CHANGELOG
10 months ago by ReadMe API
CHANGELOG
[5.18.1] - 2023-09-29
Added
- Security: Added support for OAuth authentication for email security
Changed
- Policies: parameters are now only required if the status is "Active"
- Removed CQRS from Asset module
- Added Asset Service to handle all business rules of the Asset controller and added correct swagger documentation
- UX: Addressed spacing issues on password toggle
- Bug Fix: New risks created via the Risk Assessment Wizard do not require a target risk score
[5.18.0] - 2023-09-27
Added
- Components: Added external ID field and API for ease of integrating with outside tools/data
- FedRAMP: Added fields to support FedRAMP Rev 5 requirements for Leveraged Authorizations
- FedRAMP: Expanded interconnect module to support FedRAMP Rev 5 requirements
- FedRAMP: Added fields to support Risk Exposure Template export in Rev 5
- Lightning Assessment: Now shows parts and parameters on the left side view
- Lightning Assessment: Now shows the parent security control on the left side view
- Lightning Assessment: Left and right side are now independently scrollable
- Lightning Assessment: Now allows incremental progress (can save 1 control at a time)
- Lightning Assessment: Now allows editing assessments
- Lightning Assessment: Allows you to flag an issue as reportable and will auto-generate an issue
- Questionnaire Security: Added access control for both internal and external users
- Ability to export POA&MS from a Security Plan as FedRAMP Rev 5 Risk Exposure Excel workbook
- UX: Added persistent footer to the application
- Workflow: Added options for assigning workflows and building new ones using the subsystem
- Workflow: Added ability to assign and create workflows directly to a manager
- Issue Screening: Added quick action buttons to create Causal Analysis records
- UX: Workbench is now the default landing page
- FedRAMP Rev 5 SSP Appendix A export in Word format
- FedRAMP Rev 5 CIS export in Excel
- FedRAMP Rev 5 Test Case Procedure export in Excel at Security Plan level and Continuous Monitoring level
- Continuous Monitoring tab now has a "Create New" button
- Issues: new fields for manual issue detection
- Web accessibility attributes for the RegScale logo, notifications area, and page landmark regions
- Questionnaire question file upload support
- Workflow: Added a new API for creating custom workflows programmatically
Changed
- Performance: Optimized page loads for RegScale forms
- UX: Change list view fields for Privacy Impact Assessments
- UX: Consolidated dashboards into the List View system of modules
- UX: Removed sidebar from left side of the screen
- Performance: Improved indexing on Components
- Performance: Improved query speed when retrieving a Security Control or Control Implementation
- Context Viewer: Now shows the part description when creating a new option and auto-closes once option is completed
- Enhancement: Catalog error messages now persist on the page when uploading
- Bug Fix: Removed duplicate FedRAMP tab on Control Implementations
- Bug Fix: Risk scorecard now renders properly
- Added logic to ReadMe.io version update during release pipeline to parse the version from the environment first, then defaults to version # in package.json
- Bug Fix: Addressed issue where Control Context Viewer always returned to Parts when editing Parameters
- Bug Fix: Addressed you are already logged in bug when redirected to login page
- Bug Fix: Addressed various issues with maintaining questionnaire state
- Print: FedRAMP fields added to control implementation printable form
- Bug Fix: Global admin redirect now works properly
- Bug Fix: Editing tasks in the Kanban subsystem does not result in console errors
- Bug Fix: Ports and Protocols table is present in the FedRAMP SSP (Rev 4 and Rev 5) export
- Bug Fix: Supply Chain contract owner dropdown does not contain duplicated usernames
- Bug Fix: Issue ID is returned as part of the
api.issues.create
event - Bug Fix: Login banner must be acknowledged before using the application after login
- Security: Patching NPM vulnerabilities
- Updated the executive summary text for the FedRAMP SSP Rev 4 templates (Moderate and High)
- Bug Fix: Catalogue export as OSCAL JSON uses correct encoding
- Added 'deprecated' label for FedRAMP Rev 4 SSP and continuous monitoring exports
- Bug Fix: Leveraged authorizations appear in FedRAMP SSP export
- Questionnaire: Process questionnaire rules when dropdown answer changes
- Bug Fix: Validation in the policy form and policy template now apply together
- Bug Fix: Automation panel only shows DAG execution date-time
- Bug Fix: The api/Organizations/getList endpoint correctly displays organization managers and manager IDs
- Bug Fix: Saving a new questionnaire presents a single toast notification
- Bug Fix: Editing a questionnaire QUID doesn't automatically move the cursor to the end of the QUID
- Questionnaire instance comparison export (Excel) format is now one instance per row
- Questionnaire rich text editor control styling matches the rest of the application
- Updated SSP's MegaAPI result to include an asset's list of software inventories
- Bug Fix: Addressed issue with updating a Task within the Event system
- Lines of Inquiry: Now warns you if navigating forward or back without saving
[5.17.1] - 2023-09-13
Added
- UX: Can now create a new profile from the Builder Wizard
Changed
- Bug Fix: Custom fields dropdown list addresses issue with adding new items
- Bug Fix: Addressed SSO login issue for thin provisioning and logging in new SSO users
- Bug Fix: Addressed issue with launching Security Profile importer
- UX: Replaced Digital Signature with Electronic Signature labels
[5.17.0] - 2023-09-12
Added
- Questionnaire: Add execution constraint to rules to limit when certain rules are executed
Changed
- Cause Code Admin Panel for Causal Analysis
- Sonarqube integration for issues
- Updated CSP Name for FedRAMP Test Case Procedures export to use CSP Organization Name from the Preparation tab of the Security Plan
- Questionnaire: Allow various Action Functions to accept list of questions to change
- Questionnaire: Make Action Functions resilient to updating question (quid) that does not exist
- Questionnaire: Update rules of open instances when updating open instances
- Support: Improved logging for toasts to assist with testing and debugging
[5.16.3] - 2023-09-11
Added
- Ability to dynamically set fields to read-only based on record state
- List Views: Added ability to create a child record from the list view
- Security: Hardened JWT timeout checks for all Angular routes
- Reports: Improved FedRAMP export of the Risk Exposure Report
- Workflow: Now supports management approvals
- Workflow: Added functional role assignments
- Workflow: Added action system
- Workflow: Added comments, files, and links to the workflow record viewer
Changed
- UX: Catalog importer moved to the list view next to the "New" button
- UX: Improved formatting of the print screen
- Bug Fix: Removed FedRAMP tab from SSP
- Bug Fix: Added FedRAMP tab to control implementations
- Bug Fix: Navigation system not showing titles as links
- Bug Fix: Addressed error on Group retrieval
- UX: Improved formatting of the user list in the Admin panel
- Bug Fix: Manage risk visualization on home page updated
- Bug Fix: Issue screening now pulls the correct comments, files, and links
[5.16.2] - 2023-09-08
Added
- FedRAMP: Added risk fields to POA&M to support the Risk Exposure Template export
- Metadata: Added reseeding option to the Admin panel (accommodates new changes over time to picklist)
- Automation: Support for scheduling, pausing, and checking status of Airflow jobs
- RegML: Added license confirmation box allowing all SaaS customers to opt-in to AI/ML capabilities in RegScale
- Ability to export FedRAMP POAMs for Rev 5
Changed
- Enhancement: Refactored seed metadata method to be consistent across the application
- Bug Fix: Added SQL check to skip some specialized indexing for unsupported SQL Server versions
- Bug Fix: User activation API returns 400 when the request is empty
- Accessibility: Added more keyboard-based navigation and alternative text content
- Bug Fix: Required field count and completion percentage for new records works correctly
- Bug Fix: After making a change on a control implementation record, when navigating away and choosing "Cancel" no navigation occurs
[5.16.1] - 2023-09-07
Added
- N/A
Changed
- Bug Fix: CONMON display fix for progress report
- Bug Fix: Addressed issues looking up Security Plans on controls list view
- Performance: Database index tuning based on Azure recommendations
- Performance: Multiple query optimizations for fetching control implementations
- Performance: Refactored Navigation system query to be more performant
- Bug Fix: Addressed issue where subsystems would sometimes not show for a control implementation with related evidence
- Bug Fix: Setting a new task as Closed updates the percent complete to 100%
- Bug Fix: Phone number fields on questionnaires require a valid phone number before saving
- Bug Fix: Security Control Implementations list view Control ID sorting matches other Control ID sorting in the application
[5.16.0] - 2023-09-06
Added
- FedRAMP: POAMs now export as OSCAL
- FedRAMP: Added XML Export for OSCAL SSPs
- Security: All event logging is now performed server side
- Performance: Optimized the subsystem count query to be more performant
- Issue Status: Can now manage the full lifecycle with status gates and workflows
- Flag to dynamically set fields to readonly based on workflow
Changed
- Bug Fix: Added fix for multiple quick clicks of the login button
- Tech Debt: Forms now centrally driven by a single config (pre-requisite for enabling custom data labels in the future)
- Explanation for Other than Operational Status field is only required for FedRAMP SSPs now
- OAuth: Fixed login issue to improve Okta support
- Security: Now record date a user was deactivated
- 508 Compliance - added scope attribute to table headers
- DEPRECATED API: Removed all GetAll endpoints, now requires using filter methods or paging in GraphQL to avoid performance impacts
- Bug Fix: New Requirements form tab names match the cockpit section names
- Bug Fix: Added missing fields for advanced search in questionnaire
- Bug Fix: Counts in Risk by Trend chart on the main dashboard match the number of records in the drilldown modal
- Bug Fix: Moving a slider no longer reloads a tab's data
- Bug Fix: Changing a security plan's status updates the form to trigger validation rules
- Bug Fix: Scorecards, Status Boards, and Gantt charts now use the same query
- Bug Fix: System roles pulldown now provides a "blank" user since it is no longer required
- Bug Fix: Addressed many role-based authorization queries based on specialized roles
- UX: Fixed minor rendering issue with search bar on Status Boards
- UX: Added line breaks to Implementation Part statements
- UX: Fixed issue with comments tab sometimes rendering off screen in Lightning Assessments
- Bug Fix: Control Implementations and Requirements now require a parent ID and parent Module
- Bug Fix: Addressed issues with Security Plan not printing controls in Community Edition
- UX: Group manager now displays the group ID in the list
- Error Logs - now supports a back button
- Tech Debt - removed legacy SecurityPlanId field from Control Implementations
- Bug Fix: Changed questionnaire Rules field back from RichText to TextArea
- Made event topics more consistent
- Bug Fix: Source OSCAL URL field saves correctly when creating a new catalogue
- Removed event manager columns pertaining to Active status and updated list filtering
- Saving after adding a new questionnaire section works as expected when reloading the page
- Questionnaire: email question type supports validation before proceeding
- Questionnaire: Renders properly if the questionnaire only has instructional questions
[5.15.4] - 2023-08-31
Added
- Questionnaire: Export one or more responses to a single Excel worksheet
- Accessibility: Additional support for tab-key navigation, aria labels for icons
- Data Subsystem - Code Mirror added for editing raw XML and JSON in the platform
- FedRAMP: POAMs now export as OSCAL
- FedRAMP: SSPs now export as OSCAL
- FedRAMP: Added new fields to stakeholder system and flag to set if Individual or an Organization
- FedRAMP: Can now add external stakeholders to a system role assignment (previously was just internal users)
- FedRAMP: Added new features to support tracking Cryptographic modules
Changed
- Bug Fix: Addressed periodic issues in pulling Status Board data for Security Plans
- Tech Debt: Improved POST/PUT APIs for Facilities and Stakeholders
- Tech Debt: Improved OSCAL XML export code for SSPs to be more resilient
- Catalog MegaAPI for efficiently fetching a catalog with all related child data (controls, parameters, tests, options, etc.)
