Rethinking the Role of Compliance

SCAP Compliance simplified using Qmulos and Splunk

As part of our Q-Compliance solution, Qmulos has the industry’s only custom input for Splunk that will parse and ingest the National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol’s (SCAP) native XML formats for configuration compliance checks.  We support the Extensible Configuration Checklist Description Format (XCCDF), Asset Reporting Format (ARF) and Assessment Summary Results (ASR) XML formats.  In addition, our upcoming release will add support for the checklist file format (.CKL) used by the Defense Information System Agency’s STIGViewer tool.  Though not officially part of the SCAP standards, the STIGViewer checklist files are widely used. The added support of the StigViewer files will provide another important source for configuration compliance check results.

SCAP simplified using Qmulos

The SCAP capabilities are packaged in our Qmulos SCAP App that customers of Q-Compliance can download and install. The App allows you to ingest an important data source that fuels many of the compliance automation capabilities in Q-Compliance.  Additionally, the Qmulos SCAP App allows organizations to ingest the results of security scanners, vulnerability scanners, configuration management tools and other SCAP-compliant tools into Splunk for enterprise-wide analysis.  The app comes with several dashboards that present an organization’s compliance posture against their SCAP-compliant security benchmarks.  Furthermore, it comes with a Splunk data model defining the common set of fields relevant to most compliance use cases. This enables organizations to develop their own analytics and dashboards with SCAP data in Splunk.

Q-Compliance uses the scan results from the SCAP data in conjunction with the NIST Common Configuration Enumeration (CCE) and DISA Control Correlation Identifier (CCI) standards to correlate the results to specific NIST 800-53 controls.  This drives many of the other Risk Management Framework (RMF) automation capabilities in Q-Compliance such as automated control assessments, automatic creation of Plans of Actions and Milestones (POA&M) to address failed scan results, automated scoring, and ultimately continuous monitoring and ongoing authorization.

SCAP Dashboard using Qmulos

For more information on how you can leverage your data in Splunk to help you with your compliance automation activities, please contact Qmulos at

Others have also read ...


What is NY DFS Part 500 compliance?

NY DFS Part 500 compliance involves adhering to the cybersecurity regulations set forth by the New York Department of Financial Services (NY DFS). These regulations require financial institutions to implement a cybersecurity program to protect consumer data and ensure regulatory compliance.

Read More »

What is HIPAA compliance?

HIPAA compliance involves adhering to the Health Insurance Portability and Accountability Act (HIPAA) regulations, which protect the privacy and security of individuals’ health information. Organizations must implement measures to safeguard protected health information (PHI) and ensure compliance with HIPAA requirements.

Read More »

Qmulos Recognized in 2024 Splunk Regional Partner Awards

Qmulos Named 2024 Regional Partner of the Year Winner for Outstanding Public Sector
Partnership – Qmulos, a next-generation compliance, security and risk management automation provider, announced today it has received the 2024 Regional Partner of the Year award for exceptional performance and commitment to their Splunk partnership.

Read More »

What is Compliance Workflow Automation?

Compliance workflow automation involves using technology to automate the processes and tasks involved in managing compliance. This includes automating data collection, reporting, and monitoring to streamline compliance activities and reduce manual effort.

Read More »

What is NIST RMF?

The NIST Risk Management Framework (RMF) is a set of guidelines for managing information security risk. The RMF provides a structured approach to integrating security and risk management activities into the system development lifecycle.

Read More »

Request a Demo

Learn how QMULOS can help your company grow by scheduling a demo with our team.