Enhancements

• Expanded STIG Synchronization Support

  • Added support for synchronizing Wiz STIG checks through the XCCDF Benchmark workflow, providing a more streamlined integration experience.

• Export Pre-flight Validation

  • Introduced pre-flight validation for eMASS exports to identify potential issues for eMASS required fields before document generation begins, reducing failed export attempts.

• SLCM Import Support

  • Added support for importing System Life Cycle Management (SLCM) data through the CLI to simplify onboarding and migration workflows.

• Enhanced eMASS Export Templates

  • Updated eMASS export templates with the latest supported versions as of 06/23/2026.
  • Removed legacy highlights and comments carried over from previous template versions to produce cleaner exports.

• New Audit & Assessment Experience

  • Introduced an updated Audit and Assessment user interface with improved navigation and usability.

• Export Performance Improvements

  • Optimized export processing to improve performance and responsiveness, particularly for larger datasets.

• Improved Data Import Reliability

  • Enhanced CLI import processing to better detect existing users during POA&M imports.
  • Improved handling of custom field mappings during eMASS CLI imports.

• Improved Vulnerability Processing

  • Enhanced server-side processing to use vulnerability-specific security check data when generating Issues, improving the accuracy of imported findings.

Fixes

• Fixed an issue where conditional visibility rules for Special Type Description fields did not evaluate correctly.

• Removed obsoleted required fields that could unnecessarily block user workflows.

• Resolved an issue that could produce corrupted export files when documents contained empty tables.

• Fixed an issue where asset manufacturers were not retained during batch asset creation or update operations.

• Corrected navigation behavior in Lightning Assessments, including improvements to tab scrolling.

• Improved currency field formatting by limiting input width for better usability.

• Removed the default Major Application value from System Type where it was incorrectly applied for DoD workflows.

• Fixed display issues where Cloud-related fields appeared even when the associated functionality was not enabled.

• Disabled the Move To action for sub-module fields where the operation is not supported.

• Resolved an issue that could cause assessment milestones to appear incorrectly in POA&M exports.

• Fixed an issue preventing users from creating new Issue records under certain conditions.

• Corrected the Asset Issue dialog so open Issues are displayed as expected.

• Removed the Assessment Result field from Assessment records where it should not be displayed for DoD workflows.

• Fixed processing logic so disabled fields that cannot be modified are no longer unnecessarily evaluated.

• Corrected an issue where eMASS Test Result exports did not populate associated test data.

• Addressed multiple user interface improvements and navigation inconsistencies throughout the application.

• Implemented a variety of additional stability, reliability, and usability improvements across the platform.

Changed

• Wiz vulnerability sync now applies the configured Wiz Issue defaults (identification, status, security checks) to derived Issues instead of platform defaults
• Wiz STIG sync now uploads XCCDF results in the format the platform's checklist import expects

Fixed

• Vulnerabilities rolled up from ephemeral Wiz instances now persist on the parent asset instead of being auto-closed and hidden from the default view
• FedRAMP Appendix A import now captures all control parameter assignments from the Control Summary tables, not just rows labeled "parameter"
• FedRAMP CIS/CRM import now matches control objectives case-insensitively and warns clearly when a catalog's objectives can't be matched
• Wiz syncs no longer flood the log with status-mapping warnings when the open-issue status is set to Ongoing
• Wiz-discovered assets now receive the correct Hardware or Software category from the Wiz asset type instead of defaulting to Other
• Wiz-derived Issues now record "Wiz" as the identification source detail
• Wiz-derived Issues no longer force a constant value into the per-finding security checks field by default
• Wiz vulnerability findings now populate the Plugin Output field with the finding's description instead of leaving it empty
• Wiz CVE-based findings now map to NIST controls RA-5 and SI-2 on derived Issues
• Wiz vulnerability sync no longer creates placeholder assets for findings whose asset is missing from inventory, instead skipping them and reporting the gap in an end-of-run summary
• Wiz vulnerability findings on ephemeral AKS scale-set members are now rolled up to the parent cluster instead of being skipped
• Wiz vulnerabilities now match their inventory assets reliably, resolving the long-standing duplicate-asset issue
• Wiz post-sync now populates standard form fields such as Raw Severity, matching field names case- and whitespace-insensitively
• Asset created and updated timestamps are now emitted in ISO 8601 format accepted by downstream validators
• Scanner imports no longer drop findings when a scanner reports a non-string IP address value
• eMASS SLCM workbook import now writes Compliance Status and SLCM Comments to their native fields, restoring round-trip fidelity with the Rev5 export
• eMASS SLCM workbook import no longer imports computed risk columns that can't be reliably restored from the workbook