- Bug Fix: Text-based questionnaire answers are not accepted if they contain only whitespace
- Bug Fix: DOE SSP export matches new data and formatting requirements
- Bug Fix: Asset Type field only appears on the Basic Info tab for Assets
[5.15.3] - 2023-08-29
Added
- Logic to prevent duplicate file names when uploading a file to a record
- API endpoint to rename duplicate files for a provided record ID and module name
- FedRAMP: Lightning assessments now support Risk Analysis
- Mini-Subsystem - added to Lightning Assessments, can add files, comments, and links at the assessment test level along with assigning Quick Actions - Request Evidence or Create Issue
- RegML Auditor for control implementation evaluation (BETA)
- FedRAMP - added asset types to components
- Logic to prevent duplicate file names when uploading a file to a record
- API endpoint to rename duplicate files for a provided record ID and module name
- Swagger: Brought documentation for the Push Notifications endpoints up to standard
- Delegate System: Profile now allows you to set delegates for your approvals
- Create endpoint for Ports and Protocols available via Swagger
- Functional Roles: Ability for administrators to define functional roles and to add users to those roles
- "Create" endpoint for Ports and Protocols available via Swagger
- Event-based Architecture: Added events for questionnaire status changes
- System URL text field on the Basic Info tab in Security Plans
- API endpoint for creating a classified record
- Organization URL text field on the Organization Manager form
- FedRAMP: RegScale Assigned User is now an optional field on a System Role
Changed
- UX: Administration panel for system administrators now shows options in Alphabetical order
- Bug Fix: Changing SSP status to anything other than Operational sets Explanation for "Other than Operational Status" as required
- Bug Fix: Questionnaires module does not appear in the user menu when it has been disabled
- Bug Fix: Changing an asset's category updates the available tabs accordingly
- Bug Fix: Setting an incident's phase as "Closed" makes the Date Resolved field required
- Tech Debt: Optimized TypeScript library loading with Angular
- OSCAL: Objectives renamed to "Parts" throughout the UI to align with current NIST/FedRAMP terminology
- Removed drill-down from module record History charts
- Updated all exports generated from RegScale follows a naming convention that ends
_YYYYMMDD
- Several fixes for DOE template and SSP exports in general
- Bug Fix: Questionnaires required to have at least one section
- Analytics (dashboards) side nav only displays dashboards for which the current user can access with their roles
- Navigating via URL to a dashboard the current user doesn't have access to shows a toast notification and redirects to the home dashboard
- Bug Fix: Evidence Locker advanced search works correctly for Date Created and Evidence Owner fields
[5.15.2] - 2023-08-25
Added
- FedRAMP: Ability to assign multiple sources, origination, and status at the control implementation level
- Questionnaires: Ability to download the Excel import template
- Questionnaires: Ability to export questionnaire to Excel
- Questionnaires: Ability to export a questionnaire response to Excel
- Questionnaires: Ability to modify a questionnaire that has already been published
- Keyboard accessibility for the form menu (e.g., back, save)
Changed
- Bug Fix: Advanced search for a blank item in a picklist now works properly
- Bug Fix: Addressed validation logic on new Security Plans
- Bug Fix: Addressed issue deleting Lines of Inquiry
- Bug Fix: Removed roles from the workbench
- Tech Debt: Added missing IDs on links to support testing automation
- Tech Debt: Truncate strings for Excel exports to avoid corrupting the workbook
- Performance: Refactored required field validation to be more performant on the client side
- Infrastructure: Event topic names are pluralized
- Bug Fix: Webhook form saves successfully even with a misconfigured webhook
- Bug Fix: Marking a task as "completed" requires the user to enter a value for the Date Completed field
- Bug Fix: By Point of Contact chart on the Incident Response dashboard renders user names correctly
- Bug Fix: Required custom fields for a new Case Management record appear in the cockpit regardless of status change
- Bug Fix: Fixed issue with security profiles being unable to update
- After assigning a questionnaire the Responses tab is automatically updated to reflect the new assignment
- UX: Improved the display of the control in the Lightning Assessment and added deep link to view the parent control
- Bug Fix: When creating a new questionnaire form, the Builder, Assignment, and Responses tabs require saving the questionnaire first
[5.15.1] - 2023-08-24
Added
- Reporting: New report showing all comments on controls for a given Security Plan
- Loading spinner to Inheritance Engine to show progress as work is executing
- Keyboard accessibility for top nav bar and left nav bar (WCAG)
Changed
- Improved alerting and labeling when a parent security control is not found for a control implementation
- Bug Fix: Addressed issue with inheriting between Security Plans
- Bug Fix: Functional areas can now be searched for Assessment Plans
- Bug Fix: Server side auditing working properly for comments
- Bug Fix: Addressed console error when loading components for an SSP
- Bug Fix: Print Preview shows all pages
- Bug Fix: When creating a new task with a closed status, the cockpit correctly lists required fields completion
- Bug Fix: Questionnaires save correctly when the created-by and last-updated-by user are the same
[5.15.0] - 2023-08-23
Added
- FedRAMP: System Roles can now have multiple users assigned
- FedRAMP: Add button to auto-assign all FedRAMP defined system roles
- FedRAMP: Added explanation field if "Other" checked for Cloud Model
- FedRAMP: Added "Other" option for Cloud Deployment Model
- FedRAMP: Added Data Center tab to Security Plans
- FedRAMP: Expanded properties subsystem to add Label and Other Attributes fields (optional)
- Causal Analysis Role - restricts creating, updating, and deleting a Causal Analysis to users with this role (who normally have specialized training)
- Assessment Lines of Inquiry - multiple enhancements: Can dynamically add new lines of inquiry without a parent Assessment Plan and can apply multiple assessment plans
- FedRAMP: Added validation to the deployment option selections if a FedRAMP SSP (flag based on FedRAMP ID # not being empty)
- FedRAMP: Added "Under Major Modification" and "Other" status to components
- FedRAMP: Added Explanation for Other status to components
- FedRAMP: Expanded links to support external identifiers and attributes
- FedRAMP: Security Plans added field for explanation for Other than Operational status
- FedRAMP: Allows system role assignments at the Component and Control Implementation level (one to many)
- FedRAMP: References now support optional description field and UUIDs
- FedRAMP: Added Responsibility and Leveraged Authorization fields at the Control Objective level
- POA&M checkbox for Issues under POA&M Info tab to indicate if the issue is a POA&M item
- FedRAMP: Added all reference types allowed from FedRAMP to the References tab
- Metadata - added ability to define external keys for metadata (allows for mappings, i.e. to FedRAMP/OSCAL values), metadata is now editable
- Event Driven Architecture - added status changes and fixed several edge case bugs
Changed
- Tech Debt: APIs cleaned up to remove logging fields (Created By, Date Created, Last Updated By, Date Last Updated)
- Bug Fix: Improved validation for properties system on the server side
- Lines of Inquiry - added ability to remove a line of inquiry from a given assessment
- Tech Debt: Added many missing tables to the GraphQL layer
- Bug Fix: Export of DOE SSP fixes special character issues
- Bug Fix: FedRAMP Risk Exposure export will now display if any child items of the Security Plan has a risk associated to it
- FedRAMP POAMs Export will now only export issues with the POA&M checkbox checked under POA&M Info tab
- Bug Fix: Marking a security plan as "operational" makes key date fields required
- Swagger: Brought documentation for the Threads endpoints up to standard
- Bug Fix: Marking an assessment as "complete" marks newly required fields as required
- Bug Fix: Marking a case as "complete" marks newly required fields as required
- Bug Fix: Marking a causal analysis as "complete" marks newly required fields as required
- Bug Fix: Marking a data call status as "complete" marks newly required fields as required
- Bug Fix: Marking an exception status as "complete" marks newly required fields as required
- Bug Fix: Marking an incident status as "complete" marks newly required fields as required
- Bug Fix: Marking an issue as "complete" marks newly required fields as required
- Bug Fix: Marking an interconnection status as "complete" marks newly required fields as required
- Bug Fix: Marking an project as "complete" marks newly required fields as required
- SECURITY: Hardened forgot password feature based on penetration testing recommendations
- Bug Fix: Marking a project as "complete" marks newly required fields as required
- Bug Fix: Marking a risk as "closed" marks newly required fields as required
- Bug Fix: Marking a threat as "mitigated" or "eliminated" marks newly required fields as required
- Bug Fix: Marking a policy as "active" marks newly required fields as required
- Added "Risk Accepted" status option for control implementations
- Change: "Partially Implemented" controls no longer require planned implementation date or steps to implement
- Changed the way team data is displayed SSP export (Word format)
- Moved SAP and SAR exports from Security Plans to Continuous Monitoring
- Event architecture: Added interceptor to handle status and severity changes
[5.14.1] - 2023-08-18
Added
- Org Chart Viewer - organization manager now lets you visually browse the org chart
- BETA: New version of DOE SSP export released
- SECURITY: Improved login experience for MFA and SSO users and hardened the process end to end (NOTE: Customers may want to test in DEV before rolling to PROD)
- Security Plans - added version field
- FedRAMP: Vulnerability system added to Continuous Monitoring
- FedRAMP: Added multiple new fields to support SAR exports (Actual Finish Date and flag for Date Adjustment for Corrections)
- Infrastructure to support unit testing
Changed
- Bug Fix: Paging now works properly for Service Accounts, improved layout of page formatting
- Security: NPM patching for vulnerabilities
- Security: Service account tokens now hidden in the UI, added copy button for ease of pasting with CLI and Swagger
- Improved RegML automated reviewer interaction with the control implementation form
- Bug Fix: Change validation for required fields now works properly on edits
- Bug Fix: Changing status to closed auto-sets % complete to 100 on saves and edits
- Updated CIS/CRM export to include Security Plan Name, CSP Name, and Security Plan's impact level to the Instructions tab
- Fixed incorrect logic for controls with an implementation status of "Not Applicable" in FedRAMP Test Case Procedures export
- Bug Fix: FedRAMP Risk Exposure export will now display if any child items of the Security Plan has a risk associated to
- Bug Fix: Custom fields only populate after save operation completes
[5.14.0] - 2023-08-16
Added
- Risk Scorecard
- Data Subsystem - stores raw JSON, YAML, and XML data for integrations
- Questionnaire: Added electronic signature support
- Questionnaire: Added new field types for Dates, Phone Numbers, and Emails
- Process questionnaire rules after each question response and choice change
- Added Questionnaires tab to the following modules to make it easier to navigate to associated questionnaires: Components, Policies, Security Plans, Supply Chain
- Questionnaires: Added alerts for unanswered required questions within current section before leaving the current section
- Questionnaires: Added support for linking directly to a specific page of a questionnaire
- Questionnaires: Added updating browser's displayed to specific page of a questionnaire when user navigates with Next and Back buttons
- Check to ensure the user is on a supported browser (Edge or Chrome)
Changed
- SECURITY: Patching of core .NET packages
- Improved validation and error handling for Control Objectives, Tests, and Test Plans
- Bug Fix: Addressed issue where validation of control implementations did not match server and client side preventing being able to update a reecord in "Not Implemented" status
- Bug Fix: Misconfigured/unavailable webhook endpoints yield better logging
- Bug Fix: Drilldown links for the Fix Problems dashboard display a modal a list view with the same number of records as shown on the dashboard
- Bug Fix: Assess Program dashboard modal links have list views that match the record counts shown on the dashboard
- Bug Fix: Assessment-role users have access to the Tasks module
- Bug Fix: When creating a system administrator with break glass account, system now checks config to make sure email is enabled before trying to send the email
- Bug Fix: Questionnaires can be submitted without being logged in
- Questionnaires: Navigating between questionnaire pages returns to the top of the page
- Questionnaires: Responses now have a back button
- Questionnaires: Rules are processed after each question response and choice change
- Questionnaires: Assigned By and Block Layout toggle removed from assignee view of the questionnaire
- SUPPORT: Added a new environment variable, "EMAIL_NO_TLS", to allow customers to disable TLS for email in legacy environments where it is not supported
- Questionnaires: Submitter name for assignees outside of RegScale no longer required for submission
- Bug Fixes: Fixed multiple bugs causing the FedRAMP Test Case Procedures export generating a corrupt Excel workbook
[5.13.0] - 2023-08-05
Added
- Support for webhooks to listen for specific events in RegScale externally
- Application Insights for SaaS monitoring and troubleshooting for Customer Success
- Architecture implementation for event queues and distributed processing
- Chart views have a checkbox to toggle auto-fitting of charts to the viewing region
- Questionnaire instances can be reopened
- Added email validation to bulk questionnaire assignment
- Backend support for questionnaire instance history
- Questionnaires: consolidated assignment functionality into a single screen
- Questionnaires: responses now show as a tab under the questionnaire record
- Questionnaires: now auto-generate a security token to provide access control protection for external users
- (Beta) SSP export in Department of Energy (DOE) format
- Support for Salesforce integration with issues for Case Management
- (Beta) Admin tab for events to allow managing event topics and webhooks
Changed
- Bug Fix: RegML Author button appears correctly based on tenant state
- Bug Fix: Drilldown works correctly on the My Activity tab of the Workbench
- Questionnaires: Can now be attached to any parent module (removed hard coding to Security Plans)
- Questionnaires: Consolidated functionality into instance table (removed assignment table)
- Questionnaires: Share link now opens in a new tab, added "Copy" icon
- Bug Fix: Questionnaire response form no longer reports console errors
- Bug Fix: Toast notification dismisses properly in Lightning Assessments
- Bug Fix: Addressed console errors when viewing a continuous monitoring record
- Bug Fix: Addressed RegML loading infinite loop when connection not found
- Bug Fix: Analyze Risk functionality in Lightning Assessments creates a risk record
- Bug Fix: Controls Author timeout increased to handle longer control implementation statements
- Bug Fix: Causal Analysis Step 2 renders correctly in dark mode
- Bug Fix: Target Risk Score field is required when creating a new risk
- Bug Fix: Users can be readonly for some modules and have greater rights in other modules
- Bug Fix: Chart views render correctly
- Bug Fix: Swagger page loads correctly
- Bug Fix: Outage Summary field displays in the cockpit if an outage is required
- Bug Fix: Close button on Workflows slideout works correctly
- Bug Fix: Controls and Implementations cannot be created without a parent
- Improved user feedback for bulk-assignment of questionnaires via email
- Improved performance of the recurrence components in Tasks, Assessments, and Data Calls
[5.12.0] - 2023-08-02
Added
- Performance: Optimized all Angular queries to eliminate slowed performance over time and need to refresh the application
- Questionnaire system supports grouping questions into sections
- Questionnaire system supports creating rules that can show/hide questions and set/clear answers based on user-defined conditions
- Questionnaire system Excel import supports multiple question types, required flag, section IDs, and question IDs
- Questionnaire system sends emails to assigned recipients
- Questionnaire system allows bulk assignment via Excel worksheet of recipients
- Organization Hierarchy support
- Properties endpoint to support batch updates
- Ability to create a new Assessment Plan directly from the assessment record
- Ability to auto-generate an issue from a failed Line of Inquiry on an Assessment Plan
- FedRAMP: Added fields for "guidance" and "constraints" to parameters
- Reports: Added Date Last Updated to the SPRS 800-171 Report
Changed
- Dropdown lists are initialized from configurations and are populated through Angular caching (support work for dynamic data labeling)
- UX: Improved data validation warnings across 34 different screens
- Bug Fix: Questionnaire responses display information instead of a blank page
- Bug Fix: Templates for FedRAMP Moderate and High include additional placeholders for Table 6-1 and 6-2
- Bug Fix: Drilldown and Status board counts for issues on an SSP match
- Bug Fix: Due date validation messages for tasks is easier to understand
- Bug Fix: For interconnects, IP addresses are validated only if non-empty
- Bug Fix: Assessment Plans list view displays correctly
- Bug Fix: URL fields in Supply Chain records support automated testing
- Bug Fix: Improved target risk score label in the Required Fields section when creating a new risk
- Bug Fix: List of required fields for new issues works correctly when changing issue status
- Bug Fix: Updated the Policies Controller such that Swagger loads correctly
- Bug Fix: Outage Summary field for Change records is only required for completed changes
- Bug Fix: Saved contents on the Lookups tab for Supply Chain records persist after page refresh
- Bug Fix: Charts on Issues by Severity Level by Status report render correctly
- Bug Fix: Changes module loads correctly
- Bug Fix: Addressed task validation error with due dates in the past
- Bug Fix: Fix for module name to re-display questionnaire responses in list view
- Bug Fix: RegScale user list populates correctly on page refresh
- Bug Fix: Deleting a questionnaire marks it as inactive
- Bug Fix: Default question for a new questionnaire is auto-assigned a unique ID (QUID)
- Bug Fix: Addressed some HTML formatting issues in the control test preview
- Bug Fix: Questionnaire link in email points to the unique response
- Change: Request Evidence is now the first option on the Lightning Assessment buttons
- Change: User baseball cards now have a header and dismiss modal button
- Change: Scorecard now shows % of controls assessed and % passing in Overall Compliance section
- Change: Removed closed issues from the Status Boards
- Change: Improved ability to handle unencrypted email via SMTP
- Change: Component Status Board only shows components that are active
[5.11.1] - 2023-07-20
Added
- Architecture support for feature flags
- Update endpoint for the Scan History API
Changed
- Bug Fix: Button colors for the Policy Template editor match the rest of the application
- Bug Fix: Policy Template editor renders properly in dark mode
- Bug Fix: FedRAMP SSP export handles missing controls and suppresses unnecessary errors
