Rethinking the Role of Compliance

Q-Compliance V3.5.0 General Availability

Qmulos is pleased to announce the general availability of Q-Compliance V3.5.0.  This latest release of Q-Compliance includes some important new features that will really streamline the activities of system owners, information system security officers (ISSOs), and information system security managers (ISSMs).  Some of the highlights include:

  • Major enhancements to control inheritance capabilities
  • New interactive Security Controls Traceability Matrix (SCTM) dashboard
  • Improvements to System Security Plan (SSP) generation, overlay management, implementation statements, test procedures, and much more!

Control Inheritance Enhancements

With the enhancements to control inheritance capabilities in V3.5.0, you get increased flexibility into how you can manage shared responsibilities across multiple control providers and unprecedented visibility into the compliance posture of your control providers.  For example, a complex control like AC-02 Account Management may require the use of multiple systems or tools to implement all of the control requirements.  Requirement AC-02.eRequires approvals by organization-defined personnel for requests to create information system accounts” may be implemented by a change control/ticketing system while requirement AC-02.f “Creates, enables, modifies, disables, and removes information system accounts …” may be implemented by a domain controller system.  Using multiple inheritance in Q-Compliance you can allocate each part of those control requirements to a different provider.  Then with the click of button in the Control Compliance Hub you can navigate directly to each control provider’s hub to monitor the compliance posture of that provider’s control using real-time technical evidence.  Sure beats the typical approach of inheriting the provider’s implementation statement and taking their word for it that they implemented the control correctly!

Qmulos Q-Compliance Control Compliance Hub
Figure 1: Navigating and monitoring multiple inheritance hierarchies with real-time technical data in the Control Compliance Hub

New Interactive SCTM Dashboard

The SCTM dashboard in Q-Compliance has always been jam packed with information about a system’s overall compliance posture with details on everything from audit and assessment statuses to test procedures and findings to implementation statements and much more.  In Q-Compliance V3.5.0, the SCTM dashboard has been totally revamped to provide even more features and functionality with a much more intuitive and user-friendly interface.  In the early phases of the Risk Management Framework (RMF) lifecycle for new systems, there’s often a lot of documentation that needs to be created, e.g., implementation statements, test procedures, self-assessment results, etc.  Although we’re not fans of spending a lot of time on documentation, policy still requires it, so we’ve designed the new SCTM to streamline the documentation process as much as possible.  With the new SCTM, you’ve now got a one-stop-shop to quickly create, edit, and manage all of this required documentation for all of the controls of your system.  You can even auto-generate default implementation statements for your controls!  Now system owners and their teams can collaborate from this one central hub to quickly produce the necessary documentation rather than passing multiple versions of Word documents and spreadsheets around.

Qmulos Q-Compliance Security Controls Traceability Matrix
Figure 2: New and improved SCTM dashboard in Q-Compliance

Other Enhancements

Other enhancements in Q-Compliance V3.5.0 include the ability to create overlays with inheritance; more information in the implementation statements in generated SSPs; enhancements to POAM metrics on the POAM Overview and User Actions dashboards; and better correlation of implementation statements and test procedures to Control Correlation Identifiers and control sub-requirements.  For more details on any of these other features or to see a demo, please contact

Others have also read ...


Qmulos Enhances Q-Compliance Platform, Adds Support for CMMC Level 3 Requirements, NERC CIP, OSCAL Interoperability, NIST 800-53 Rev. 5 Migration Capabilities, and Creates Technical Add-Ons for OpenShift and Microsoft Azure

Qmulos announced significant updates to its flagship compliance automation platform, Q-Compliance. Q-Compliance V4.5.0, now generally available, features added support for the recently released CMMC level 3 compliance requirements; NERC CIP support for North American electric utility companies; and enhanced data migration capabilities to help security and risk management teams migrate NIST 800-53 rev. 4 objectives and results to rev. 5 objectives.

Read More »

Qmulos Announces General Availability of Q-Compliance V4.4.0 and Q-Audit V3.70

Qmulos announced the new versions and general availability of its two flagship products, Q-Compliance V4.2.0 – an all-in-one solution for any enterprise, environment, framework, control, and datasource, and Q-Audit V3.4.0 – Qmulos’ Splunk-powered real-time audit software, an enterprise-grade tool designed to meet the most stringent audit requirements.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.