Qmulos is pleased to announce the general availability of Q-Compliance V4.1.0! In this release we’ve added a lot of exciting new features to support our core use case of continuously monitoring security controls:
- In-app guide on Continuous Monitoring (ConMon) best practices based on NIST SP 800-137
- Dynamic tracking of ConMon implementation progress
- More flexible control monitoring frequencies
ConMon Best Practices Based on NIST SP 800-137
Although it is almost twelve years old now, NIST SP 800-137 “Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations” is as relevant today as when it was first developed. It is fair to say that it is probably even more relevant now with the increasing speed at which systems evolve, the growing sophistication of adversaries and advances in the technologies which can be leveraged to attack our systems. Qmulos has been at the forefront of providing solutions to help agencies realize the strategy and capabilities described in NIST SP 800-137. Through this experience, we have developed a set of best practices centered around the six-step methodology described in NIST SP 800-137, as shown in Figure 1.
Figure 1: NIST SP 800-137 ISCM Process
These best practices provide organizations with concrete step-by-step guidance on how to establish a robust ISCM solution using our flagship Q-Compliance product, as illustrated in Figure 2.
Figure 2: Continuous Monitoring using Q-Compliance
In this latest release of Q-Compliance, these comprehensive best practices are now directly available at your fingertips within the application. Easily launched from the System Continuous Monitoring Dashboard (as shown in Figure 3), the ConMon Guide provides both strategic and implementation-level guidance from how to establish your continuous monitoring program all the way through how to analyze the data, report, and respond to findings.
Figure 3: In-App ConMon Guide
Dynamic Tracking of ConMon Progress
The guide not only provides helpful instructions on how to accomplish each step of your continuous monitoring process but also includes a checklist that dynamically tracks the progress of each system. The checklist is comprised of indicators that track key actions that need to be performed within each step of the continuous monitoring process. As these activities are performed within Q-Compliance, the indicators are automatically checked off in the checklist, as shown in Figure 4.
Figure 4: Tracking the progress of your continuous monitoring program
Simply access the workflow guide anytime from the System Continuous Monitoring dashboard and quickly determine how well your ConMon strategy has been implemented!
More Flexible Control Monitoring Frequencies
With broader adoption by organizations that have different levels of maturity in their ConMon implementation, we found that it was necessary to give customers more flexibility in defining their control monitoring frequency and workflow in their ConMon program. In this latest release, users can now configure controls for continuous monitoring with any frequency and Q-Compliance will allow you to monitor those controls on the System Continuous Monitoring dashboard and ensure that you are reviewing those controls in accordance with your defined schedule, as shown in Figure 5.
Figure 5: Monitoring controls of any frequency on the System Continuous Monitoring Dashboard
Other Enhancements
Other enhancements in this release include retaining hybrid and inheritance settings for controls when overlays are applied; the ability to import new categories and control updates to existing control libraries; enhancements to the implementation statement form on the Control Compliance Hub to show control descriptions, supplemental guidance, and extensions; and minor bug fixes.
For more details on the latest features in Q-Compliance 4.1.0, please contact us at sales@qmulos.com!