- Bug Fix: Documents that are generated directly into the Files subsystem have the correct content format
- Bug Fix: Method in Questions controller marked ignorable to Swagger
[5.11.0] - 2023-07-19
Added
- Risk Assessment Wizard
- Security: Login banner now forces the user to acknowledge the banner before proceeding
- Scorecards are now the default view for existing records on organizers
- CMMC Export for Components (uses inheritance)
- Questionnaires support multiple choice, checkboxes, and dropdowns
- Questionnaire builder supports required fields and question IDs
- Continuous Monitoring - can add all controls with a single button click (supports initial authorization flow)
Changed
- Moved Delete button further away from the save button to avoid accidental clicks
- Removed Authorizing Official (AO), System Owner, and ISSO as required fields for SSPs
- Improved user experience for the questionnaire response form
- Bug Fix: Addressed data validation errors and labels throughout the application
- Bug Fix: Addressed issue on SAR export
- Bug Fix: Addressed issue where the clickable area of a button was sometimes too large
- Bug Fix: Addressed new issue validation bug
- Bug Fix: Addressed miscellaneous problems with issue counts between Status Boards, Scorecards, and Gantt charts
- Bug Fix: Delete button now works on Teams and Tools tabs
- Bug Fix: Removed duplicate close buttons on the dashboards
- Bug Fix: Analysis button removed from Vulnerabilities tab for an asset record
- Bug Fix: Questionnaires must have at least one question before being assigned
- Bug Fix: Addressed issue where new SSO user button was not showing
- Bug Fix: Security Profile module is available for users with Evidence, Projects, Policies, Security Plans, or Supply Chain
- Improved user experience for the questionnaire response form
- Remediated vulnerabilities from UBI build process
- Bug Fix: Corrected typo on logged in alert message
- Bug Fix: Password validation checks for new users show green and red appropriately
[5.10.0] - 2023-07-12
Added
- Enterprise Risk: Added Risk Treatment tab to the Risk module
- Enterprise Risk: Added Risk Action tab to the Risk Module
- Enterprise Risk: Added fields for tracking timelines for conducting risk assessments of a risk
Changed
- Reports: Added "All Time" as a filter to date ranges (pull last 10 years of data)
- Questionnaire system supports submitting a questionnaire response
- Questionnaire system allows assigning a questionnaire to a security plan
- Bug Fix: Addressed issue with "auto-login" for SSO users after logging out
- Bug Fix: Fixed edge case on login logic
- Bug Fix: Service accounts can be deleted
- Bug Fix: Addressed data validation issue on the client side for assessments
- Bug Fix: Personal Access Tokens (PATs) cannot be created if the service account user cannot be created
- Bug Fix: Fixed many validation issues on new records
- Bug Fix: Security Plan tabs are hidden if the user doesn't have access to view the contents
- Bug Fix: Corrected CSS errors and legacy code
- Bug Fix: Corrected classification count in the subsystem (paging bug)
- Issue Screening: Severity Level, Issue Owner, and Due Date lock after screening
- Bug Fix: OSCAL FedRAMP SAP and SAR export options for Continuous Monitoring work as designed
- Tech Debt: Reduced build warnings by 68%
- Bug Fix: FedRAMP Risk Exposure export for Security Plans has applicable threats and mitigating controls/factors
[5.9.0] - 2023-07-05
Added
- Issue Screening feature
- Ability to generate tenant specific service accounts
- Labels shown in dashboards are dynamic rather than hard-coded
- OSCAL: SSP export - controls now export using the sort-id
- FedRAMP: Control implementation now use the NIST Control ID v/s the RegScale primary key in the export
- FedRAMP: Added planned implementation date and steps to implement for a control implementation
- FedRAMP: SSP exports now support FedRAMP status settings and control originations
- FedRAMP: System Roles now export in OSCAL for control implementations
- FedRAMP: Control implementations now properly export statements (objectives) using the by-component OSCAL format
- OSCAL: Attachments, Links, and Comments now export into the OSCAL SSP
Changed
- Bug Fix: Corrected data validation problem on issues
- Bug Fix: FedRAMP SSP responsible role field is populated by role instead of the owner name
- Bug Fix: All required fields for SSP system roles are identified and validated
- Bug Fix: Threat identified date cannot be in the future
- Bug Fix: Policy preview works correctly when uploading a new template
- Bug Fix: Lookahead view works correctly upon direct navigation by URL
- Bug Fix: The spinner deactivates and a message is displayed if a list view query fails
- Security: Added the ability to delete/revoke Service Accounts
- Bug Fix: Validation errors message in Issues module appears correctly at the bottom of the page
- Bug Fix: Issues Workflows dropdown in the Workflows subsystems supports scrolling
- Bug Fix: Minor fixes in the FedRAMP Test Case Procedures export
- Bug Fix: Confirm Account button for a new account works correctly
- Enhancement: Scorecard font increased for table view
- Tech Debt: Removed legacy issue severity level service
- Security: Tightened up MFA login to only use the current code (removed the recent code grace period)
- Bug Fix: Addressed issue with count being off 1 on Time Travel subsystem
- Enhancement: Replaced colored shield icon with padlocks to indicate public vs access controlled records
- UX: Validation errors now render inside of the alert v/s below it
- Bug Fix: Long lists of user roles now properly render on the Workbench panel
- UX: Assess button on Scorecard no longer switches sides on the card when toggling into Edit mode
- Bug Fix: Addressed Mega-API error when exporting system roles for a control implementation
- Bug Fix: Fixed grand totals column on the issues by severity report
[5.8.1] - 2023-06-29
Added
- N/A
Changed
- Security: Improved route trimming for the Global Admin
- UX: Improved tenant setup experience for Community Edition customers
- Improved system setup wizard (differentiates between Global Admin and System Administrator now)
- Bug Fix: Lightning Assessment toggle for implementation and evidence has a default state
- Bug Fix: Replaced bad link for Community Edition license registration
- UX: Minor formatting and button alignment tweaks
- UX: Addressed formatting on the user confirmation page
[5.8.0] - 2023-06-28
Added
- Questionnaire system supports adding questions to a questionnaire
- Assessment Plan Module with Lines of Inquiry
- Lines of Inquiry experience for conducting checklist based audits using the Assessment Plan module
Changed
- Tech Debt: Removed unused files from two code projects
- Bug Fix: Added attribute to an API method so that Swagger loads successfully
- Enhancement: Added button route information to support automated testing
- Bug Fix: Security Plans' GET API returns a 404 response when there is no security plan by a given ID
- Bug Fix: Importing a policy template Word document completes without a 500 error
- Bug Fix: User is informed why a policy template preview is unavailable
- Security: Nuget patching for vulnerabilities
- Bug Fix: Homepage dashboards with little or no data render correctly
- Bug Fix: List view of risks on Risk Dashboard has correct title/header
- Bug Fix: Section headers for the Risk Score card on the Risk Status Board are aligned
- Bug Fix: Better contrast on Analytics sidebar slide-out
- Bug Fix: Organization page renders properly when navigating via direct URL
- Bug Fix: Facility form in the Setup panel validates input
- Bug Fix: Control Implementation form shows validation messages
- Bug Fix: Improved validation on Variables and Secrets section of the Admin panel
[5.7.1] - 2023-06-21
Added
- N/A
Changed
- Fixed bug in FedRAMP Test Case Procedure export button not displaying
- Security: Patching of Nuget packages for .NET
- Bug Fix: Policy editor tab is hidden until a new policy is saved
[5.7.0] - 2023-06-14
Added
- Basic questionnaire builder features (BETA)
- Basic RegScale ML features (BETA - SaaS only)
- FedRAMP: Added System Role to control implementations
- FedRAMP: Added overlays to OSCAL SSP export in system characteristics
- FedRAMP: Added new fields to assets for FedRAMP
- FedRAMP: Added FedRAMP overlays to the inventory section of the SSP export
- Gantt view now allows for adding issues directly from the UI
- Lightning Assessment: added the parent, title, and description to the left panel
- Ability to make an implementation option private so that it is not shared
- FedRAMP: Excel export of test case procedures
- Reporting: Adding Evidence Locker files to the Component & Security Plans Evidence Reports
Changed
- Performance: Refactored breadcrumb/navigation system lookup to be significantly faster
- Performance: Refactored subsystem lookup to be significantly faster
- Bug Fix: Page titles in the Changes module match the module name
- Bug Fix: Creating new configuration variables works as expected
- Bug Fix: Login works even if the login banner is not defined (or blank)
- Bug Fix: Addressed logout issue when session expires
- Bug Fix: User is prompted about unsaved changes when navigating away from a form
- Bug Fix: Crumbcake navigation dropdowns dismiss when clicking outside them
- Bug Fix: Crumbcake level links correctly navigate to their target records
- Bug Fix: Minor rendering issues on assets
- Bug Fix: Addressed validation error for assessments
- Bug Fix: Icon close window fixed
- Bug Fix: In evidence locker, delete button is now hidden in readonly mode
- Bug Fix: Addressed logo rendering issue on the Unauthorized page
- Bug Fix: Paging now works on the Tenant list for the global admin account
- Bug Fix: Addressed a date comparison issue in the Incident Response module
- Security: Trimmed access to missed routes based on authorization
- Security: Added route guards preventing the Admin account from accessing other admin pages they should not
- Bug Fix: System Administrator list on the global admin screen can now longer see service account users
- Bug Fix: Addressed edge case error on FedRAMP POAM exports
- Bug Fix: Time Travel count in subsystem menu is now correct
- Bug Fix: Control tests now sort by Test ID providing a better index for sorting
- Improved issue and task validation checks
[5.6.2] - 2023-06-09
Added
- Continuous Monitoring to Supply Chain
- FedRAMP - added FedRAMP System Roles to the SSP and OSCAL export
- FedRAMP - now auto-generates the default system component based on the SSP
- Questionnaires System supports uploading an Excel-based questionnaire
- Added functionality to highlight missing data in exports (currently only available with SAR export)
Changed
- Bug Fix: Comments will now prompt the user to confirm before allowing a delete
- Bug Fix: Addressed issues with assessing requirements using the Lightning Assessment
- Enhancement: You can now dynamically add tests to a Lightning Assessment as part of Continuous Monitoring
- Bug Fix: Calendar option removed from Modules and Features configuration screen
- Bug Fix: Fixed SSO auto-login after logout (now must take an overt action to SSO back in)
- Enhancement: Various improvements to login flow to reduce confusion and improve the UX
- Tech Debt: Removed Datadog monitoring code from SaaS
- Bug Fix: Addressed issue checking LDAP status for the 'admin' break glass account
- Bug Fix: Addressed dual logo rendering on the change password page
- Bug Fix: Fixed error with routing between pages for first time with the
admin
account login - Enhancement: Removed login link since the application auto-redirects the user if not logged in
- Security: QR code now emailed to setup MFA; further protecting the QR code secrets
- Security: Added a prefix for MFA to distinguish between multiple environments (DEV, QA, PROD, etc.)
- Bug Fix: Risks dashboard shows the correct number of open and closed risks
- Bug Fix: Files subsystem shows pagination controls
[5.6.1] - 2023-06-08
Added
- Software inventory feature for hardware assets
- Billing Utilization: Ability to pull daily access logs as an Admin on the Utilization panel
Changed
- Bug Fix: SSO now properly supports new user thin provisioning
- Bug Fix: Fixed validation checks on control implementations with a "Not Applicable" status
- Improved OSCAL SAP/SAR export for FedRAMP
- Security: Improved role checks with JWT tokens throughout user and RBAC service
- Fixed errors in UBI docker image
[5.6.0] - 2023-06-07
Added
- Multi-Factor Authentication (MFA) support for all local accounts using Google Authenticator
- FedRAMP Security: Now recording the date of the last password change
- FedRAMP Security: Now records the date a user account was de-activated
- FedRAMP Security: Re-organized the login experience to hide details and improve the authentication flow
- SSO flag to indicate whether user accounts are externally managed by a 3rd party SSO provider
- Kanban: Now tracks original due dates for tasks and any associated date slides
- Patching: UBI Docker image that has fewer vulnerabilities
- New export experience for transforming compliance artifacts
Changed
- Bug Fix: Selecting multiple options in Value to Search dropdown for advanced search works as designed
- Bug Fix: updated SBOM workflow to work on GitHub runners
- Bug Fix: Fixed legacy link to C2 Labs support email
- Bug Fix: Change password button works as designed
- Improved SAP/SAR exports for OSCAL - now version 1.04 compliant
- Tech Debt: Removed legacy
atlasity
ids throughout the application - Enhancement: Improved Asset endpoint comments for Swagger (getAll, GET, PUT)
- Removed duplicate asset tab on Components
- Enhancement: Improved button layout for integrations in the Admin panel
- Naming convention for Docker images has changed from
regscale:ubi-VERSION
toregscale-ubi:VERSION
as well asregscale-rocky:VERSION
[5.5.0] - 2023-05-31
Added
- Workflow to automatically update the CHANGELOG on ReadMe.io when a new release is created
- Workflow to automatically update the version on ReadMe.io when a new release is created
- FedRAMP: Added security policies to the Admin panel (BETA feature)
- Contingency Planning roles to cyber team responsibilities
- BETA: Added SAR export to Word
Changed
- Bug Fixes: Fixed console errors when loading the Context Viewer
- Bug Fix: OSCAL exporter now works properly on Security Plans
- Bug Fix: Evidence locker now accepts an update frequency of zero
- Bug Fix: Operational SSP key date validation works as designed
- Bug Fix: Continuous Monitoring instructions supports lengthier text
- Bug Fix: Corrected issues on the Home Page dashboard
- Bug Fix: Continuous Monitoring instructions can now handle long text
- Bug Fix: Various improvements to inheritance UI
- Bug Fix: Corrected date validation issues on the SSP
- Tech Debt: Corrected various namespace issues in the controllers
- Enhancement: Evidence locker now displays which controls are already selected
- Enhancement: Evidence locker now allows hitting enter to search v/s having to press the button
- Improved standards support for OAuth configuration of tokens
[5.4.0] - 2023-05-24
Added
- Controls, Issues, Risks, and Assets tabs added to organizers
- Refactored the Lightning Assessment experience within Continuous Monitoring
- Evidence Locker - added fields (Evidence Owner, Update Frequency, and Last Evidence Update)
- Evidence Locker now tracks owner and update frequency requirements - added to the Workbench for accountability tracking
- Evidence Locker - uploading new evidence now automatically updates the Last Evidence Update field
Changed
- Performance: Optimized indexing across modules to improve DB query performance
- Bug Fix: Fixed weird logo rendering when logging in with break glass account
- Re-arranged tabs on Security Plans for ease of data entry
- Bug Fix: SortId added to control implementation filter API
- Bug Fix: YAML upload works as designed
- Bug Fix: Child record drop-down in the crumbcake nav dismisses when the user clicks outside of it
- Bug Fix: Evidence Locker now looks up parent component in addition to parent security plan when doing bulk mapping
- Bug Fix: License check validation improved to do a "soft" cap on users
- Bug Fix: Lightning Assessments now validate that all tests have a valid result before saving
- Bug Fix: Lightning Assessment failed tests now require a gap to be identified
- Bug Fix: Manual assessments now correctly apply a compliance score
- Bug Fix: All fields now correctly set defaults when saving manual assessments
- Bug Fix: Addressed compliance calculation issues with Inherited controls
- GraphQL: Added the Reference table to the graph
[5.3.2] - 2023-05-19
Added
- FedRAMP: Added user logout alert
Changed
- Security: Patched all NUGET libraries for .NET
- Bug Fix: Addressed issue with CLI config API
- Bug Fix: Removed analytics sidebar for GlobalAdmin
- Performance: Optimized SBOM query to find all entries for an asset
- Bug Fix: Improved change detection and fixed errors on several Angular pages
- Bug Fix: Sort ID now properly set for a control on catalog import
- Bug Fix: Classification system paging now works properly
- Bug Fix: Evidence icon now renders properly in light mode
- Bug Fix: Addressed issue with trying to save an objective without selecting an option
[5.3.1] - 2023-05-18
Added
- Asset Cloud Identifiers for AWS, Azure, and GCP
Changed
- Labeling: Security Checklist visualization now says Risks Remediated v/s Risks Mitigated
- Added "Not Reviewed" to Security Checklist status options
- Bug Fix: "Today" button for the date picker works in dark mode
- Enhancement: "Dismiss" text for toast notifications is green
- Bug Fix: Control Implementation now displays correctly when no objectives or parameters
[5.3.0] - 2023-05-17
Added
- Improved UI for Inheritance and Control Mappings
- Added ability to better document controls at the Objective level
Changed
- Security: Performed some API hardening
- Tech Debt: API controller class/files names match endpoints visible in Swagger
- Bug Fix: Child records that are the same type as their parents render correctly in the crumbcake navigation
- Bug Fix: Toast notifications work correctly in the Evidence Mapping Wizard
- Bug Fix: Percent of issues closed on time is correctly computed on the Fix Problems dashboard
- Bug Fix: Save button for editing user profile works properly
- Bug Fix: "Other" status for security plans displays correctly in the status bar
- Bug Fix: Security Plans Dashboard drill-down modals display correctly
- Bug Fix: Security profile mapping renders correctly in dark mode
[5.2.2] - 2023-05-12
Added
- N/A
Changed
- SSO Bug Fix
[5.2.1] - 2023-05-12
Added
- N/A
Changed
- Privacy Impact Assessment (PIA) form streamlined based on customer input
- Bug Fix: Refresh now works properly with the counters on the Evidence Locker
- Buttons and badges are styled consistently
- Fixed styling of the Risk Status Board for dark mode
- Bug Fix: Added null-check before validating the CLI configuration
- Tech Debt: Project and solution files simplified to not compile unused code
[5.2.0] - 2023-05-10
Added
- FedRAMP System Roles added to the Security Plan
- Automation admin panel to allow the CLI configuration to be saved securely in the RegScale database
- Evidence Locker System
- Description (Requirement Text) added to tailored SSP template and parameters replaced in description
- If replaced, parameter is bold; if no parameter exists, parameter tag is highlighted
- Categorization Justification added to tailored SSP template
Changed
- Bug Fix: Fixed issues with usernames that have a capital letter in them
- Bug Fix: Print view for Security Plans shows correct child record counts; also displays spinner when loading security control implementations
- Bug Fix: The status bar has consistent arrow usage and a status indicator for active records
- Bug Fix: Assignment link within emails navigates to the correct URL
- Bug Fix: Usernames are not case-sensitive.
- Bug Fix: Redirecting to a page after login works correctly.
