Organizations are often faced with requirements for compliance against multiple frameworks, standards, or regulations. Qmulos’ Enterprise Compliance (Q-Compliance) application, powered by Splunk, has a Frameworks Dashboard feature that enables organizations to score themselves against other frameworks using the NIST 800-53 controls catalog as the common Rosetta Stone across these other frameworks. In the Spring Release, Q-Compliance takes this flexibility to the next level with the introduction of the Dynamic Control Architecture.
The Dynamic Control Architecture will enable Q-Compliance to integrate controls from multiple standards beyond NIST 800-53 such as GDPR, HIPAA, PCI and even custom controls. Now organizations can automate compliance against multiple standards down to the individual control level independent of any mappings. Compliance against those multiple standards can be automatically assessed against a single source of truth, the events in the Splunk indexes, using a vast and growing library of reusable components for analytics and visualizations. In addition, these analytics and visualizations for technical control evidence can be added or changed dynamically through a simple plug-and-play interface allowing for easy customization.