Rethinking the Role of Compliance

Q-Compliance V4.1.0 General Availability

Qmulos is pleased to announce the general availability of Q-Compliance V4.1.0! In this release we’ve added a lot of exciting new features to support our core use case of continuously monitoring security controls:

  • In-app guide on Continuous Monitoring (ConMon) best practices based on NIST SP 800-137
  • Dynamic tracking of ConMon implementation progress
  • More flexible control monitoring frequencies

ConMon Best Practices Based on NIST SP 800-137

Although it is almost twelve years old now, NIST SP 800-137 “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations” is as relevant today as when it was first developed. It is fair to say that it is probably even more relevant now with the increasing speed at which systems evolve, the growing sophistication of adversaries and advances in the technologies which can be leveraged to attack our systems. Qmulos has been at the forefront of providing solutions to help agencies realize the strategy and capabilities described in NIST SP 800-137. Through this experience, we have developed a set of best practices centered around the six-step methodology described in NIST SP 800-137, as shown in Figure 1.

Figure 1: NIST SP 800-137 ISCM Processv

Figure 1: NIST SP 800-137 ISCM Process

These best practices provide organizations with concrete step-by-step guidance on how to establish a robust ISCM solution using our flagship Q-Compliance product, as illustrated in Figure 2.

Figure 2: Continuous Monitoring using Q-Compliance

In this latest release of Q-Compliance, these comprehensive best practices are now directly available at your fingertips within the application. Easily launched from the System Continuous Monitoring Dashboard (as shown in Figure 3), the ConMon Guide provides both strategic and implementation-level guidance from how to establish your continuous monitoring program all the way through how to analyze the data, report, and respond to findings.

Figure 3: In-App ConMon Guide

Dynamic Tracking of ConMon Progress

The guide not only provides helpful instructions on how to accomplish each step of your continuous monitoring process but also includes a checklist that dynamically tracks the progress of each system. The checklist is comprised of indicators that track key actions that need to be performed within each step of the continuous monitoring process. As these activities are performed within Q-Compliance, the indicators are automatically checked off in the checklist, as shown in Figure 4.

Figure 4: Tracking the progress of your continuous monitoring program

Simply access the workflow guide anytime from the System Continuous Monitoring dashboard and quickly determine how well your ConMon strategy has been implemented!

More Flexible Control Monitoring Frequencies

With broader adoption by organizations that have different levels of maturity in their ConMon implementation, we found that it was necessary to give customers more flexibility in defining their control monitoring frequency and workflow in their ConMon program. In this latest release, users can now configure controls for continuous monitoring with any frequency and Q-Compliance will allow you to monitor those controls on the System Continuous Monitoring dashboard and ensure that you are reviewing those controls in accordance with your defined schedule, as shown in Figure 5.

Figure 5: Monitoring controls of any frequency on the System Continuous Monitoring Dashboard

Other Enhancements

Other enhancements in this release include retaining hybrid and inheritance settings for controls when overlays are applied; the ability to import new categories and control updates to existing control libraries; enhancements to the implementation statement form on the Control Compliance Hub to show control descriptions, supplemental guidance, and extensions; and minor bug fixes.

For more details on the latest features in Q-Compliance 4.1.0, please contact us at!

Others have also read ...


What is NY DFS Part 500 compliance?

NY DFS Part 500 compliance involves adhering to the cybersecurity regulations set forth by the New York Department of Financial Services (NY DFS). These regulations require financial institutions to implement a cybersecurity program to protect consumer data and ensure regulatory compliance.

Read More »

What is HIPAA compliance?

HIPAA compliance involves adhering to the Health Insurance Portability and Accountability Act (HIPAA) regulations, which protect the privacy and security of individuals’ health information. Organizations must implement measures to safeguard protected health information (PHI) and ensure compliance with HIPAA requirements.

Read More »

Qmulos Recognized in 2024 Splunk Regional Partner Awards

Qmulos Named 2024 Regional Partner of the Year Winner for Outstanding Public Sector
Partnership – Qmulos, a next-generation compliance, security and risk management automation provider, announced today it has received the 2024 Regional Partner of the Year award for exceptional performance and commitment to their Splunk partnership.

Read More »

What is Compliance Workflow Automation?

Compliance workflow automation involves using technology to automate the processes and tasks involved in managing compliance. This includes automating data collection, reporting, and monitoring to streamline compliance activities and reduce manual effort.

Read More »

What is NIST RMF?

The NIST Risk Management Framework (RMF) is a set of guidelines for managing information security risk. The RMF provides a structured approach to integrating security and risk management activities into the system development lifecycle.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.