[5.1.2] - 2023-05-05
Added
- New risk scoring fields to the Risk module
Changed
- Renamed all Azure AD labels to OAuth SSO
- Bug Fix: Addressed Red Hat UBI build issue
- Added UPN support for SSO with Azure AD
[5.1.1] - 2023-05-04
Added
- New APIs for querying Supply Chain records
- Categorization justification to the Security Plan module
Changed
- Bug Fix: Fixed chart alignment for iPad
- Bug Fix: Errors when connecting to LDAP
- Big Fix: Pagination works correctly in the Files subsystem
[5.1.0] - 2023-05-03
Added
- Outage Summary field to the Change Management module
- Updated eMASS Software List sheet and mappings
- Control Source and Exclusion Justification to Control Implementations
- Home page sidebar is expandable/collapsable
- Issue Status by Owner and Security Plan and Issue Status by Owner and Component reports have charts; those reports also default to all dates
Changed
- Fixed warning on scope for renewing OAuth tokens
- Bug Fix: Search works properly for Security Control Implementation and Scorecard
- Tech Debt: Eliminated legacy calls to pre-load the old home page
- Bug Fix: Improved chart queries and fixed various errors
- Bug Fix: "Show More" button on the newsfeed is enabled/disabled properly
- Bug Fix: Custom color theme works properly for multi-tenancy
- Bug Fix: Form input left and right padding increased to accommodate scrollbars to prevent focus state border from being cut off
- Bug Fix: Top nav buttons stay present when going from dashboard to any other page
- Bug Fix: Overall status for Component dashboard calculates percentage correctly
- Bug Fix: Users can properly log in after access token expires
- Bug Fix: User Management System correctly shows added roles for a user
- Bug Fix: User Management System correctly shows existing roles for a user
- Big Fix: Drilldown modals from the dashboards show a close button
[5.0.1] - 2023-04-27
Added
- Improved Lightning Assessment formatting for Dark Mode
- Hover effects for My Activity and Notifications icons
Changed
- Bug Fix: Tweaks to home page
- Bug Fix: Technical POC on Exceptions now shows as a required field
- Bug Fix: Corrected problem where issues may not save correctly
- Bug Fix: Removed duplicate export option on SSPs
- Truncated Lightning Assessment scoring
- Removed console.logging on login
- Improved validation for Security Plan FedRAMP Authorization status
- Removed redundant "Close" buttons in modals
- Multiple minor tweaks to Dark Mode formatting
- Bug Fix: Addressed some issues with drilldown on Causal Analysis
[5.0.0] - 2023-04-26
Added
- OAuth Identity Provider Support for Bring Your Own Identity (BYOI) and SSO
- Ability to support sending unauthenticated SMTP email
- Redesigned Home Page
- Dark Mode
- Changed GraphQL timeout to 60 seconds; added Initialize on startup for faster first queries
- Redesigned the Lightning Assessment System
- Added eMASS Hardware and Software list to Security Plans
Changed
- Bug Fix: Organization Manager and Reports modules redirect to the login page if the user isn't authenticated
- Updated logic for eMASS POAMs Export on SSPs to populate the milestone columns when no milestones are associated with the issue
- Bug Fix: Policy Editor now hidden until the record is saved
- Bug Fix: Children of Change Management records now correctly inherit RBAC permissions
- Bug Fix: SecurityPlanId field for Issues is now properly assigned on creation
- Bug Fix: Workflow now allows for formatted content in the comments field
- Bug Fix: You can now create multiple custom fields with the same name if they are in a different tenant
- Multiple enhancements and bug fixes to the security checklists for assets
- Added warning on delay time for the Password Reset token
- Bug Fix: OSCAL SAP & OSCAL SAR exports are available for Continuous Monitoring
- Policy editor enhancements to utilize the Files subsystem for faster loading of large Word documents
- Bug Fix: Ports and protocols now properly map in the SSP export
[4.26.3] - 2023-04-20
Added
- FedRAMP: improved classification markup in OSCAL, added internal/external user counts
- FedRAMP: Added support for Leveraged Authorizations
- Security: Added SHA-256 Hashes to File Uploads
- Vulnerabilities can now be associated with Assets
- Asset Check Visualization
- Improved drilldown into charts along with performance improvements throughout the application
- Security control implementations have two independently scrollable content panes for Control Context and Configuration
Changed
- Bug Fix: Modal dialogs from within the dashboards and crumbcake navigation now dismiss when navigating to the home page, status boards, modules, reports, or notifications.
- Bug Fix: Fixed the SBOM pipeline
- Bug Fix: Fixed issue where eMASS POAMs export was not handling special characters in issue description during export
- Bug Fix: Modal for the file hash in the Files subsystem renders and closes correctly
- Bug Fix: Catalog - FindbyGUID API now works properly
- Bug Fix: RBAC inheritance now works properly throughout the application
- Updated the warning on Control Inheritance (supports external Leveraged Authorizations now)
- Bug Fix: Drilldown for some dashboard charts has been restored
- Bug Fix: Policies can now be properly saved
[4.25.0] - 2023-04-12
Added
- FedRAMP Automation overlays to SSP OSCAL export
- FedRAMP E-Authentication levels to the System Security Plan (SSP)
- FedRAMP Authorization Process flows
- Spinner when loading large Asset SBOM files or when pulling SSP Status Board issues
Changed
- Privacy Impact Assessment (PIA) data is now included in the SSP OSCAL export
- Bug Fix: Exceptions can now be added to issues and risks
- Bug Fix: Control tests now show properly as a Tab on assessments
- Bug Fix: Addressed issue where group manager sometimes would not refresh group name after a change
- Bug Fix: Addressed issue where Add User modal would not launch for a new user in a group
- Bug Fix: Addressed issue where validation message would sometimes be off the page for Privacy Impact Assessment
- Bug Fix: User avatar on side strip now navigate to user profile
- Bug Fix: Generic SSP export updated for edge case issues on export
[4.24.2] - 2023-04-06
Added
- Tenable ID field under integrations for Assets
Changed
- Both the implementation statement and cloud implementation statement are now written to the Implementation Overview of the tailored SSP export
- Bug Fix: Crumbcake navigation modal now closes when clicking on the app logo, My Activity, Notifications, and user profile menu
- Bug Fix: Changes to generic SSP export
[4.24.1] - 2023-04-05
Added
- N/A
Changed
- Bug Fix: Fixed periodic export issue with generic SSP in Word
- Bug Fix: Labels fixed on PIA Module
- Bug Fix: SBOM workflow uses the correct internal URL
- Bug Fix: Gantt charts now show for components
- Replaced Azure AD with OAuth integrations panel
- Provided a more friendly gnome graphic for control assessment failures
[4.24.0] - 2023-04-04
Added
- Privacy Impact Assessment (PIA) Module
- Security checklist queries via GraphQL
- Improved signaling on Gantt charts plus the ability to toggle between Gantt and List Views
- Importing policy templates from Word docs
- Export tailored (generic) SSP in Word format
- Qualys ID field for Assets under Integrations
- APIs for batch creation and update of Security Checklists
Changed
- Bug Fix: Gantt chart visualizations now sort by date and only show open issues
- Improved signaling on the Scorecards for control status
- Bug Fix: FedRAMP POAM export no longer highlights cells non-empty cells
- Bug Fix: Several minor enhancements to the new Change Management module
- Bug Fix: Gantt chart visualizations now sort by date
- Bug Fix: Print view no longer includes icons from left nav
- Bug Fix: Save button is available when creating a new supply chain
- Bug Fix: Compliance visualization modal now properly dismisses
[4.23.0] - 2023-03-29
Added
- Supply Chain Identifiers
- Change Management Module
- Endpoint to validate RegScale token
- CMMC: Added Information Owner role to Teams system and Management Type to Assets
- FedRAMP POAM Export
- FedRAMP Risk Exposure Export
- Asset Owner added to the MegaAPI for Security Plans
- CUI SSP Export in Word format for NIST 800-171 (security plans only)
Changed
- Increased size of toolbar options (e.g., save, delete)
- Bug Fix: Enterprise utilities now properly show/hide based on license
- Bug Fix: FedRAMP CIS/CRM Export - added FedRAMP High Template for Security Plans with a High overall categorization
- Removed TestTimeout API
- Fixed typos on eMASS SAP/SAR template
- Tech Debt: Organized FedRAMP and eMASS template files into better structure
- Added logging for SBOM workflow script
- Bug Fix: Pressing Enter in search no longer toggles form to readonly mode
- Bug Fix: Console errors no longer occur for custom fields
- Bug Fix: Components tab for Assets module now accessible for Asset Users
- Bug Fix: Gantt Chart tab correctly displays for Organizer modules
- Bug Fix: Fixed issue where sometimes a new asset could not be saved
- Increased button spacing on the toolbar to support touchscreens (e.g., iPad)
[4.22.0] - 2023-03-21
Added
- N/A
Changed
- Bug Fix/Tech Debt: Added many missing fields to search and consolidated search field lookup
- Bug Fix: Fixed styling on icons in Threats module
- Bug Fix: Validation messages now show properly in the Threats module
- Bug Fix: Addressed issues on time travel revert
- Bug Fix: Interconnects - fixed IP address validation issues
[4.21.2] - 2023-03-19
Added
- Enhancements to risk form and process flow indicators
Changed
- Bug Fix: Objective/Parameter Order Fixed
[4.21.1] - 2023-03-18
Added
- FedRAMP: Continued improvements to the handling of parameters
Changed
- Bug Fix: Addressed issues with modals
[4.21.0] - 2023-03-15
Added
- FedRAMP: Exported FedRAMP SSP now directly attaches to the file system for download
- Improved the overall Parameter user experience
Changed
- Bug Fix: Removed bad link to old registration form (broken during website migration)
[4.20.2] - 2023-03-09
Added
- FedRAMP: Address and company fields to the user profile
Changed
- Performance: Increased timeout to 5 minutes for long running jobs (i.e. FedRAMP SSP export)
- Performance: Refactored SSP Word export to reduce build times, improved document formatting
[4.20.1] - 2023-03-09
Added
- Assets: Added fields to fully support FedRAMP Inventory workbook
Changed
- Bug Fix: Code behind errors fixed on forms
- Bug Fix: Addressed styling issues on export buttons and added missing export options
- Security: Enhancement for email encryption
- FedRAMP SSP: Added more logging, interconnections, ports and protocols
[4.20.0] - 2023-03-08
Added
- New Home Page navigation bar on side panel and discrete routes for dashboard analytics
- New toolbar added to forms, utility UI consolidated into new design
- Tenant Id added to the JWT providing for more efficient API calls
- Security: Added support for TLS 1.2 for sending email using FIPS approved services
- Improved error handling and logging for all form saves/updates
- Fine grained access control per API call to accomodate Read Only use cases
- FedRAMP: Detailed logging to Mega API and FedRAMP exports to help troubleshoot environmental issues
- eMASS: SAP/SAR Export
Changed
- Bug Fix: Fixed bug showing option to create child security controls directly under security plans (forces through Builders)
- Security: Now refreshes the server side user cache after any change to a user role
- Bug Fix: Improved formatting on Personal Access Token
- Bug Fix: Formatting on Security Plan print improved
- Bug Fix: Addressed issue where sometimes RBAC editing would not be properly enabled
- Bug Fix: Addressed issues with readonly permissions throughout the application
- Bug Fix: Import catalogue parameter UUID if it exists when importing catalogues
- Performance: Fixed slow loading speed with large numbers of security controls
- CSS: Fixed deprecated style tags
- Enhancement: Ports and protocols data added to Interconnects in the MegaAPI
- Enhancement: Display catalogue date imported
- Enhancement: Import catalogue parameter default if it exists when importing catalogues
- Security: Container patching for Linux Alpine image
- Bug Fix: Addressed periodic date rendering issues throughout the application
- Improved completeness of FedRAMP SSP export
- Fixed rendering issues on Status Board spacing
- Bug Fix: Fixed import issues on UUID and default parameter values
[4.19.1] - 2023-03-03
Added
- Theming system selecting custom colors throughout the application
- Longer timeouts for doing FedRAMP exports to accomodate large jobs
Changed
- Bug Fix: Interconnects can now be created under Security Plans
- Scorecard now defaults to using the SortId field for ordering controls
- Bug Fix: Sort ID now used by default in profile mappings
[4.19.0] - 2023-03-01
Added
- Improved formatting of Catalog print page along with adding more information (parameters, objectives, and tests)
- Digitized the FedRAMP Low, Moderate, and High catalogs using FedRAMP resolved catalogs
- Additional filtering options to the scorecard controls (customer responsibility)
- Added rollup by control family to the Scorecard visualization
- Built out additional FedRAMP and eMASS automated exports
Changed
- Security: Red Hat UBI and Rocky Linux patching
- Catalog print now sorts by "sort-id"
- Security: Improved validation of user data when creating a new user
- Improved data validation in all back end controllers
- Improved export file names to include object title, module, and RegScale record ID
- Added indentation to the downloaded catalogues (JSON)
[4.18.2] - 2023-02-24
Added
- N/A
Changed
- Bug Fix: Corrected issue where sometimes eMASS exports can become corrupted in Excel files
- Bug Fix: Improved validation and error handling for FedRAMP exports
[4.18.1] - 2023-02-22
Added
- Cloud implementation field for Control Implementations - supports Hybrid cloud use cases
- Security Checks capability to Assets
- Parameters on security controls can now accept default values
- Support for eMASS POAM export
Changed
- Bug Fix: Fixed typo Security Plan Cloud tab
- Bug Fix: Options now refreshes objectives when a new one is created
- Bug Fix: Periodic issues with corrupting Word exports
- Tweaked CI/CD pipeline files and added GitHub templates
- Security: Fixed an issue related to Azure AD SSO deactivation
- Security: Last login now properly stored for SSO users
[4.18.0] - 2023-02-21
Added
- STIG fields to issues (Security Checks and Recommended Actions)
- Cloud fields added to SSP metadata to support FedRAMP
- FedRAMP fields added to Interconnect module
- Dynamic Policy Authoring Capability
- CMMC Enhancements - loaded 800-171A objectives and tests to the catalog
- Support for Australian ISM catalog (leveraging our OSCAL importer)
- Control status strip to the Scorecard
- Mega-API - added Teams and References
Changed
- Bug Fix: Addressed alignment issues in the compliance visualizer
- Bug Fix: Addressed issue where sometimes the vertical scrollbar on the page would not reach the last field
- Bug Fix: Close button now works properly on lightning assessments
- Bug Fix: Improved status coloring in the compliance cockpit
- Bug Fix: Creating components from SSPs now works properly
- Bug Fix: Security controls can now be edited without errors
- NPM security patching
- Refactored and consolidated the Continuous Monitoring experience in the application
- Rearranged the control implementation form to streamline data entry and intelligently render the UI based on objectives and parameters being available
[4.17.0] - 2023-02-15
Added
- API support in Readme.io with example code for testing API code in 20+ languages
- Control Context Viewer
- Interconnect information is now returned as part of the SecurityPlan Mega-API
- FedRAMP Preparation fields and tab to the Security Plans module
- Components and SSP Evidence reports
Changed
- Bug Fix: You can now properly search within Explorer list view tables
- Security: Patching of all NUGET packages for .NET
- Objectives now show parameters values for control implementations
- Bug Fix: OSCAL SSP now properly exports all control implementation data
- Improved layout and token explanation on the user profile page
- Simplified "My Profile" side panel text and display
- Added sorting and indexing to improve control display and retrieval
[4.16.1] - 2023-02-09
Added
- N/A
Changed
- Hot Fix: Issue page loading (missing migration)
[4.16.0] - 2023-02-08
Added
- Crumb Cake Navigation
- Added SortId to Security Controls (allows for custom sorting algorithms for catalogs such as NIST)
- Adverse Condition reporting to Issues Module
- Added ability to import and export Classification Types (published 800-60 options on the website)
- Continuous Monitoring records now have an editable form for metadata
- Ports and protocols to FedRAMP SSP Export
Changed
- Moved up Risk Dashboard toggle button
- Bug Fix: Duplicate components can no longer be added for an asset
- Bug Fix: Security Controls paging now works correctly in list views
- Bug Fix: Add New user button now works correctly
- Group names are now editable
- Tech Debt: Refactored group service and improved security
- Bug Fix: Fixed issue with loading Categorization profiles
- Bug Fix: Improved validation for creating implementation options on a security control
[4.15.1] - 2023-02-03
Added
- Control Owner added to Security Plan Mega API
- Improvements to subsystem intra-system navigation
- Support for linking issues to Microsoft Defender for Cloud
- Pagination to Classified Record Subsystem
- Added risk and issue drilldown to the Status Boards
Changed
- Tech Debt: Angular 15 upgrade along with multiple NPM package updates, security patching
- Bug Fix: Fixed issue where sometimes the spinner would not load or dismiss
- Bug Fix: Fixed periodic rendering issues with the Time Travel system
- Bug Fix: Removed Date Created column on Service Account queries
- Bug Fix: Back arrow now works on navigation strip for control implementations
- Bug Fix: FedRAMP and eMASS exports now only show on the appropriate modules
- Bug Fix: Security Plan print and Transformer now working properly
- Bug Fix: Paging now works properly on Classification
- Bug Fix: References field now properly displays on Security Controls
[4.15.0] - 2023-02-02
Added
- Support for Rocky Linux containers
- FedRAMP Export to Word SSP (BETA)
- "Archived" as a status for Control Implementations
- Unified Subsystem UI for easier navigation between systems
Changed
- Bug Fix: Fixed issues exporting OSCAL related to Time Travel
- Bug Fix: Added server side validation to the license key
- Bug Fix: Risk tabs now show the correct related modules
- Bug Fix: All related tabs now properly check for duplicates
- Bug Fix: All related tabs have been refactored to work with the Read Only toggle
- Security: Disabled password reset and password change for AD/LDAP users
- Implementation options are now set at the control level v/s the objective level
- Security: Removed Bearer token from the UI, no longer displays
- Bug Fix: Pagination now works properly with multiple grids on the same page
- Bug Fix: Fixed edge cases where Time Travel was not rendering properly
[4.14.0] - 2023-01-25
Added
- New Inheritance Engine supporting many to many architecture
Changed
- Bug Fix: Charts now format properly on the security plan print form
- Bug Fix: Recurrence engine now works properly for assessments
- Bug Fix: My Activity now formats and pulls data correctly
- Bug Fix: Expiration date now displays properly for Interconnects
- Bug Fix: Components mapping now shows valid security plans in the picklist
- Bug Fix: Lineage tab now properly pulls all Inheritance data
- Bug Fix: History system now properly records all view events
- Enhancement: Improved documentation linking system
- Enhancement: Explorer is now more resilient to data issues and renders properly
[4.13.0] - 2023-01-18
Added
- OSCAL - supports "by-component" markings on SSP controls now
- Refresh button for notifications
- Upgraded all .NET Core SDK and Nuget packages to .NET 7
- Completed major UI redesign
- Refactored forms and list views to reduce duplicate code and improve quality
- Added server side auditing to all records in RegScale
- Added support for Azure Key Vault for SaaS secrets
- Added higher performance Role Based Access Control (RBAC) on the server side
- Added Properties subsystem
- Added stricter validation to server side for ParentId and ParentModule to support API integrations
- Added method for purging logs (used by the CLI) and improved indexing on Log queries
- Expanded Exceptions module - added Technical POC, Risk Analysis, and Mitigations to the form
- Read-only views for all modules; ability to toggle into Edit view
- Expanded response plan fields/data in support of the Incident Response module
- New References system to support FedRAMP use cases
- Security Plans - added Purpose and Conditions of Approval
- New risk fields to support automated FedRAMP exports
- New threat fields to support automated FedRAMP exports
- FedRAMP methodology fields to Continuous Monitoring
- Significantly expanded the assessment module to support larger scale audit needs
- Team system for tracking teams and points of contacts for various applicable modules
- Milestone system added for tracking key dates on projects, assessments, issues, etc.
