[6.31.1.3] 06-25-2026

Enhancements

Expanded Vulnerability Management and Assessment Capabilities

• Added support for importing XCCDF TestResults into the assessment pipeline, enabling organizations to leverage additional security assessment data sources within RegScale.
• Enhanced CKL/CKLB import capabilities to capture and store additional assessment metadata, providing greater fidelity and traceability for imported checklist data.
• Updated vulnerability processing to automatically associate vulnerability-derived issues with affected assets, improving reporting accuracy and remediation tracking.
• Enhanced vulnerability mappings and processing performance through optimized bulk operations, significantly improving import efficiency for large environments.
• Added support for populating affected controls and control parts during vulnerability processing, improving control-level visibility and remediation workflows.
• Expanded the CKL data model and import services to support additional checklist information and future assessment use cases.

Improved Compliance and Export Functionality

• Added support for SLCM exports, expanding available compliance reporting options.
• Updated import, export, and form mappings to improve alignment with eMASS data structures and workflows.
• Added export pre-flight validation checks to identify potential issues before export generation.
• Updated Framwwork Importer manifest support to align with current requirements.
• Enhanced asset mapping capabilities during imports to improve asset identification and correlation accuracy.

User Experience Improvements

• Modernized CKL and CKLB user interface views for a more streamlined assessment experience.
• Removed unnecessary visual indicators from submodule input fields to improve form usability and reduce user confusion.
• Added new form enhancements and field updates across the platform.
• Updated Result Severity field handling to provide more accurate assessment data representation.
• Improved inventory scorecard reporting by reducing noise from assets that do not contain vulnerabilities or issues.

Platform Reliability and Maintainability

• Removed legacy eMASS Rev 4 export options that are no longer supported.
• Streamlined export option management and cleanup processes.
• Removed deprecated SDK dependencies from the core application, reducing platform complexity and improving maintainability.
• Added data consistency safeguards to ensure system-defined fields are correctly identified and managed.
• Enhanced custom field handling and validation to improve platform stability and configuration integrity.

Fixes

Vulnerability Management

• Fixed an issue where repeated Wiz vulnerability imports could create duplicate issues when no changes existed in the source data.
• Fixed an issue that prevented customized default issue statuses from being honored when creating vulnerability-derived issues.
• Corrected vulnerability processing behavior that could overwrite customer-defined issue values with system-generated values.
• Fixed an issue causing vulnerability rollup API requests to fail when no vulnerable assets existed in the environment.
• Resolved an issue affecting vulnerability status board reporting when viewing data by asset.

Assessments and Workflows

• Fixed an issue where questionnaire review assignments were not appearing in Notifications or Workbench views.
• Fixed an issue preventing workflows from being added to Continuous Monitoring and Master Assessment configurations.
• Corrected checklist import behavior so failed control implementations are properly transitioned to an "In Remediation" state when appropriate.
• Added validation to ensure imported SCAP benchmark files are recognized and processed correctly.

Rules, Forms, and User Interface

• Fixed an issue where conditional rules for Cyber Reportable POA&Ms did not correctly disable editing when records were no longer in Draft status.
• Fixed a classification selection interface issue that could impact user interaction with classification fields.
• Resolved a conditional visibility issue where Special Type Description fields did not display correctly for multi-select values.

Imports, Exports, and Integrations

• Fixed a framework import edge case that could cause import failures under specific blob storage conditions.
• Corrected eMASS HW/SW Rev. 5 export behavior to properly support numeric values in software licensing cost fields.
• Improved export reliability and consistency through additional validation and cleanup updates.

Data Integrity

• Fixed data migration behavior to ensure system fields are correctly identified as non-custom fields.
• Improved issue and vulnerability correlation accuracy by ensuring asset mappings are created consistently during automated processing.
• Fix TDS packet size exceeding TLS record limit on encrypted SQL connections.

Known Limitations and Considerations

RE: TDS packet size exceeding TLS record limit on encrypted SQL connections.

• On a TLS-encrypted connection, each TDS packet must fit inside a single TLS record (max plaintext fragment 16,384 bytes / 2^14). A 32 KB packet size negotiates to 16,442 bytes, which is over the limit.
• TDS PacketSize is now configurable and default it to the largest value that is provably safe on an encrypted connection: 16,368 bytes.

