eMASS POA&M Rev5 import now writes the workbook's Raw Severity and Recommendations columns to the native Issue fields used by the form, so imported values appear on the Basic Info and Risk Assessment Details tabs and round-trip cleanly through the platform's POAM Rev5 export
Fixed
FedRAMP Appendix A import no longer appends the next control's heading and statement text to the previous control's last implementation part
Scanner asset map loading no longer fails with a GraphQL field-cost error on plans with many assets, so findings such as STIG checklist results map to their assets and create security checks
Tanium Cloud asset synchronization no longer fails because of an unsupported software bill of materials field in the endpoints query
Added
Tanium software bill of materials (SBOM) records in CycloneDX format, generated from endpoint installed applications and linked to each asset during asset synchronization
Compliance scans no longer create issues from failed control assessments by default; failed controls remain visible on their assessments, and setting complianceCreation to Issue or POAM opts back in
Documented the vulnerabilityCreation options: IssueCreation flags past-due issues as POAMs at import time, PoamCreation flags every issue as a POA&M
Fixed
Axonius and FedRAMP POAM commands no longer fail to load when an environment has incompatible NumPy or pandas versions installed
AWS Inspector sync now creates assets before submitting vulnerabilities so vulnerability-to-asset mappings are created on the first run
Vulnerabilities consolidated across multiple assets now link to every affected asset instead of none
AWS Security Hub and Inspector vulnerability imports no longer lose asset links and POAM creation when large batches time out and retry
Large vulnerability batches now retry in smaller chunks instead of failing repeatedly with the same oversized payload
Nessus assets and vulnerabilities now link correctly when the scan reports an invalid or multi-value host IP
Very large Nessus scan files now stream assets the same way findings are streamed, so hosts are no longer dropped and the platform no longer creates empty unknown assets for their findings
Nessus issues now link to their scanned asset instead of being attached to an unrelated unknown asset
OpenSCAP imports now identify hosts by IP address when no hostname is present, instead of grouping unidentifiable hosts under a single shared unknown asset
Nessus findings now use the scan date recorded in the file instead of the import date, including for very large files processed by the streaming parser
Issues generated from vulnerabilities are now flagged as POAMs on every import path when vulnerabilityCreation is set to PoamCreation; deployments already configured with PoamCreation will see issues marked as POA&Ms starting with their next import
Description-truncation warnings during bulk scan imports now log once per run instead of flooding the log with one warning per finding
RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.
This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA). This is a hotfix release for early adopters to fix bugs summarized below.
What's Fixed
This hotfix enables early adopters to correctly use the Qualys integration’s sync_qualys command to download larger Qualys Knowledgebase vulnerability datasets with a reliable fallback mechanism.
eMASS API commands (emass_api) for POA&M, control, milestone, and artifact synchronization are now available
eMASS XML import now uploads referenced artifact files to the System Security Plan when they are present alongside the export
Per-asset Issue/POAM creation for Prisma Cloud and Qualys scans when issueCreation is set to PerAsset, creating a separate record for each vulnerability-asset pair
Configurable on-disk caching of Qualys KnowledgeBase data between syncs via qualysKbCacheHours
Changed
eMASS integration now targets the RegScale v2 API for all platform operations
Qualys vulnerability enrichment now fetches KnowledgeBase details in targeted batches instead of downloading the entire KnowledgeBase, with truncated responses followed to completion
Fixed
eMASS control synchronization now resolves NIST control acronyms so control implementations push to eMASS as Test Results
eMASS POA&M push and artifact upload now send correctly formatted requests instead of failing validation
eMASS XML import no longer silently skips artifacts; missing artifact files are reported in the import summary
Prisma Cloud CVE deduplication now links consolidated vulnerabilities to every affected asset instead of only the first
Vulnerability imports now warn when records have no asset identifier instead of silently skipping asset linkage
Qualys syncs with a single KnowledgeBase result no longer fail to parse
Qualys sync progress now shows one task per phase instead of one per asset
Resolved a dependency conflict that could corrupt installations when optional extras are installed
CLI startup crash caused by a NumPy 1.x/2.x version mismatch after upgrading; numpy, pandas, and pyarrow are now pinned to compatible versions
Updated aiohttp and pyjwt to patched releases that address known security vulnerabilities
RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.
This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA). This is a follow-on hotfix release for early adopters to fix bugs summarized below.
What's Fixed
This hotfix enables early adopters to use Okta single sign-on per our documentation.