- Conditions system added for tracking assumptions, deviations, and constraints
- GraphQL system for dynamic data querying
- Tools system added for conducting assessments with automation (supports FedRAMP)
Changed
- Bug Fix: Modals on reports are now formatted properly
- Bug Fix: Catalogs no longer duplicate subsystems in the JSON export (50% file size reduction)
- Updated End User License Agreements (Enterprise and Community)
- Transformer feature is now hidden when no mappings exist
- Bug Fix: Transformer modal for mapping now properly maintains state, eliminated duplicate code
- Bug Fix: Transformer now properly renders on the Security Plan printable form
- Modal styling improved throughout the app
- Bug Fix: Risk Assessment Wizard now properly resets all fields when creating new
- Bug Fix: Component Mappings now checks for duplicates
- Bug Fix: Improved validation for the assessment result
- Bug Fix: Relationship modal issues are now fixed
- Bug Fix: Database seeding now properly timestamps tenant creation
- Bug Fix: Incident module now appropriately disables in the App menu without role
- Removed subscription/poller that updated notifications to improve application performance
- Removed support for Windows container builds, now Linux only
- Bug Fix: Fixed security setting blocking Azure AD SSO popup window
- Improved alert system styling while adding ability to dismiss
- Multiple performance optimizations for list views
- Bug Fix: Control Implementation API - QuickUpdate now works in Swagger
- Bug Fix: RBAC checks now enforced on Delete operations
- Dramatically improved performance for cascade delete operations
- Bug Fix: Improved the ability to delete (cascading) records throughout the system with higher efficiency
- Refactored print services for better quality of reporting
- Bug Fix: Fixed multiple errors with missing/incorrect links in emails
- Optimized dashboard rendering and toggling between years
- Expanded responsibility list for controls to meet FedRAMP requirements
- Cutover links to new documentation system at README.io
- Added warning when creating custom fields that they cannot be deleted
- Redesigned dashboard UI
- Improved performance of backend calls to minimize network traffic
- Security patching and upgrades of all .NET Nuget and NPM packages to the latest versions
- Updated process for publishing Helm charts
- Improved build times for CI/CD pipeline, cleaned up legacy code
- Improved logging and checks for startup environment variables
[4.12.2] - 2022-11-29
Added
- N/A
Changed
- Hot Fix: SSO login fix
[4.12.1] - 2022-11-11
Added
- Improve Azure Object storage support
- SBOM generation added to CI/CD pipeline
Changed
- Removed all legacy Sentry.io monitoring code (using Datadog for SaaS)
- Bug Fix: Resolved security control preventing OSCAL download
- Removed OSCAL validation from RegScale code, now done by CLI
- Updated Kubernetes managed service installation instructions
- Bug Fix: Causal analysis now displays properly in the Explorer
- Security: Patching of NPM vulnerabilities (fixed critical)
[4.12.0] - 2022-11-02
Added
- Added support for Microsoft Defender via CLI/APIs
- Software Inventory Tracking
- Many additional fields for asset tracking
- Added support Azure blob/object storage
- Added Datadog Application Performance Monitoring (APM) for SaaS
- API for filtering issues by integration type
- Added support for Software Bill of Materials (SBOM)
- PrettyJSON print functionality with dark mode
- Security.txt record for security researchers to contact RegScale for vulnerabilities (https://securitytxt.org/)
Changed
- Patched Kendo libraries, Angular, TypeScript, and other libraries
- Bug Fix: Fixed catalog spinner not disappearing when import is completed
- Security: restricted sensitive API calls
- Security: Enabled Content-Security-Policy
- Tech Debt: Stored CSS files locally to prevent need for internet access
- Removed Google Maps feature - now supported via external Business Intelligence reporting
- Refactored System Configuration UI
- Bug Fix: corrected issue where Tenant ID may not be properly set for a new user in a tenant
- Security: added server side checking for User Profile edits to prevent account spoofing
- Security: comment metadata is now set server side
- Security: Limited LDAP logging to avoid exposing sensitive information
- Performance: Improved indexing for returning logs in the admin panel
[4.11.0] - 2022-10-22
Added
- Increased logic, cascading, and logging for deleting security plans
- New APIs to support the Reminder CLI
- OSCAL: SSP Export upgraded to support 1.0.4 version
- OSCAL: Added support for exporting inventory
- OSCAL: Now exports all SSP properties
- OSCAL: Comments are now exported as remarks
- OSCAL: Attachments and links are now exported as links
- OSCAL: Objectives are now exported as statements
- OSCAL: Added generic method to export all properties of an object in OSCAL format, enriched data in the export
- OSCAL: Added specific validators to prevent errors in the export
Changed
- License check is now performed pre-login
- Bug Fix: Fixed legacy Atlasity tag on email notifications
- Improved performance of bulk deletes on subsystem records
- Bug Fix: Security profile importer now has the correct label
- Bug Fix: Categorization no longer shows the toolbar options (print, email, etc.)
- Security Patching: Nuget and NPM
[4.10.1] - 2022-10-16
Added
- N/A
Changed
- Bug Fix: Routing for risk assessment wizard
- Bug Fix: Parent linkage for risk assessment wizard
- Enhancement: Improved risks assessment UI when no controls are available
[4.10.0] - 2022-10-15
Added
- Risk Assessment Wizard
- Reminder APIs to support the CLI
- OSCAL Version 1.0.4 enriched for SSP model
Changed
- Patched Telerik libraries with latest upgrades and bug fixes.
- Added timer and progress spinner to catalog upload (useful for long uploads (i.e. for 800-53))
- Bug Fix: properly redirects after login
- Security: Password reset must always be done server side now.
[4.9.2] - 2022-10-02
Added
- Billing/Utilization system
- Improved error handling for file uploads
- Task reporting
Changed
- Added way to revert inherited controls back to a default status if done by mistake
- Archived controls can now be found when looking up a control implementation's parent security control
- Time Travel system now removes HTML tags and properly formats text for display to the user
- Bug Fix: Kanban now properly resets status when moving from "Closed" to "In Progress"
- Group list is now sorted alphabetically and permissions were relaxed for READ operations
- Workflow: Selecting a workflow now auto-closes the modal in the subsystem
[4.9.1] - 2022-09-26
Added
- New assessment reporting
Changed
- Bug Fix: Password buttons are now hidden for AD/LDAP users
- Bug Fix: Filter tasks now works properly on the list view
[4.9.0] - 2022-09-25
Added
- Access Logs added to User Admin Panel
- AD/LDAP Distinguished Name is now inferred v/s explicitly set on login (supporting a wider variety of configurations)
- Centralized Avatar component used throughout the application
- Security Plan Mega API to pull all details and pre-format for processing
- Additional details now print on the Security Plan:
- Objectives
- Parameters
- Attachments
- Comments
- Links
Changed
- Added ID tags to all home page elements to support automated E2E testing
- Added default alert if a user logs in without any roles assigned
- Bug Fix: Tweaked alerts for creating System Admininstrator in the Admin Panel
[4.8.3] - 2022-09-22
Added
- Password complexity component to centralize business logic
- New multi-tenant management experience
- Distinguished Name field for customizing AD/LDAP sync functionality
Changed
- Bug Fix: Tenant manager now redirects properly to the Admin form for new tenant setup
- Improved formatting/spacing for license info
[4.8.2] - 2022-09-19
Added
- Now able to enable/disable the email feature in RegScale
- Copy component - for easily copying and pasting info to the clipboard
Changed
- Improved error handling for detecting invalid or malformed JSON uploads for a catalog or profile
- Bug Fix: Now prevent Chrome autofills on Email form
- Security Enhancement: All email now requires authorization to send
- Bug Fix: Catalogs now correctly set the UUID
- Enhancement: Added fallback to try and find a control by ID when importing a profile (more resilient)
[4.8.1] - 2022-09-12
Added
- Ports and Protocols tab to Interconnects
- Increased SQL Timeout for Long Running Jobs
- Ability to edit links
- Refactored security plan print to pull more data
Changed
- Bug Fix: Fixed minor formatting issues on Look Ahead and New Form Cockpit
- Minor color and styling tweaks throughout the application for issues
- Enhancements: Inheritance now only displays security plans for selection with one or more inheritable controls
- Mnor improvements to fonts/styling throughout the application
- Bug Fix: Continuous Monitoring now logs properly to history
- Bug Fix: Login "admin" check is no longer case sensitive
- Tenant form now defaults to the User view in the IAM panel
[4.8.0] - 2022-09-05
Added
- Support for Exporting/Importing Profiles via OSCAL in RegScale
- Redesigned Master Assessment/Continuous Monitoring System
- Improved UX for managing Users
- Gantt Chart - now supports toggling for a List View
- Added new risk fields - Title/Unique ID and Risk Tier
- API for retrieving license info (used by RegScale-CLI)
- Login now captures history of logins by users
- Added a guided/interactive walkthrough for Admins to setup RegScale
- Added a Setup panel for Admins to guide progress for initial system setup
- Refactored catalog upload to be more performant and resilient for large catalogs (i.e. 800-53)
- Spinner added to Logs page when looking through large amounts of data
- AD/LDAP Sync now shows directory attributes to assist in mapping, refactored and improved UX
- Added ability to deactive/delete all AD/LDAP users for the Global Admin account
- Lightning assessments now prompt you to create tests if none exist
Changed
- Bug Fix: RMF mapping features are now properly locked to enterprise
- Bug Fix: Service accounts no longer show in the User Role assignment list
- Bug Fix: Bulk editing security controls now works properly
- Bug Fix: Inherited controls now properly show in the wizard for security plans
- Bug Fix: Added try/loopback logic on catalogs (avoids intermittent network errors on very large catalog uploads)
- Bug Fix: Master catalogs are now locked to Enterprise Edition
- Bug Fix: Mapping conversion panel now dismisses the modal
- Bug Fix: Notifications can now be properly disabled in the Admin panel
- Bug Fix: Modal for AD/LDAP sync now renders properly
- Bug Fix: Tested and fixed all catalog import/exports
- Bug Fix: OSCAL Profile exports now work properly
- Consolidated all export functionality to simplify code
- Added Excel export option to tables in reports
- Improved design of headers within the Admin panels
- Components can now use the Continuous Monitoring feature
[4.7.2] - 2022-08-28
Added
- Admins now have the ability to manually change a user's password
Changed
- Bug Fix: AD/LDAP sync now properly shows/hides based on enabling/disabling the feature
- Bug Fix: Administrators can no longer change other user's profile pictures
- Bug Fix: Several options for configuration now properly disabled for the Global Admin account
- Bug Fix: Categorization header on the modal now formats properly
[4.7.1] - 2022-08-24
Added
- N/A
Changed
- Inheritance engine now only allows inheritance of Security Plan controls that are flagged as inheritable
- Bug Fix: Navigation panel now properly pulls the correct controls in all situations
[4.7.0] - 2022-08-23
Added
- Inheritance Engine
- Lineage Tab now shows inheritance info
Changed
- User ID is now copyable to the clipboard on the User Profile
- Replaced Bootstrap Modals with Angular Material
- Multiple minor enhancements to reporting
- Fixed bug with strange characters sometimes showing in Kendo UI
- Added CISA KEV as a Threat Type
- Bug Fix: Project builder now properly links to profiles
- Bug Fix: CMMC fields now properly show/hide
- Bug Fix: Fixed periodic errors fetching a user ID
[4.6.1] - 2022-08-12
Added
- Ability to delete Custom Reports on List Views
- Added multiple new reports for Issues/POAMs
- Added support for Red Hat Universal Base Image (UBI) containers for RegScale
- Added support for publishing RegScale containers to Amazon Container Registry
- Redesigned Look Ahead system on the main dashboard
- Added Azure Sentinel SIEM/SOAR monitoring for managed service customers
Changed
- Issue Report by Date Range - can now show/hide details
- Refactored list views to remove unnecessary services
- Bug Fix: Drilldown for assessments, issues, and risks on the Status Boards now pulls all data regardless of what level it is stored
- Bug Fix: Categorizations can now be properly exported
- Refactored reports based on customer feedback, added minor new features
[4.6.0] - 2022-08-02
Added
- Categorization Engine MVP
- News Feed Redesign for the Main Dashboard
- eMASS Exports
Changed
- Added custom icons for the modules in the navigation menu
- Added missing module toggles for Components and Catalogues
- License check now trims whitespace to avoid copy/paste errors
- Bug Fix: Fixed issue with non-OSCAL naming convention not showing objectives
- Bug Fix: Made "Name" a database required field for Security Profiles
- Bug Fix: Icons now load correctly without a 3rd party pre-loading NPM package
- Bug Fix: Assessment charts now render correctly on list views
- Bug Fix: Supply Chain Status Board - chart rendering issue
- Bug Fix: Replatformed icons to remove NPM package and work with Angular 14
- Bug Fix: Fixed search on Requirements Navigation Bar
[4.5.1] - 2022-07-07
Added
- Improved Control Status visualization across Status Boards and Scorecard
- Ability to describe the mitigation type for a control for a risk (Key Control or Compensating Control)
- Master Assessment now allows the user to select specific controls to assess in support of continuous monitoring programs
- Status Boards now pull deep-linked issues and risks for a more complete compliance picture (matching the Scorecards)
- Optimized startup file configuration
- MVP of Risk Status Board
Changed
- Fixed coloring on Status Board aggregate view for control status
- Bug Fix: Security controls can now be edited
- Bug Fix: Wrapped Serilog in try/catch to ensure it doesn't block new installation startup
- Renamed Master Assessments to Continuous Monitoring
- Refactored status board logic to be more efficiently rendered, multiple minor bug fixes
- Consolidated SSP and Component status boards into one
- Consolidated compliance scoring for status boards and score cards
- Master Assessments now can be scheduled for components
- Added Draft as a Risk status