Changed

• Nessus scan imports now parse every file with a single streaming pass, reducing memory use and speeding up large imports
• Nessus STIG and CIS compliance results now create security checklists and POA&M issues instead of vulnerabilities, and re-scans correctly close remediated compliance POA&Ms without affecting other scanners' findings

Fixed

• SARIF vulnerability import no longer requires Synqly and parses SARIF files directly
• SARIF import now reports accurate created and updated vulnerability counts
• OpenText WebInspect and other JSONL-based scanner imports no longer crash when no scan date is provided, defaulting to the current date instead
• Tanium Cloud vulnerabilities now report Critical severity using CVSS v3 data instead of being capped at High
• Tanium Cloud vulnerability CVSS v2 and v3 base scores are now recorded in their correct fields

Added

• Tanium software bill of materials (SBOM) records in CycloneDX format, generated from endpoint installed applications and linked to each asset during asset synchronization
• Optional source name for Trivy and Grype imports, recorded in scan history and used to group same-day imports

[6.34.70] - 2026-06-18

Changed

• eMASS POA&M Rev5 import now writes the workbook's Raw Severity and Recommendations columns to the native Issue fields used by the form, so imported values appear on the Basic Info and Risk Assessment Details tabs and round-trip cleanly through the platform's POAM Rev5 export

Fixed

• FedRAMP Appendix A import no longer appends the next control's heading and statement text to the previous control's last implementation part
• Scanner asset map loading no longer fails with a GraphQL field-cost error on plans with many assets, so findings such as STIG checklist results map to their assets and create security checks
• Tanium Cloud asset synchronization no longer fails because of an unsupported software bill of materials field in the endpoints query

Added

• Tanium software bill of materials (SBOM) records in CycloneDX format, generated from endpoint installed applications and linked to each asset during asset synchronization

[6.34.65] - 2026-06-16

Changed

• Compliance scans no longer create issues from failed control assessments by default; failed controls remain visible on their assessments, and setting complianceCreation to Issue or POAM opts back in
• Documented the vulnerabilityCreation options: IssueCreation flags past-due issues as POAMs at import time, PoamCreation flags every issue as a POA&M

Fixed

• Axonius and FedRAMP POAM commands no longer fail to load when an environment has incompatible NumPy or pandas versions installed
• AWS Inspector sync now creates assets before submitting vulnerabilities so vulnerability-to-asset mappings are created on the first run
• Vulnerabilities consolidated across multiple assets now link to every affected asset instead of none
• AWS Security Hub and Inspector vulnerability imports no longer lose asset links and POAM creation when large batches time out and retry
• Large vulnerability batches now retry in smaller chunks instead of failing repeatedly with the same oversized payload
• Nessus assets and vulnerabilities now link correctly when the scan reports an invalid or multi-value host IP
• Very large Nessus scan files now stream assets the same way findings are streamed, so hosts are no longer dropped and the platform no longer creates empty unknown assets for their findings
• Nessus issues now link to their scanned asset instead of being attached to an unrelated unknown asset
• OpenSCAP imports now identify hosts by IP address when no hostname is present, instead of grouping unidentifiable hosts under a single shared unknown asset
• Nessus findings now use the scan date recorded in the file instead of the import date, including for very large files processed by the streaming parser
• Issues generated from vulnerabilities are now flagged as POAMs on every import path when vulnerabilityCreation is set to PoamCreation; deployments already configured with PoamCreation will see issues marked as POA&Ms starting with their next import
• Description-truncation warnings during bulk scan imports now log once per run instead of flooding the log with one warning per finding

Purpose

RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.

This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA). This is a hotfix release for early adopters to fix bugs summarized below.

What's Fixed

This hotfix enables early adopters to correctly use the Qualys integration’s sync_qualys command to download larger Qualys Knowledgebase vulnerability datasets with a reliable fallback mechanism.