Added

• wizVulnSecurityChecks setting to control the security checks value applied to Issues derived from Wiz vulnerabilities
• Wiz stig_checks command to sync STIG and CIS benchmark check results into RegScale security checks, assessments, and control test results
• XCCDF Benchmark and Rule models with full RegScale API coverage
• Checklist import_results helper to upload CKL, CKLB, or XCCDF results files

[6.31.1.3] 06-25-2026

Enhancements

Expanded Vulnerability Management and Assessment Capabilities

• Added support for importing XCCDF TestResults into the assessment pipeline, enabling organizations to leverage additional security assessment data sources within RegScale.
• Enhanced CKL/CKLB import capabilities to capture and store additional assessment metadata, providing greater fidelity and traceability for imported checklist data.
• Updated vulnerability processing to automatically associate vulnerability-derived issues with affected assets, improving reporting accuracy and remediation tracking.
• Enhanced vulnerability mappings and processing performance through optimized bulk operations, significantly improving import efficiency for large environments.
• Added support for populating affected controls and control parts during vulnerability processing, improving control-level visibility and remediation workflows.
• Expanded the CKL data model and import services to support additional checklist information and future assessment use cases.

Improved Compliance and Export Functionality

• Added support for SLCM exports, expanding available compliance reporting options.
• Updated import, export, and form mappings to improve alignment with eMASS data structures and workflows.
• Added export pre-flight validation checks to identify potential issues before export generation.
• Updated Framwwork Importer manifest support to align with current requirements.
• Enhanced asset mapping capabilities during imports to improve asset identification and correlation accuracy.

User Experience Improvements

• Modernized CKL and CKLB user interface views for a more streamlined assessment experience.
• Removed unnecessary visual indicators from submodule input fields to improve form usability and reduce user confusion.
• Added new form enhancements and field updates across the platform.
• Updated Result Severity field handling to provide more accurate assessment data representation.
• Improved inventory scorecard reporting by reducing noise from assets that do not contain vulnerabilities or issues.

Platform Reliability and Maintainability

• Removed legacy eMASS Rev 4 export options that are no longer supported.
• Streamlined export option management and cleanup processes.
• Removed deprecated SDK dependencies from the core application, reducing platform complexity and improving maintainability.
• Added data consistency safeguards to ensure system-defined fields are correctly identified and managed.
• Enhanced custom field handling and validation to improve platform stability and configuration integrity.

Fixes

Vulnerability Management

• Fixed an issue where repeated Wiz vulnerability imports could create duplicate issues when no changes existed in the source data.
• Fixed an issue that prevented customized default issue statuses from being honored when creating vulnerability-derived issues.
• Corrected vulnerability processing behavior that could overwrite customer-defined issue values with system-generated values.
• Fixed an issue causing vulnerability rollup API requests to fail when no vulnerable assets existed in the environment.
• Resolved an issue affecting vulnerability status board reporting when viewing data by asset.

Assessments and Workflows

• Fixed an issue where questionnaire review assignments were not appearing in Notifications or Workbench views.
• Fixed an issue preventing workflows from being added to Continuous Monitoring and Master Assessment configurations.
• Corrected checklist import behavior so failed control implementations are properly transitioned to an "In Remediation" state when appropriate.
• Added validation to ensure imported SCAP benchmark files are recognized and processed correctly.