- Added Validation to do NULL checks on strings
[4.4.4] - 2022-06-22
Added
- Now supports dynamic OSCAL content authoriing for objectives and parameters
- Parameters now inherit from their parent catalog
- Added advanced logging support via Serilog
- Added support for parsing and dynamically updating OSCAL parameters in the control implementation module
- Added SignalR for real-time communications on notifications (removed polling)
- Added Route Titles in Angular
- Addded Logs tab to the Admin panel to improve Customer Support experience
- Added notification toast when classification options are saved/removed
- Added a new "toast" system for notifications using Angular Material
- Deep linking to Jira tickets for Issues/POAMs
- Component name now shows on control implementation list view
- Database rearchitecture in Entity Framework to allow multiple database support
- ServiceNow integration
- "Inherited" option for a Control Implementation status
Changed
- Bug Fix: Page now refreshes after editing license key
- Username and password are now trimmed of whitespace to avoid paste errors
- System service-account no longer shows in the user list
- Fixed CSS on user role tables
- Bug Fix: can now create a component from a SSP
- Implemented AsNoTracking on all read queries to improve query performance against the database
- Removed legacy logging system
- Removed blank status option for Requirements
- Bug Fix: Controls can no longer be added as children to Assets (only to their parent Components)
- Suppressed false errors on Angular build
- Removed legacy Jira code (now bulk processes in CLI)
- Refactored to fix FirstOrDefault inconsistency bug
- Assessment buttons now intelligently show/hide based on the state of the form (isDirty)
- Fixed critical alerts from Sonarqube
- Security Plan Status Board now properly reflects all status options for a Control
- Bug Fix: Progress calculation on control navigation strip now excludes NA and Inherited from total
[4.3.0] - 2022-06-05
Added
- Deep linking for Wiz.io issues in RegScale
- Enhanced container error logging for LDAP issues
- Control navigation bar in the Control Implementation and Requirements forms
- New Assessment and Naviations System UX for Controls/Requirements
- Added support for AWS Simple Email Service (SES)
- Added mouse hover effect for Status Board links
- Angular 14 upgrade
- Ugraded CI/CD deployment process - removed legacy pipeline files
- ServiceNow Integration for Incidents
Changed
- Improved signaling for Volpe integration (better handles errors on Volpe side)
- Improved threat data validation
- Security Plan Print - now shows additional parent control fields
- Security hardening, patching, and remediation from penetration tests
- Added a spinner to the Password Reset to visualize progress
- Bug Fix: Multiple drilldown issues fixed on Status Boards
- Bug Fix: Component to Asset mapping is now fully bi-directional
- Security: All Nuget .NET packages patched and updated
- Removed legacy/inefficient AI code
- Security: NPM upgrades/patching of packages
- Caching bug fixes on tenant form
- Bug Fix: Data Call - fixed missing toasts
- Bug Fix: Security Controls - Control ID is now sortable
[4.2.0] - 2022-05-30
Added
- Deep linking URLs to support SSO use cases
- eMASS fields added to the risk form
- Risks and Issues can now be tightly related for improved risk modeling
- Risks and Incidents can now be tightly related for improved risk modeling
- Risks and Threats can now be tightly related for improved risk modeling
- Modules now have a label tag in the Compliance Cockpit for ease of module identification
- Threats - now have a "Date Resolved" field
- Compliance cockpit now has a tooltip showing the full title for longer length titles
Changed
- Bug Fix: Interconnects modules now display correctly
- Interconnect form - conditionally shows red asterisks for date fields
- Security Plan form - conditionally shows red asterisks for date fields
- Risk from - conditionally shows red asterisks for date fields
- Security - Password reset token can now be used only once (formerly were good for 24 hours - now will expire in 24 hours or upon first use)
- Enhanced formatting of Compliance Cockpit
- Added a tooltip to Transformer to explain "Master" catalog
- Incidents module now has a new Forensic tab
- Threat module has a new Analysis and Mitigations tab
- Risks - "Mitigation Effectiveness" is now a required field
[4.1.2] - 2022-05-26
Added
- N/A
Changed
- Bug Fix: Objective options now save and refresh correctly
- Bug Fix: Avatars now can be changed without refreshing the page
[4.1.1] - 2022-05-25
Added
- Enhancements to Issue Reporting
Changed
- Bug Fix: Report page renders properly
- Bug Fix: SPRS drilldown on View link
[4.1.0] - 2022-05-23
Added
- Enhancements to Toast System
- Enhanced Custom Field validation
- Assets can now be mapped to many components
- Components can now be created stand-alone (not required to be a child of a security plan)
- Components can now be mapped to many security plans
- Can now load default tests from the catalog into control implementation tests (templates from the catalog to feed Lightning Assessments)
- Added spinners when building artifacts using the Builder Wizards to show progress
- Objectives tab on control implementations now shows/hides based on parent catalog
- New top navigation system to better organize modules
- Unit testing framework to support automated testing
- Wiz integration for Assets
- Report - Issues by Time Range - query and see status of closing issues/POAMs due in a given time range, grouped by issue owner
- Explorer now shows the Level flag for better visual indication of the tiering
- Added logging and spinners to better show progress when importing and deleting catalogs
Changed
- Bug Fix: Can now add Assets to Components
- Bug Fix: Asset mapping APIs are no longer hidden
- Profile mapping engine now shows IDs of the parent catalogue
- Bug Fix: Fixed intermittent bugs on Component and Project Builder Wizards
- Refactored assessment services for performance optimization
- Bug Fix: Fixed naming convention on Excel download files
- Trivy was added to the container build as a second vulnerability scanner for defense in depth
- Startup file was refactored to be more efficient on launching the application
- Improved logging to detect intermittent upload errors with catalogs
- Bug Fix: Avatars render properly on user admin forms
- Bug Fix: Added null check for custom fields on security control form
- Bug Fix: Subsystems now show properly on security control forms
- Bug Fix: Catalog export now excludes archived controls
[4.0.3] - 2022-05-11
Added
- N/A
Changed
- Bug Fix: Removed Avatars on Excel downloads
- Bug Fix: Improved error handling for catalog uploads
- Bug Fix: Corrected intermittent issues with custom fields
[4.0.2] - 2022-05-10
Added
- N/A
Changed
- Fixed POAM tab not showing
- Improved RBAC logging for access control issues
[4.0.1] - 2022-05-09
Added
- N/A
Changed
- Improved hide/close button on builders (always shows)
- Questionnaires now have a BETA tag
- Cleaned up legacy Print, Email, and Export code
- Bug Fix: Errors on Project Builder
- Build optimizations on backend
- Supply Chain tables now sort correctly by Title
- Create New stakeholder button now shows/hides when displaying the data entry form
- Updated SPRS Report CMMC Links
- Password confirmation now supports additional special characters
- OSCAL download now working correctly
- Bug Fix: Fixed error where numbers were sometimes converted to dates by the Time Travel system
[4.0.0] - 2022-05-08
Added
- Redesign of the Compliance Cockpit and RegScale form system
- NGRX for client side caching and extreme front-end performance improvements
- Updated Support Links to the new RegScale Hubspot system
- Component Builder
Changed
- Refactored all Builder code
- QA: Added validation to Supply Chain cost fields (contract value, funded amount, and actual costs)
- Reordered case management form to be more logical for data entry
- Fixed user button label
- Various minor bug fixes from Sonarqube
- Section 508 improvements
- Minor bug fixes and enhancements throughout the application
- Updated and improved icons and styling
- Date check bug fixes throughout the forms
[3.13.0] - 2022-04-25
Added
- Catalog import/export now include child tables
- API to retrieve a specific service account
- API to rename a system security plan
- Integrations for Security Plans with Wiz Projects, ServiceNow Assignment Groups, Jira Projects, and Tenable Asset Groups
Changed
- Bug Fix: Printable version of control implementation now works
- Updated verbiage in the Time Travel system
- Control tests can now be batch created
- Scorecards are now properly locked to Enterprise Edition customers
- CSS: Explorer now shows link cursor for child items
- Rebased to master to pickup CI/CD changes
- Bug Fix: Transformer mappings now work properly on the security plan print form
[3.12.0] - 2022-04-20
Added
- Added ability to exclude components from SPRS report
- Added account lockout features (5 bad passwords disables the account)
- Added a Close button for the Explorer modal
Changed
- Bug Fix: Subsystems now show correctly on control implementation form
- Bug Fix: Prevented API calls that were throwing errors when unauthenticated
- Bug Fix: Can now delete tasks from the Kanban board
- Bug Fix: Control Implementations now render properly for emails
- Bug Fix: Added validation for Draft issue status
- Bug Fix: Security Plan Print now works properly
[3.11.1] - 2022-04-19
Added
- N/A
Changed
- Hot Fix: License count now calculates correctly on login
[3.11.0] - 2022-04-18
Added
- SPRS Rollup Report available for NIST 800-171 (rolls up score for SSP and all child components)
- Control Implementation - Navigation buttons now check for changes before allowing navigation away from the page (Next and Previous buttons)
- Added Mediatr pattern for improved testability of C# code
- Catalog Import/Export now processes child records of the security control (objectives, parameters, tests, CCIs)
Changed
- Bug Fix: Fixed View Model for Control Implementations - dramatically reduced data query size
- Controller optimization for improved API performance at scale
- Bug Fix: Gantt chart queries now execute exponentially faster
- Bug Fix: Gantt chart hidden for new records
- Bug Fix: License key generator fixed after Node.js patch
- Bug Fix: System configuration now listens for license key changes and updates after saving
[3.10.0] - 2022-04-13
Added
- Added support for DISA CCIs to support STIG scanners
- Added support for classification banners in the header/footer of the application
Changed
- Bug Fix: Licensed user count no longer counts deactivated users
- Exceeding licensed user count no longer prevents login, just throws a warning
[3.9.0] - 2022-04-10
Added
- Added Cancel button when editing RegScale system configuration
- Added Parts to Objectives to support OSCAL modeling
- Added Parameter Types to Security Controls (extension to OSCAL for improved automation)
- Added Parent Parameter to Control Implementation parameters (allowing inheritance from a catalog's parameters to better align with OSCAL)
- Added API to retrieve all Objectives for a given catalog
Changed
- Bug Fix: Corrected issue with generating new license keys after patching CryptoES
- Bug Fix: "Other ID" on Control Objective is no longer required
- Bug Fix: Removed datetime checks on required fields in C#, removed compiler warnings
- Bug Fix: Fixed loop logic in ApplyProfile C# API
- Bug Fix: Security Control subsystems now listen for changes when navigating
- Improved formatting and labeling of security control objectives
[3.8.0] - 2022-04-06
Added
- API for applying Security Profiles via API
- Extended Issues/POAMs module to support all FedRAMP fields
- Added support for the CISO Known Vulnerability Exploits feed
Changed
- Bug Fix: Inheritance of objectives on the SPRS report is fixed
[3.7.4] - 2022-04-04
Added
- N/A
Changed
- Security Plans now hide Gantt Chart and Ports/Protocol tabs until the record is saved
- Refactored security plan builder to work more efficiently and consistently, removed redundant code
- Builders: View profile links now work properly and open in a new tab
- Builders: Now close consistently after clicking finish
- Added server side validation for Case management status/date resolved
[3.7.3] - 2022-04-02
Added
- N/A
Changed
- Bug Fix: Control implementations now search properly in the Relationship module
- Bug Fix: Multiple enhancements to the SPRS report
[3.7.2] - 2022-03-30
Added
- Security - forced patching of the base image prior to initial build
Changed
- Minor bug fixes to builders
- Changing an Implementation Option now changes the status of all related Objective option selections
- Bug Fix: Component Statusboard now pulls issues from all levels
- Tweaked CI/CD build and release files
- Minor Sonarqube bug fixes
[3.7.0] - 2022-03-28
Added
- New UX for builders for:
- Policies
- Security Plans
- Supply Chain
- Projects
- Added Sonarqube Cloud source code scanning
- Added additional fields to the user object:
- ExternalId - for syncing with external accounts (i.e. Active Directory)
- DateCreated
- LastLoginDate
- Read-Only Flag
- Improved User Experience for Scorecard
Changed
- Cleaned up CI/CD pipeline files
- Added API to pull a simple list of user accounts (with no sensitive data)
- Removed legacy Cypress testing to reduce file size of the build
- Added API to support bulk syncing of Azure AD groups
[3.6.2] - 2022-03-16
Added
- Views can now be toggled between SSP and Component on the SPRS Report for NIST 800-171
Changed
- Toggle now available to show objectives in a printable form for each control on the SPRS Report for NIST 800-171
[3.6.1] - 2022-03-14
Added
- SPRS Report - bug fixes and added logging to show missing objectives
Changed
- Created View/Create models to simplify the APIs for creating and updating Profile Mappings
- Bug Fixes: Minor tweaks to Component Dashboards and Gantt charts
- Bug Fixes: Profile mapping not showing in the API list
[3.6.0] - 2022-03-10
Added
- Subsystem redesign of the UX
- New SPRS scoring report for NIST 800-171
- Categorization functionality to RegScale to better support control selection for overlays
- Issue Gantt chart functionality for visualizing issues/corrective actions
- Component Dashboard
Changed
- Bug Fix: Fixed security plan builder issue where some controls improperly showed redundant
- Bug Fix: Comment alerts on delete are more intuitive.
- Bug Fix: Link alerts on delete are more intuitive.
- Bug Fix: Comment alerts now work on creating a new comment.
- Bug Fix: File system deletion alerts are now green v/s red on success.
- Bug Fix: Subsystem now hides until loaded.
- Bug Fix: Classified records now wrap properly in the subsystem.