[6.34.59] - 2026-06-15

Added

• eMASS API commands (emass_api) for POA&M, control, milestone, and artifact synchronization are now available
• eMASS XML import now uploads referenced artifact files to the System Security Plan when they are present alongside the export
• Per-asset Issue/POAM creation for Prisma Cloud and Qualys scans when issueCreation is set to PerAsset, creating a separate record for each vulnerability-asset pair
• Configurable on-disk caching of Qualys KnowledgeBase data between syncs via qualysKbCacheHours

Changed

• eMASS integration now targets the RegScale v2 API for all platform operations
• Qualys vulnerability enrichment now fetches KnowledgeBase details in targeted batches instead of downloading the entire KnowledgeBase, with truncated responses followed to completion

Fixed

• eMASS control synchronization now resolves NIST control acronyms so control implementations push to eMASS as Test Results
• eMASS POA&M push and artifact upload now send correctly formatted requests instead of failing validation
• eMASS XML import no longer silently skips artifacts; missing artifact files are reported in the import summary
• Prisma Cloud CVE deduplication now links consolidated vulnerabilities to every affected asset instead of only the first
• Vulnerability imports now warn when records have no asset identifier instead of silently skipping asset linkage
• Qualys syncs with a single KnowledgeBase result no longer fail to parse
• Qualys sync progress now shows one task per phase instead of one per asset
• Resolved a dependency conflict that could corrupt installations when optional extras are installed
• CLI startup crash caused by a NumPy 1.x/2.x version mismatch after upgrading; numpy, pandas, and pyarrow are now pinned to compatible versions
• Updated aiohttp and pyjwt to patched releases that address known security vulnerabilities

Purpose

RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.

This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA). This is a follow-on hotfix release for early adopters to fix bugs summarized below.

What's Fixed

This hotfix enables early adopters to use Okta single sign-on per our documentation.

[6.31.1.2] 06-11-2026

Fixes

Workflow Group Assignment Reliability

Resolved an issue where assigning a Workflow Group to a step did not persist or function as expected. Workflow Group assignments are now correctly applied, ensuring workflow steps follow the intended routing and ownership configuration.

Inventory Dashboard Navigation

Fixed an issue that prevented the Inventory Dashboard from opening when users selected the corresponding scorecard. Users can now successfully navigate from the scorecard to the Inventory Dashboard for a seamless reporting and analysis experience.

[6.34.55] - 2026-06-09

Changed

• AWS Integration Performance update
  • Move all ComputeCollector boto3 clients to init for thread safety
  • Fix EC2 double-pagination — single-pass describe_instances
  • Batch ECS describe_clusters — O(n) API calls → O(1)
  • Parallelize AMI batch describe_images calls
  • Parallelize collect_all() with ThreadPoolExecutor — 5-10x speedup
  • Stream Security Hub findings page-by-page to prevent OOM
  • Remove unconditional 200ms sleep between Security Hub pages
  • Use compact JSON serialization for inventory cache
  • Pre-compile SEVERITY_PATTERN regex at module level in common.py
  • Stream findings through consolidation — remove list() materialization in sync_findings

Fixed

• Fix FedRAMP CIS import crash on vendor workbooks with single-row headers
  • Guard out-of-bounds access and log extra CIS columns
• AWS Integration
  • Add NextToken pagination to fetch_aws_findings_v2 and fetch_aws_resources
  • ClientError fallback, and add test coverage

[6.34.50] - 2026-06-08

Added

• RSA Archer controls, findings, and evidence synchronization into RegScale
• Tanium CIS benchmark import to RegScale security checks
• FedRAMP DRF import (import-drf) now accepts --skip-rows to handle workbooks with title or metadata rows above the column header row

Changed

• AWS CloudTrail, S3, and SSM evidence integrations now produce one assessment and issue per failing NIST control per resource instead of collapsing multiple control failures into a single record

Fixed

• libxml2 explicitly installed in the Airflow container image to ensure the patched version is present and CVE-2026-43500 is resolved
• CSAM import now reports per-domain partial failures in an end-of-run summary instead of silently masking a failed sync as a clean run
• CIS/CRM import now directly scans the Instructions tab for the exact "System Name" header cell and reads the value from the row below it as a fallback when the primary column-header detection does not resolve a name
• CIS/CRM import no longer crashes with IndexError or ColumnNotFoundError when the Instructions worksheet has fewer than four header columns
• FIPS container image now correctly exposes the regscale command and imports the regscale module at runtime
• POAM import no longer degrades on large finding sets due to oversized batch requests
• POAM import severity mapping extended to handle full canonical severity strings (e.g., "II - Moderate - Reportable Condition")
• POAM import missing Status Date warnings now emitted as a per-sheet summary instead of one warning per row
• POAM import now accepts container image references and other non-HTTP URI schemes (e.g. docker://, oci://) as asset identifiers, so container-scan POA&M rows are no longer silently dropped
• Exception tracebacks are now automatically included in log output when an error occurs inside an except block