Rethinking the Role of Compliance

Q-Compliance V4.1.0 General Availability

Qmulos is pleased to announce the general availability of Q-Compliance V4.1.0! In this release we’ve added a lot of exciting new features to support our core use case of continuously monitoring security controls:

  • In-app guide on Continuous Monitoring (ConMon) best practices based on NIST SP 800-137
  • Dynamic tracking of ConMon implementation progress
  • More flexible control monitoring frequencies

ConMon Best Practices Based on NIST SP 800-137

Although it is almost twelve years old now, NIST SP 800-137 “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations” is as relevant today as when it was first developed. It is fair to say that it is probably even more relevant now with the increasing speed at which systems evolve, the growing sophistication of adversaries and advances in the technologies which can be leveraged to attack our systems. Qmulos has been at the forefront of providing solutions to help agencies realize the strategy and capabilities described in NIST SP 800-137. Through this experience, we have developed a set of best practices centered around the six-step methodology described in NIST SP 800-137, as shown in Figure 1.

Figure 1: NIST SP 800-137 ISCM Processv

Figure 1: NIST SP 800-137 ISCM Process

These best practices provide organizations with concrete step-by-step guidance on how to establish a robust ISCM solution using our flagship Q-Compliance product, as illustrated in Figure 2.

Figure 2: Continuous Monitoring using Q-Compliance

In this latest release of Q-Compliance, these comprehensive best practices are now directly available at your fingertips within the application. Easily launched from the System Continuous Monitoring Dashboard (as shown in Figure 3), the ConMon Guide provides both strategic and implementation-level guidance from how to establish your continuous monitoring program all the way through how to analyze the data, report, and respond to findings.

Figure 3: In-App ConMon Guide

Dynamic Tracking of ConMon Progress

The guide not only provides helpful instructions on how to accomplish each step of your continuous monitoring process but also includes a checklist that dynamically tracks the progress of each system. The checklist is comprised of indicators that track key actions that need to be performed within each step of the continuous monitoring process. As these activities are performed within Q-Compliance, the indicators are automatically checked off in the checklist, as shown in Figure 4.

Figure 4: Tracking the progress of your continuous monitoring program

Simply access the workflow guide anytime from the System Continuous Monitoring dashboard and quickly determine how well your ConMon strategy has been implemented!

More Flexible Control Monitoring Frequencies

With broader adoption by organizations that have different levels of maturity in their ConMon implementation, we found that it was necessary to give customers more flexibility in defining their control monitoring frequency and workflow in their ConMon program. In this latest release, users can now configure controls for continuous monitoring with any frequency and Q-Compliance will allow you to monitor those controls on the System Continuous Monitoring dashboard and ensure that you are reviewing those controls in accordance with your defined schedule, as shown in Figure 5.

Figure 5: Monitoring controls of any frequency on the System Continuous Monitoring Dashboard

Other Enhancements

Other enhancements in this release include retaining hybrid and inheritance settings for controls when overlays are applied; the ability to import new categories and control updates to existing control libraries; enhancements to the implementation statement form on the Control Compliance Hub to show control descriptions, supplemental guidance, and extensions; and minor bug fixes.

For more details on the latest features in Q-Compliance 4.1.0, please contact us at!

Others have also read ...


Qmulos Announces General Availability of Q-Compliance V4.4.0 and Q-Audit V3.70

Qmulos announced the new versions and general availability of its two flagship products, Q-Compliance V4.2.0 – an all-in-one solution for any enterprise, environment, framework, control, and datasource, and Q-Audit V3.4.0 – Qmulos’ Splunk-powered real-time audit software, an enterprise-grade tool designed to meet the most stringent audit requirements.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.