Rules, Forms, and User Interface

• Fixed an issue where conditional rules for Cyber Reportable POA&Ms did not correctly disable editing when records were no longer in Draft status.
• Fixed a classification selection interface issue that could impact user interaction with classification fields.
• Resolved a conditional visibility issue where Special Type Description fields did not display correctly for multi-select values.

Imports, Exports, and Integrations

• Fixed a framework import edge case that could cause import failures under specific blob storage conditions.
• Corrected eMASS HW/SW Rev. 5 export behavior to properly support numeric values in software licensing cost fields.
• Improved export reliability and consistency through additional validation and cleanup updates.

Data Integrity

• Fixed data migration behavior to ensure system fields are correctly identified as non-custom fields.
• Improved issue and vulnerability correlation accuracy by ensuring asset mappings are created consistently during automated processing.
• Fix TDS packet size exceeding TLS record limit on encrypted SQL connections.

Known Limitations and Considerations

RE: TDS packet size exceeding TLS record limit on encrypted SQL connections.

• On a TLS-encrypted connection, each TDS packet must fit inside a single TLS record (max plaintext fragment 16,384 bytes / 2^14). A 32 KB packet size negotiates to 16,442 bytes, which is over the limit.
• TDS PacketSize is now configurable and default it to the largest value that is provably safe on an encrypted connection: 16,368 bytes.

Changed

• Nessus scan imports now parse every file with a single streaming pass, reducing memory use and speeding up large imports
• Nessus STIG and CIS compliance results now create security checklists and POA&M issues instead of vulnerabilities, and re-scans correctly close remediated compliance POA&Ms without affecting other scanners' findings

Fixed

• SARIF vulnerability import no longer requires Synqly and parses SARIF files directly
• SARIF import now reports accurate created and updated vulnerability counts
• OpenText WebInspect and other JSONL-based scanner imports no longer crash when no scan date is provided, defaulting to the current date instead
• Tanium Cloud vulnerabilities now report Critical severity using CVSS v3 data instead of being capped at High
• Tanium Cloud vulnerability CVSS v2 and v3 base scores are now recorded in their correct fields

Added

• Tanium software bill of materials (SBOM) records in CycloneDX format, generated from endpoint installed applications and linked to each asset during asset synchronization
• Optional source name for Trivy and Grype imports, recorded in scan history and used to group same-day imports

[6.34.70] - 2026-06-18

Changed

• eMASS POA&M Rev5 import now writes the workbook's Raw Severity and Recommendations columns to the native Issue fields used by the form, so imported values appear on the Basic Info and Risk Assessment Details tabs and round-trip cleanly through the platform's POAM Rev5 export

Fixed

• FedRAMP Appendix A import no longer appends the next control's heading and statement text to the previous control's last implementation part
• Scanner asset map loading no longer fails with a GraphQL field-cost error on plans with many assets, so findings such as STIG checklist results map to their assets and create security checks
• Tanium Cloud asset synchronization no longer fails because of an unsupported software bill of materials field in the endpoints query

Added

• Tanium software bill of materials (SBOM) records in CycloneDX format, generated from endpoint installed applications and linked to each asset during asset synchronization

[6.34.65] - 2026-06-16

Changed

• Compliance scans no longer create issues from failed control assessments by default; failed controls remain visible on their assessments, and setting complianceCreation to Issue or POAM opts back in
• Documented the vulnerabilityCreation options: IssueCreation flags past-due issues as POAMs at import time, PoamCreation flags every issue as a POA&M