Resolved an issue where assigning a Workflow Group to a step did not persist or function as expected. Workflow Group assignments are now correctly applied, ensuring workflow steps follow the intended routing and ownership configuration.
Inventory Dashboard Navigation
Fixed an issue that prevented the Inventory Dashboard from opening when users selected the corresponding scorecard. Users can now successfully navigate from the scorecard to the Inventory Dashboard for a seamless reporting and analysis experience.
RSA Archer controls, findings, and evidence synchronization into RegScale
Tanium CIS benchmark import to RegScale security checks
FedRAMP DRF import (import-drf) now accepts --skip-rows to handle workbooks with title or metadata rows above the column header row
Changed
AWS CloudTrail, S3, and SSM evidence integrations now produce one assessment and issue per failing NIST control per resource instead of collapsing multiple control failures into a single record
Fixed
libxml2 explicitly installed in the Airflow container image to ensure the patched version is present and CVE-2026-43500 is resolved
CSAM import now reports per-domain partial failures in an end-of-run summary instead of silently masking a failed sync as a clean run
CIS/CRM import now directly scans the Instructions tab for the exact "System Name" header cell and reads the value from the row below it as a fallback when the primary column-header detection does not resolve a name
CIS/CRM import no longer crashes with IndexError or ColumnNotFoundError when the Instructions worksheet has fewer than four header columns
FIPS container image now correctly exposes the regscale command and imports the regscale module at runtime
POAM import no longer degrades on large finding sets due to oversized batch requests
POAM import severity mapping extended to handle full canonical severity strings (e.g., "II - Moderate - Reportable Condition")
POAM import missing Status Date warnings now emitted as a per-sheet summary instead of one warning per row
POAM import now accepts container image references and other non-HTTP URI schemes (e.g. docker://, oci://) as asset identifiers, so container-scan POA&M rows are no longer silently dropped
Exception tracebacks are now automatically included in log output when an error occurs inside an except block
Added validation to ensure FedRAMP High AU-2 requirements are properly enforced, helping organizations maintain compliance with audit logging and event monitoring expectations.
Introduced new vulnerability creation workflows within the Vulnerability Service and Issue Service, providing a more flexible and extensible foundation for future vulnerability management enhancements.
Added support Issue Workflows, enabling workflow capabilities similar to SSP Approval Workflows.
Improved issue creation behavior during STIG CKL imports to provide greater control over how imported findings are managed.
Enhanced issue workflow record linking to improve navigation and traceability between related records.
Questionnaire & Planning Improvements
Expanded Questionnaire support by adding additional entity types, including User, Facility, and Organization, for improved data collection and relationship management.
Added the ability to update Security Plans directly from Questionnaire responses, streamlining assessment and documentation workflows.
Security & Infrastructure
Hardened TCP Syslog/TLS processing to improve secure log transport and reliability.
Improved TLS connection handling for TCP Syslog integrations by ensuring TLS is always required when configured, regardless of SysLogTCPUseTls override settings.
Replaced a synchronous proxy HTTP implementation with an in-process background execution model, improving performance and reducing residual Server-Side Request Forgery (SSRF) exposure.
Fixes
Issue & Vulnerability Management
Resolved an issue where the First Seen Date was not being populated on issues generated from vulnerability imports.
Fixed an issue preventing the GetUserByUsername endpoint from functioning correctly when administrator credentials were used.
Corrected malformed links generated by Issue Workflow records, ensuring users are directed to the appropriate records.
Questionnaire
Fixed issues affecting Questionnaire entity handling and improved overall reliability when working with User, Facility, and Organization records.
Imports & Integrations
Corrected STIG CKL import behavior that could result in unintended issue creation during import processes.
RSA Archer controls, findings, and evidence synchronization into RegScale
Tanium CIS benchmark import to RegScale security checks
FedRAMP DRF import (import-drf) now accepts --skip-rows to handle workbooks with title or metadata rows above the column header row
Changed
AWS CloudTrail, S3, and SSM evidence integrations now produce one assessment and issue per failing NIST control per resource instead of collapsing multiple control failures into a single record
Fixed
FIPS container image now correctly exposes the regscale command and imports the regscale module at runtime
POAM import no longer degrades on large finding sets due to oversized batch requests
POAM import severity mapping extended to handle full canonical severity strings (e.g., "II - Moderate - Reportable Condition")
POAM import missing Status Date warnings now emitted as a per-sheet summary instead of one warning per row
Exception tracebacks are now automatically included in log output when an error occurs inside an except block