- Fixed rebasing issues across branches
[3.5.0] - 2022-02-24
Added
- Aggregate APIs for pulling bulk data visualizations in external data visualization tools
- Explorer now auto-expands the current record and shows/hides the sneak peek if you are already on the record
- Requirement form now shows the parent control if it exists in the Regulations tab
- Component Status Board
- Lineage and deep linking added for Assessments and Risks (previously just on issues)
- Aggregate queries added for external data visualization
Changed
- Bug Fix: Main dashboard for security plans now loads with no data (checks for null first)
- Bug Fix: LGPL license now points to RegScale
- Bug Fix: Form labels now display correctly for change password, password reset, and confirmation pages
- Bug Fix: Added validation to prevent the maximum length of a Requirement title from being exceeded
- Requirement form reorganized to show/hide fields based on whether it has a parent control
- Bug Fix: Child issues and assessments now showing correctly on the Policy Status Board
[3.4.2] - 2022-02-17
Added
- Added UUID info for the user on the workbench
- Reformatted user profile page
Changed
- Hotfix: Issue External ID queries refactored for non-null set
- Bug Fix: Spinner updated for OSCAL export for security plans
- Bug Fix: CSS styling on Workbench
[3.4.1] - 2022-02-16
Added
- N/A
Changed
- Hotfix: Issue External ID queries refactored for null set
[3.4.0] - 2022-02-15
Added
- Improved user caching to make more consistent
- New dashboards/home page design
- Ability to link issues to multiple records/tiers for ease for querying and reporting
- Issues can now be related at multiple layers for ease of querying/reporting, to include:
- Control Implementations
- Assessments
- Requirements
- Security Plans
- Projects
- Supply Chain
- Policies
- Components
- Incidents
- Added a bulk processor API to issues to allow the RegScale CLI to do bulk conversions for customers with legacy data
- Project, Security Plan, Supply Chain, and Policy Status Boards redesigned and improved UX
Changed
- Subsystems - close button made smaller and moved to the top to avoid visual confusion with Save button
- Time Travel UX refactored to work better in a modal view
- All Find by "External ID" APIs on issues now return multiple records instead of a single (Prisma, Wiz, ServiceNow, and Jira)
- Added method to show plural name of modules in the Module Service
- Improved Login styling
- Bug Fix: Fixed issue where spinner would sometimes not dismiss on session timeout from the login page
- Bug Fix: Parent ID and Module now passes correctly to the new record creator
- Bug Fix: Editing security controls now works properly
- Bug Fix: Catalogs now corectly display metadata
- NPM package updates for vulnerabilities
- Fixed footer links to point to RegScale.com and updated EULAs and Privacy Policy
[3.3.1] - 2022-01-25
Added
- Kanban view optimized to be in a modal view
Changed
- Added configuration to slow down monitoring endpoints
- Removed legacy Cucumber testing tags on the List Views
- Bug Fix: Lightning Assessment sliders now work again
- Bug Fix: Kanban drag and drop now works correctly/consistently
[3.3.0] - 2022-01-23
Added
- Copy token button added to user profile
- Health monitoring system added for RegScale
- Add multiple new layers to the Security Control model for OSCAL to improve the UX:
- Implementation Options
- Test Plans
- Control Objectives/Enhancements
- Parameters
- Added spinner to Transformer to show that it is still processing for larger data loads
- Objectives can now be assessed at the control implementation level
- Added the ability to categorize risk through various lenses
- Added support for Risk Trending
- Added level of effort for Tasks and Issues to help with resource loading
- Added CMMC Asset category to components and assets
Changed
- Bug Fix: errors with date filters pulling on the dashboards
- All dashboards are now driven by a year selection
- Added more options for Security Plan and Control Implementation Status
- Bug Fix: Requirements and Security Controls now parsed correctly in Explorer
- Bug Fix: Subsystem Reload after Save
- Bug Fix: Health check stylesheet now served properly within a container deployment
- Classification levels can now be archived from the List View
- Ports and Protocols: default end port to be the same as the start port
- Changes to ports and protocols now are logged in history
- SSP OSCAL export now provides more control implementation metadata
[3.2.0] - 2022-01-04
Added
- TreeView visualization to Explorer - accordion expansion
- Volpe Threat Modeling Integration - MVP 1
Changed
- Bug Fix: Formatting on system configuration
- Changed favicon to new RegScale logo
- Optimized all images for faster browser loading
[3.1.1] - 2021-12-23
Changed
- Bug Fix: Fixed .NET Core bug with IIS 6
[3.1.0] - 2021-12-19
Added
- Added support for Volpe Risk Modeling integration
- History table is now sortable and filterable
- Drilldown is now available on all charts
Changed
- Bug Fix: Fixed formatting on Lightning Assessment Header
- Bug Fix: Eliminated security risk on password reset
- Improved visualization, sorting, and filtering on My Activity and the News Feed
- Improved button layout for user management
- Email service improved with better logging/validation
[3.0.6] - 2021-12-13
Changed
- Bug Fix: .NET Core Optimizations
[3.0.5] - 2021-12-10
Changed
- Bug Fix: Removed legacy
wait-for-it
script, made SQL startup more resilient
[3.0.4] - 2021-12-10
Changed
- Bug Fix: Bash optimization for multi-stage build
[3.0.3] - 2021-12-10
Changed
- Bug Fix: Added bash back to the Linux container
[3.0.2] - 2021-12-10
Changed
- Bug Fix: Permission error on
wait for it.sh
file
[3.0.1] - 2021-12-08
Changed
- .NET Core Version 6 upgrade including all Nuget packages
- Container hardening and upgrades
[3.0.0] - 2021-12-05
Added
- Rebranded from Atlasity -> RegScale
- New form system design with three columns and floating toolbar
- Tenable.sc integration
- Jira integration
- Ability to model control implementations by responsibility (i.e. provider, customer, shared)
- New Overall/Master dashboard for home page
- Requirements now support Lightning Assessments
- Scorecard now implemented for Projects, Supply Chain, Components, and Policies
- Angular 13 upgrade
- Loading spinnners added for sending emails
- Security Controls can now be exported
- Add labels to drill down charts on the List Views
- Added links to online documentation
- Header to dashboard
Changed
- Improved the loading spinner implementation when fetching data
- Dashboard filters can now be toggled on/off
- Security Plan status board now has tabs to toggle between individual and aggregate views
- Bug Fix: Fixed issue with incorrect lookup of catalog title on Transformer
- Bug Fix: Copying a requirement no longer copies last assessment result
- Bug Fix: Policy Status Board now calculates 'Not Assessed' status correctly
- Bug Fix: Service Accounts are now properly locked as an Enterprise feature
- Supply chain module can now track actual costs
- Project module can now track actual finish date
- All spinners are now consistently styled
- Removed legacy PWA code
- Refactored to remove a large amount of redundant code
- Profile mapping moved into a tab v/s subsystem
- History visualization now shows by default and has labels
- Cause Code Tree is now in its own tab
- Upgraded Kendo UI for Angular packages to the latest
- Security patching of NPM packages
- Bug fix on Requirement controller
- Updated routing to allow for more efficient copying
- Profile Mapping User Experience enhanced
- Fixed periodic rendering issues on history visualization
- Swagger API cutover to RegScale branding - no impact to customer integrations/routes
- Bug Fix: Fixed RBAC errors on default settings (parent inheritance working again)
- All Builders/Wizards have the UI/UX refactored
- Scorecard now defaults to showing open issues v/s total
- Bug Fix: eliminated double API calls to the subsystem
- Bug Fix: requirement module now correctly pulls control tests
[2.4.0] - 2021-10-11
Added
- Enriched data model for Catalog OSCAL export
- Supports namespaces for OSCAL
- Ports and protocol support added for Assets, Components, and Security Plans
- Azure Active Directory (AD) Single Sign On (SSO) Support
- Integration dashboard for improved ease in managing integrations
- Added ability to generate Personal Access Tokens (PATs) to support Service Accounts that can be leveraged for API automation
- Added integration with MITRE Security Automation Framework (SAF) via Inspec/STIG profiles using OSCAL
- Indicators to grids to better indicate sorting functionality
- Master assessments now allow you to visualize the individual assessments that make up the overall score
- Added support to generate OSCAL SAP/SAR documents from Atlasity assessments
- Improved dashboard visualizations including stacked bar charts
- Profiles now display info for Control Ids and and Catalogs
Changed
- Bug Fix: Check for null on Login Banner
- Bug Fix: OSCAL Security Plan export handles null dates
- Bug Fix: OSCAL Catalog export handles null dates
- Lightened N/A CSS on the Security Plan Scorecard
- Bug Fix: Fixed memory leak to unsubscribe on notifications
- Replaced Chart.js with Telerik Charts - improved UI
- Replaced eCharts pie charts with Telerik Charts - improved UI
- Improved UI for Security Plan Print - added Catalog data
- Improved UI for Security Scorecard - added Catalog data
- Added "Automation" fields to assessments to support OSCAL and integrations
- Improved labeling around risks
- Bug Fix: Control Id is now sortable
- Default styling changed for form focus
- Workbench impersonation renamed
- Custom fields now show a default view when no fields
- Bug Fix: Some fields were not sorting correctly and have been fixed
- Bug Fix: Copy security control did not copy control type
- Bug Fix: Deactivated users can no longer log in
- Moved custom fields to a tab on the component form
- Custom fields all moved into the tabbed interface
- Bug Fix: Copy security control did not copy control type
- Bug Fix: Catalog print now correctly displays all controls
- Back button only prompts warning if data has changed (form is dirty)
- Login now redirects to the dashboard as the Home page
- Bug Fix: Control implementation sorting now works in the grids
- Security: Added a flag to allow the warning banner to be bypassed for security scans
[2.3.0] - 2021-09-12
Added
- Validation to .NET controllers and simplified Create/Update APIs
- Security profiles can now be printed and emailed
- Added Login Banner capability that can be customized by tenant
- Added Privacy Police notice to the footer of the application
Changed
- Removed ElasticSearch integration
- Added ability to toggle on Sentry.io monitoring with an environment variable for .NET Core
- Removed Angular Sentry.io monitoring (not useful)
- Bug Fix: Workflow enabled for cases
- Bug Fix: Notification link now works for questionnaires
- Bug Fix: Pivot table visualization works for cases
- Bug Fix: Toasts now correct when creating a new organization
- Bug Fix: Component print and email now works
[2.2.3] - 2021-08-31
Added
- Integration fields for issues (JIRA, ServiceNow, Wiz, Prisma)
- Classification subsystem
- New tenant auto-seeds picklist metadata
- Indexing for Relationships module to improve performance
- Indexing for Classified Records to improve performance
- Indexing for Events/Timeline to improve performance
- Indexing for Workflow to improve performance
- Indexing for Cases to improve performance
- Additional features and functionality for OSCAL exports of Security Plans and Components
Changed
- Patched JWT Nuget package to address security vulnerability
- Updated Telerik PROD License Key
- Fixed legacy CSS issues with
/
and moved tomath.div
- Upgraded to Angular 12.2
- Added Step indicator to recurrence wizards
- Added server side data validation and API simplification for assessments and issues
- Custom fields now print
- Added warning when creating a custom field that data type cannot be changed
- Added properties to parameters for OSCAL
[2.2.2] - 2021-08-24
Added
- Scorecard now shows modal for open issues
Changed
- Added Control ID to show on the control implementation form
- JWT tokens now expire in 24 hours instead of 2
- ControlId added to Transform Mapper
- Transformer now refreshes controls when the base control changes
- Fixed duplicate IDs on the catalog form
- Fixed bug where child issues were not always pulling correctly on the Scorecard
- Fixed bug to default printable if security control type is undefined
- Security groups are now sorted for RBAC
- Lightning assessment always refreshes when closing the page now
- Fixed CSS styling on date picker controls
- Added CSS styling to show N/A controls are excluded from Scorecard calculations
- Fixed bug where control type was not being set properly when loading a new catalog
[2.2.1] - 2021-08-17
Added
- Security Plan Scorecard
- Added Wizard interface for Assessments, Data Calls, and Tasks Recurrence
Changed
- Bug Fix: All events on the status board are now processed correctly when hovering over the heat maps
- Uploading files now generates a toast to confirm the upload
- Softened colors on the Security Plan Status Board
- Bug Fix: Bulk edit of control implementations now works properly
- Bug Fix: Last Assessment hover fix
- Improved tooltips on the Status Boards
- Bug Fix: Updated date formatter based on NPM library update
[2.1.3] - 2021-08-06
Added
- Case Management Module
- Added mapping flag to catalogs as a visual indicator
- Enhanced date picker added throughout all modules
- Improved data validation prompts
- OSCAL: Inheritable flag added to control implementations (used for leveraged authorizations)
- Transformer feature now shows mappings in the UI
- Builders now track linkages between profiles and the records they create (OSCAL)
- Dashboards now have pageable/filterable grids
- Catalogs now have links to the source OSCAL file that generated them
- All modules have an API to be queried by custom fields
Changed
- Bug Fix: Catalog title is now a required field via the API
- Performance - rewrote the export JSON functionality
- Bug Fix: Logic was broken on show/hide mapping wizard
- Bug Fix: Confirmation email link now works
- Bug Fix: Registration link now works
- Bug Fix: Removed deprecated Service Account API
- Bug Fix: Can now delete catalogs and security controls with mapped controls
- Added warning when trying to map a catalog with no controls
- Risk matrix removed hard coded thresholds
- Bug Fix: Date picker popups now work in modal windows
- Catalog and security controls are now archived versus deleted
- Bug Fix: Setup now shows for Global Admin on Community Edition
- Bug Fix: Menu options now hidden from the Global Admin account
- Angular 12.1.4 minor upgrade and various npm package upgrades
- Bug Fix: Get all controls by security plan query was not always accurate, fixed lookup
- Bug Fix: Fixed sporadic bug where lightning assessments sometimes would not create for general users
- Bug Fix: Kanban not showing tasks on workbench
- Kanban button colors are now white
- Bug Fix: Tasks on workbench now reset correctly with impersonation
- Bug Fix: Kanban now shows profile pictures again
- OSCAL validation no longer prevents downloads - just throws warnings
[2.0.2] - 2021-07-19
Added
- Added Record Level access control to all modules
- OSCAL export functionality for Security Plans, Catalogs, Profiles, and Components with AJV schema validation
- Each Atlasity instance now has a unique GUID tied to its license for improved Software Assurance
- License is now checked on login and access is enforced based on license validity
- Upgraded WYSIWYG Editor
- Recurrence Engine - now allows preview and group assignments
- Performance - major improvements to query performance on list views
Changed
- License key management - Community Edition locks after 30 days and requires a license registration
- License now managed only at the Global Admin account, removed on Setup page
- Added support for Stored Procedures for SQL performance optimization on the backend
- Bug Fix: Org list not shown when creating users using the Global Admin account
- Added password validation when creating a new user
- Bug Fix: Domain now set properly on login
- Multiple backend performance improvements (query optimizations)
- Minor bug fixes and improvements
- AI for issues now driven by a button click instead of defaulted for performance reasons
- Bug Fix: All licensing now set from Admin panel versus environment variables
- Bug Fix: Catalog export now working
- Added Control ID to security control list view
[1.6.1] - 2021-06-06
Added
- Added Risk Mitigation module to map controls to risks they mitigate
- Added Control Mapping matrix visualization
- Component module with OSCAL export functionality
- Added builders to components and flowed down to assets (with visualizations)
- Date graphing throughout the application
- Kanban Task Board feature enabled for all modules
Changed
- Assets can now be mapped to many components
- Assets now have tabs to organize the form
- Provided a GUI for adding/managing control parameters
- Angular 12 upgrade
- Swapped crypto-js library for crypto-es (TypeScript friendly)
- Cleaned up NPM vulnerabilities
- Updated NPM dependencies, removed unneeded packages
- Bug Fix: Domain lookup now functions properly under all circumstances
[1.5.0] - 2021-05-07
Added
- Added Project Status Board
- Added Supply Chain Builder
- Added Project Builder
- Added Policy Builder
Changed
- BUG FIX: Security plan delete now works and removes control tests and results
[1.4.1] - 2021-04-30
Added
- Master Assessment feature (schedule many assessments at once)
- Relationship Manager for many to many linking of records
- Lightning assessments now support links, comments, and attachments
Changed
- Reformatted Quality system on control implementations
- Lightning Assessment feature now hidden when there are no tests created
- BUG FIX: Lightning Assessments works properly again for a single assessment
- BUG FIX: Delete button works again for assessments
- BUG FIX: Toggle off for Supply Chain and Policy now works
[1.3.0] - 2021-04-17
Added
- Questionnaire Module
- Added metadata fields to Control Implementations
- Added tabs to Control Implementations UX
- Added quality management to Control Implementations
- Added Risk Maturity Tier to Security Plans
- Added filters to the Calendar for user (default), facility, and org
- Google style search bar added to all modules
- Added Control Tests to each Control Implementation for Enterprise Customers
- Added Lightning Assessment Functionality
- Added a new API to pull all child records for a given security plan in a single call
Changed
- Controls now show in the preview box for the security plan builder
- Bug Fix: Search bar formatting improved for CSS
- Added reset to search on Security Plan Status Board
[1.2.0] - 2021-03-30
Added
- MD5 checks and enhancements for Time Travel
- AI Engine built for issue recurrence analysis
- Refactored reporting engine page
- Added summary info to the Security Plan module
- Enhanced pagination support for large data sets
- Added export functionality for all modules (JSON format)
Changed
- Bug Fix: Handled null records on Time Travel and improved formatting
- Bug Fix: Org pivot tables now work when visuallizing records in lists
- Fixed width of user table in the Admin panel
- API key merged into the User Profile versus a separate page
- Bug Fix: Corrected calculation error on the DOD 171 self-assessment scoring
- Added divider between catalog controls on printable form
- Re-organized catalog print page
- Bug Fix: Hide control implementations until save on security control form
- Enhancement: Moved action buttons on user form to the left to prevent scrolling off page
- Security Control weight now accepts decimals; not just integers
[1.1.1] - 2021-03-21
Added
- Persists login username in localStorage, uses it to remember username and to check LDAP status
Changed
- Bug Fix: AD/LDAP bug fixed
- Bug Fix: Creating new users
[1.1.0] - 2021-03-15
Added
- License key is now driven by the Admin panel versus an environmental variable
- Additional fields for risk modeling
- Added Organization module
- Added Questionnaire backend
- Added Reporting module with DoD 800-171 Self-Assessment Scoring
- Risk visualization to the risk form
- Greater visualization and interactivity to the Security Plan Status Board
- Added visualization for all control implemenations of a given security control
Changed
- Bug Fix: Security plan status board can now handle nulls when parsing data
- Bug Fix: Google Maps API now allows connections from any domain
- Updated licensing agreement
- Updated copyright date
- Bug Fix: Reset on search now resets the data
- Bug Fix: Login now resets the license type without a refresh
- Bug Fix: Can now add multiple users without refreshing, enhanced validation and logging
[1.0.2] - 2021-02-07
Added
- More options for risk categorization
- CMMC options to the policy module
- Added ability to handle multiple mapping options via the wizard
Changed
- Bug Fix: Controller fixed for Status Board
- Bug Fix: CMMC data was not printing on security plans or control implementations
- Bug Fix: Search bug fixes for .NET 5 (IndexOf -> Contains)
[1.0.1] - 2021-02-04
Added
- Mapping functionality now locked to Enterprise customers
Changed
- Bug Fix: Controller fixed for Status Board
[1.0.0] - 2021-02-02
Added
- Added catalogs and support for all baselines of NIST 800-53 Rev4
- Added catalogs and support for all FedRAMP baselines
- API for interacting with unique ControlIds for security controls
- Licensing info now shows on the tenant Admin panel
- Added ability to delete a workflow template step from the designer
- Added ability to delete workflow instances
- Added workflow ID to the workflow instance form
- Major dashboard refactoring and improvements
- Added Parent Slider to the Workflow Instance system
- Added Component module to support the OSCAL standard
- Added Parameter to the data model to support the OSCAL standard
- Added ability to print the full Catalog with all child controls
- Added NIST 800-171 Self-Assessment Report for DoD
Changed
- Bug Fix: Hot fix for DB migration issue
- Bug Fix: Workflow now passes ID properly to the instance page after creation
- Bug Fix: Worfklow system now auto-creates the "System" group if it doesn't exist
- Bug Fix: Supply chain system now handles null stock data
- Bug Fix: Catalog search now works properly
- Bug Fix: Security controls search now works properly
- Bug Fix: Security Plan status board explanation no longer interferes with My Activity slider
- Bug Fix: Time Travel "Revert" button now works
- Bug Fix: Sort order on custom fields now works properly under all circumstances
- Enhancement: Workflow notifications give a better indication of what is happening (Approval v/s Notification)
- Enhancement: Colors are now consistent on graphs relative to status
- Enhancement: Added advanced visualizations to the security plan status board
- Enhancment: Minor UX tweaks throughout the application
- Enhancement: Added a prompt before reverting Time Travel to a previous state
[0.9.8] - 2020-1-14
Added
- Added Control Mapping system to map controls from multiple catalogs into a single control mapping
- Added a unique Control ID to the security control module to allow a "business friendly" control name for easier searching and lookups
- Added AD/LDAP auto-sync job with the ability to map attributes for a deeper sync process with Atlasity
- Custom Fields can now be ordered with drag and drop on the Admin panel. Display consistently on the form.