Fixed

• Axonius and FedRAMP POAM commands no longer fail to load when an environment has incompatible NumPy or pandas versions installed
• AWS Inspector sync now creates assets before submitting vulnerabilities so vulnerability-to-asset mappings are created on the first run
• Vulnerabilities consolidated across multiple assets now link to every affected asset instead of none
• AWS Security Hub and Inspector vulnerability imports no longer lose asset links and POAM creation when large batches time out and retry
• Large vulnerability batches now retry in smaller chunks instead of failing repeatedly with the same oversized payload
• Nessus assets and vulnerabilities now link correctly when the scan reports an invalid or multi-value host IP
• Very large Nessus scan files now stream assets the same way findings are streamed, so hosts are no longer dropped and the platform no longer creates empty unknown assets for their findings
• Nessus issues now link to their scanned asset instead of being attached to an unrelated unknown asset
• OpenSCAP imports now identify hosts by IP address when no hostname is present, instead of grouping unidentifiable hosts under a single shared unknown asset
• Nessus findings now use the scan date recorded in the file instead of the import date, including for very large files processed by the streaming parser
• Issues generated from vulnerabilities are now flagged as POAMs on every import path when vulnerabilityCreation is set to PoamCreation; deployments already configured with PoamCreation will see issues marked as POA&Ms starting with their next import
• Description-truncation warnings during bulk scan imports now log once per run instead of flooding the log with one warning per finding

Purpose

RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.

This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA). This is a hotfix release for early adopters to fix bugs summarized below.

What's Fixed

This hotfix enables early adopters to correctly use the Qualys integration’s sync_qualys command to download larger Qualys Knowledgebase vulnerability datasets with a reliable fallback mechanism.

[6.34.59] - 2026-06-15

Added

• eMASS API commands (emass_api) for POA&M, control, milestone, and artifact synchronization are now available
• eMASS XML import now uploads referenced artifact files to the System Security Plan when they are present alongside the export
• Per-asset Issue/POAM creation for Prisma Cloud and Qualys scans when issueCreation is set to PerAsset, creating a separate record for each vulnerability-asset pair
• Configurable on-disk caching of Qualys KnowledgeBase data between syncs via qualysKbCacheHours

Changed

• eMASS integration now targets the RegScale v2 API for all platform operations
• Qualys vulnerability enrichment now fetches KnowledgeBase details in targeted batches instead of downloading the entire KnowledgeBase, with truncated responses followed to completion

Fixed

• eMASS control synchronization now resolves NIST control acronyms so control implementations push to eMASS as Test Results
• eMASS POA&M push and artifact upload now send correctly formatted requests instead of failing validation
• eMASS XML import no longer silently skips artifacts; missing artifact files are reported in the import summary
• Prisma Cloud CVE deduplication now links consolidated vulnerabilities to every affected asset instead of only the first
• Vulnerability imports now warn when records have no asset identifier instead of silently skipping asset linkage
• Qualys syncs with a single KnowledgeBase result no longer fail to parse
• Qualys sync progress now shows one task per phase instead of one per asset
• Resolved a dependency conflict that could corrupt installations when optional extras are installed
• CLI startup crash caused by a NumPy 1.x/2.x version mismatch after upgrading; numpy, pandas, and pyarrow are now pinned to compatible versions
• Updated aiohttp and pyjwt to patched releases that address known security vulnerabilities

Purpose

RegScale Orchestration Hub (ROH) enables organizations to automate the import and export of data between RegScale and external systems through configurable integrations and commands.

This beta release is intended for early adopters and validation of core orchestration capabilities. Functionality, supported integrations, and performance characteristics may change before General Availability (GA). This is a follow-on hotfix release for early adopters to fix bugs summarized below.

What's Fixed

This hotfix enables early adopters to use Okta single sign-on per our documentation.

[6.31.1.2] 06-11-2026

Fixes

Workflow Group Assignment Reliability

Resolved an issue where assigning a Workflow Group to a step did not persist or function as expected. Workflow Group assignments are now correctly applied, ensuring workflow steps follow the intended routing and ownership configuration.

Inventory Dashboard Navigation

Fixed an issue that prevented the Inventory Dashboard from opening when users selected the corresponding scorecard. Users can now successfully navigate from the scorecard to the Inventory Dashboard for a seamless reporting and analysis experience.