheritance in Q-Compliance you can allocate each part of those control requirements to a different provider. Then with the click of button in the Control Compliance Hub you can navigate directly to each control provider’s hub to monitor the compliance posture of that provider’s control using real-time technical evidence. Sure beats the typical approach of inheriting the provider’s implementation statement and taking their word for it that they implemented the control correctly!
Figure 1: Navigating and monitoring multiple inheritance hierarchies with real-time technical data in the Control Compliance Hub
New Interactive SCTM Dashboard
The SCTM dashboard in Q-Compliance has always been jam packed with information about a system’s overall compliance posture with details on everything from audit and assessment statuses to test procedures and findings to implementation statements and much more. In Q-Compliance V3.5.0, the SCTM dashboard has been totally revamped to provide even more features and functionality with a much more intuitive and user-friendly interface. In the early phases of the Risk Management Framework (RMF) lifecycle for new systems, there’s often a lot of documentation that needs to be created, e.g., implementation statements, test procedures, self-assessment results, etc. Although we’re not fans of spending a lot of time on documentation, policy still requires it, so we’ve designed the new SCTM to streamline the documentation process as much as possible. With the new SCTM, you’ve now got a one-stop-shop to quickly create, edit, and manage all of this required documentation for all of the controls of your system. You can even auto-generate default implementation statements for your controls! Now system owners and their teams can collaborate from this one central hub to quickly produce the necessary documentation rather than passing multiple versions of Word documents and spreadsheets around.
Figure 2: New and improved SCTM dashboard in Q-Compliance
Other Enhancements
Other enhancements in Q-Compliance V3.5.0 include the ability to create overlays with inheritance; more information in the implementation statements in generated SSPs; enhancements to POAM metrics on the POAM Overview and User Actions dashboards; and better correlation of implementation statements and test procedures to Control Correlation Identifiers and control sub-requirements. For more details on any of these other features or to see a demo, please contact sales@qmulos.com.