Qmulos is pleased to announce the general availability of Q-Compliance V3.7.0! Here are some of the key exciting features added for this release:
• Dynamic tracking of the RMF process
• Automated transfer of system data from rev. 4 to rev. 5
• Applying 800-53B (rev. 5) baselines
• POA&M management enhancements
• Enhanced control monitoring coverage usability

Read on for more detail on how the latest features can help you take on a more data-driven approach to risk management!

A Bigger Picture of Compliance (RMF Overview)

If you haven’t read our RMF blog series, you know that there’s six phases in the RMF process. Within each phase are multiple tasks to set up your system, which can get a little tedious and hard to track over time. Wouldn’t it be great if you could dynamically track which tasks you’ve completed in each phase of your system? As an ISSO or new system owner, the RMF Overview page provides a great reference on your system’s current compliance posture, showing you exactly what tasks are completed and have yet to be completed. Experience a more active approach to compliance! You will feel more confident in winning the compliance game!

Transition From Rev. 4 To Rev. 5 (System Migration)

In September 2020, NIST officially released its SP 800-53 revision 5 documentation. Now, approaching the one-year mark since release, organizations complying with NIST 800-53 rev. 4 will have to begin complying with the new standard starting Sept 2021. It’s a challenging task to fully transition, but that’s where we come in to do the hard work for you. In Q-Compliance V3.7.0, we’ve built a system migration page specifically to handle this job. Next thing you know, your systems are updated to the new rev 5 controls, and it all happens within a few clicks.

Applying 800-53B (Rev.5) Baselines

In October 2020, NIST released its SP 800-53B publication for control baselines of information systems and organizations in conjunction with SP 800-53 Rev. 5. Understanding that Rev. 5 will take effect in Sept 2021, Q-Compliance V3.7.0 will allow you to apply these baselines to your new or existing systems, starting now. In just a few clicks, Q-Compliance applies all the necessary controls to your system, whether it’s choosing the low, moderate, or high-level baselines!

Control Data Coverage Usability

Data is the fuel that drives the capabilities in Q-Compliance. As such, we provide analytics that allow you to identify the necessary data to enable continuous monitoring of your controls. In Q-Compliance V3.7.0, we’ve added features to our Control Monitoring Coverage to keep track of historical data and allow you to export all the control information on that dashboard out into a CSV file. Now, you can get all of the control status information in your own hands!

POA&M Management Enhancements

We know that Plan of Actions and Milestones remain a critical component of any organization’s compliance processes, and that keeping track of POA&Ms can become burdensome. That’s why we’ve enhanced the POA&M Overview dashboard for interaction, allowing you to create, edit, or view specific POA&Ms in more detail and navigate directly to the control page if needed. In addition, you can also create new POA&Ms for your system directly from the System Actions dashboard.

Other Enhancements

Other enhancements in Q-Compliance V3.7.0 include usability enhancements on the Control Compliance Hub, improvements in eMASS integration capabilities, enhancements on the System Management page, as well as various bug fixes. For more details on any of these other features or to see a demo, please contact sales@qmulos.com.