- Can now view the related module on the workflow template designer
Changed
- Bug Fix: Now hides password related features if AD/LDAP sync is turned on
- Bug Fix: Broken icon on delete toasts fixed across the application
- Bug Fix: Navigation system now shows child security plans for a profile
- Improved data validation on the front and back end; better visual indicators and API protections
- Additional status options for interconnects added
- Bug Fix: Links in Sliders now close modals
- Bug Fix: Notifications now loads properly on login/logout
- Bug Fix: My Activity now loads properly on login/logout
[0.9.7] - 2020-1-07
Added
- Time Travel feature implemented
- Bulk editing of security control implementations
- Supply Chain Risk Status Board
- Supply Chain - configuration panel added for analyzing 3rd party risk
- Security Plan - now has form data for Authorization Boundary, Network Architecture, and Data Flow
- Security Plan Form - now implements tabs to make the form more compact with less scrolling
- Security Plan Print - UX improved to add dynamic charting and visualizations
- At a Glance Tags added to security plan for quick visual indication of key data
- User Groups - can now be viewed on the user profile
- Workflow - now tracks start and end times for the overall workflow and each step
- Upgrade to Angular 11 and .NET Core 5.0.1
- Performance Optimization - Supply Chain, Policy, and Security Plan Status Board refactor
Changed
- Bug Fix: Removed domain check since it is config driven.
- Bug Fix: News posts links for Supply Chain and Causal Analysis are now formatted correctly.
- Performance: Index optimization for frequently executed queries
- Packaging: Optimized build to decrease container size
- Security: Hardened the base image to eliminate vulnerabilities and reduce the attack surface
- Refactored News Posts to be more efficient
- Removed Catalog field from security control form (could cause data integrity issues)
- Added new status for Security Plans (Retired/Decommissioned)
- Bug Fix: Removed register new user link on the Forgot Password page
- Bug Fix: Fixed bug that would not allow adding Interconnects to a security plan
- Bug Fix: fixed broken breadcrumb links on the workflow modules
- Group Management - now disabled for Global Admin (god-mode account), must login with regular Administrator role to access group management
- Group Management - UI refactored to improve the user experience
- Workflow Designer - UX refactored to improve the user experience
- Bug Fix: Worflow notifications now go to all users in the group, not just to the first user
- Bug Fix: Added history events for workflow
- Added ability to toggle on/off bulk editing of security controls and added alerts for saves
- Bug Fix: fixed issue with Javascript changing numbers to dates under some circumstances
- Bug Fix: Removed index on control implementations to allow for large field sizes
- Bug Fix: Fixed back button when deleting a security plan
- Bug Fix: Fixed hidden elements from a bad DIV tag on the security plan print report
- Bug Fix: Supply Chain Risk parent ID is no longer nullable
- Bug Fix: If same parent type (i.e. nested security plans), child controls now render correctly
- Validation: Refactored for Security Plans
[0.9.6] - 2020-11-18
Added
- Base image changed to Linux Alpine for smaller size and improved security
- UUIDs added to all modules to improve machine to machine data interchange
- Added navigation to app menu to view My Activity in a slide out panel
- Added user "baseball cards" to display contact info for any user selected
- Added validation for all environmental variables on startup. Now throws errors in the container logs when validation fails.
Changed
- Applied phone masks for improved formatting
- Fixed duplicate IDs on HTML tags on the Catalog
- Fixed print error on security controls
- Assessments can now be added to assets
- Bug Fix: Can no longer view dashboard when module is disabled in setup
- Bug Fix: Can no longer 'Add Child' records when module is disabled in setup
[0.9.0] - 2020-10-30
Added
- Improved logging
- Added functionality to hard reset the
admin
password with an environment variable and restarting the app - OSCAL SSP Import
- Added Stakeholders subsystem
- All Home Page Dashboards completed
- Added System Owner to the Security Plan Module
- @Mention feature implemented for notifications (Comments Subsystem, Workflow, and News Feed)
- Added Policy Status Board
- Added Control Weight to Security Controls (used for risk calculations and DFARS Self-Assessments)
- Email Viewer
- Added Export for Security Plans and Control Implementations - used for external integrations
- Can now "opt in" to receive email notifications
- Notifications now issued for new record assignments (within Atlasity and via email if "opted in")
- Added "Slide out" feature to preview the parent record
- Base image changed to Linux Alpine for smaller size and improved security
- UUIDs added to all modules to improve machine to machine data interchange
- Added navigation to app menu to view My Activity in a slide out panel
- Added user "baseball cards" to display contact info for any user selected
Changed
- Bug Fix: No longer shows option to add a Control Implementation to the Security Plan using the Add Child button (must use the builder)
- Refactored Security Plan report to allow for more customization in reporting
- Can now delete comments
- Improved signaling on navigation links
- FIPS and System Type and now configurable as Metadata
- Refactored notification system UI for performance
- Group manager now displays a default of 25 records
- Fixed email viewer bug, now displays all sent emails correctly
- Fixed bug for 'Create New' on Supply Chain Status Board
- Date Last Assessed and Last Assessment Result are now labels - must be set via assessment
- NIST 800-171 now available as a catalog
- Increased length of security control titles
- Changed the cursor on the navigation tab
- Added more discrete validation to the tenant configuration form
- Fixed blank password bug for email configuration
- Improved validation for AD/LDAP settings
- Bug Fix: Exception lookup now working correctly
- Add Child button now hidden until a module is selected
- Cleaned up divider lines based on permissions in the Navigation bar
- All logins now redirect to the workbench as the standard home page
- Bug Fix: System Owner now displays properly in the list view
- Added ability to enable/disable email SSL by tenant
- Applied phone masks for improved formatting
[0.8.0] - 2020-10-2
Added
- OSCAL Security Plan Export
- Performance Tuning - Lazy Loading in Angular, Bundle Size Optimization
- Added Cypress Front End Testing (rebased with testing branch)
- MITRE Heimdall Integration for Assessment
- Added Help system for all modules
- Metadata seeding re-factored for each module
- Refactored global admin workflow
- Control owner visualization for security plans
- Added the Maintainer role
- Users default to activated
- Facility Status Board now handles offline gracefully
Changed
- Added ability to show/hide CMMC fields based on Admin Config
- Fixed bug where Atlasity would not accept complex email addresses with multiple periods
- Bug Fix: Fixed route on creating a new user
- Added "Last Assessment Result" graph to the Security Plan Visualizer
- Bug Fix: Recurring assessment route fixed
- Bug Fix: Fixed "Create New" route for projects
- Bug Fix: Cause codes now load defaults on new installations
- Bug Fix: Supply Chain picklists now configurable
- Bug Fix: License now displays properly when not logged in
- Bug Fix: Fixed date validation errors from the testing harness
- Bug Fix: User profile system bug fixed, can now upload photos
- Cache now clears on logout and when adding a user
- SMTP Email Password is no longer required (for non-authenticated use cases)
- Bug Fix: Notification count reset to zero on logout
- Bug Fix: Non-admins can now access their User Profile
[0.7.0] - 2020-08-28
Added
- Added Supply Chain Module
- New landing page with dashboards
- Custom fields can now be ordered via drag and drop
- Angular 10 upgrade
- FontAwesome now installed locally v/s CDN include
- Calendar now supports Angular 10
- Facility Status Board MVP 1
Changed
- Added currency formatting to the Project input controls
- Renamed Atlasity export files
- Workbench component now properly named
- Fixed bug on AD sync
- Added Post-Incident Evaluation field to the Incident Response module
- Email alerts now indicate that it was sent to you
- Hides ID field on Security Control Implementations
- Refactored Facility Status Board for efficiency
[0.6.0] - 2020-07-31
Added
- Added support for email CC
- Activew user toggle added for the user list
- Fixed max filesize setting on Startup
- Fixed bug on test email, made code more resilient
- Help/Support now points to Atlasity.io
- Added the Facilities module to the Admin panel
- Printable reports now have clickable headers
- Added causal analysis module
- Added event module for timeline
- Custom fields are editable
Changed
- User search now shows by default
- File size limit now in MBs
- Admin email now updates when saving a new email in the Admin panel
- Cache now refreshes when new user is created or AD is synced
- Improved security of account creation when doing an AD/LDAP sync
- Facilities added to all forms/searches
- ListView buttons are always formatted on the right now
- Fixed 'Setup' link for non-Enterprise installs
- Required fields properly marked on the user form
- Email now saves to the database before sending and throws error prompt when it has issues sending
- Many multi-tenant user flow bug fixes
- Fixed routes to profiles and catalogs (no longer have to be an administrator to view)
- Domain stored locally to reduce API traffic
- Fixed back icon on Control Implementation form
- Domain name now adds '/' character to the end if not provided
- Link to CMMC added throughout security plans
- Save button now disabled until Save events complete (prevents multiple saves of the same record when clicking quickly)
- Facility name must now be unique for a given tenant
- Added test button for Slack/Teams
- Prevents duplicate cause codes
- Added cause type to causal analysis
- Fixed bug when copying security plans
- Auto-adds controls to plan using Security Plan builder without having to click an add button
- Added link icon to compliance navigator
- Removed Apparent Cause and minor UI tweaks
- Email configuration labels and validation improved
[0.5.0] - 2020-05-29
Added
- Custom Reporting and Dynamic Searching
- Expanded test coverage and integrated with CI/CD
- ELK stack expanded for enterprise monitoring and reporting
- User-defined fields implemented
- Added Email GUI
- Rebranded to ATLASITY
- App configuration now driven by license key
- Licensing info now displayed for global admin users
- FSSC Catalog import functional
- One step import/export now for a catalog and all child controls
- Custom fields are now tenant specific
- Added test button for SMTP email configuration
- Service Account now displays the current token
- Tooltips and instructions now provided on the AD/LDAP admin panel
- Custom fields now allows a choice list
- AD/LDAP now allows test/sync on the Admin panel, searches nested accounts
Changed
- IAM flow improved along with UI
- Fixed various security authorization bugs
- Fixed email bug in the ATLAS container
- Fixed various container deployment bugs and improved documentation
- Fixed bugs in the build process, sped up build times significantly
- My Activity moved under user profile and user form for Admins
- Calendar now graphs assessments across days
- Worked through Sonarqube bug fixes and Angular build bug fixes
- Removed cyber specific fields where possible (can add via Custom Fields for a customer)
- Fixed validation errors where form was not resetting
- Fixed bugs on workbench and adding items, moved config to a service
- Various multi-tenancy fixes
- Recurring bug fix - bi-annually now calculates correctly
- Custom fields now hidden for Community Edition
- Clearing security controls no longer throws an error toast message (warning instead)
- Fixed AD/LDAP bug on login
- Logout now in red and moved to bottom to be easier to find
- Create security plan now shows a spinner while building the plan with controls
- Fixed registration bug for users
[0.4.0] - 2020-03-27
Added
- Tenant and User services now cache results to improve performance
- Combined IAM modules into one config panel and re-factored
- Custom monitoring solution for K8s, APM, SQL Server, and Containers built using ELK
- Refactored user group by queries - improving query performance
Changed
- Fixed password reset bug
- Added show/hide fields to all password fields (default hides)
- Refactored service accounts for multi-tenancy
- Files are now searchable/sortable and show the MD5 hash
- Bug Fix - News Feed and My Activity filters now work for over time visualization
- Bug Fix - URL now updates after saving a record, fixing issues with the Back button
[0.3.0] - 2020-03-13
Added
- Created Admin panel for configuration
- Enabled AD/LDAP authentication
- Added deploy instructions for catalogues
- Added AES-256 encryption for secrets in the DB
- Added Group Management functionality for users
- Added System Integration tests with Cucumber/Selenium
- Angular now caches lookup fields
- Added ability to create and manage User Groups
Changed
- Updated deployment instructions for persistent storage on local installs
- Bug fixes on redirects after Catalogues and Security Plans are built
- Sorted/updated regulations on the Splash page
- Removed workflow trigger from new forms
- Made max number of file uploads configurable
- Can now enable/disable Microsoft Teams, Slack, and AD/LDAP authentication
- Bug Fix: Only activated users show in the user list
[0.2.0] - 2020-02-28
Added
- CMMC fully implemented
- Avatars now stored in the DB
- Workflow now supports drag and drop
- Added Print/Email capability for Catalogues and Security Controls
- Added ability to mount storage in K8s for file storage
- Catalogues now allow for JSON import and export
- Angular Unit Testing
- Added LGPL license to ATLAS
- Added Compliance Status Board for Security Plans
- Added Slack and Microsoft Teams integration
- Added multi-tenancy
Changed
- Minor icon bug fixes on the News Feed
- Re-factored dashboards to use the list view
- Add CMMC filters to security plans and control implementations
- Tuned SonarQube rules to filter out false positives
- Allows multiple file uploads
- Shows counter for number of catalogues on the Splash page
- Added C# unit tests and new folder structure
- Fixed bugs and legacy alerts
- Can now tie issues to assets
Changelog
[0.1.10] - 2020-01-31
Added
- Basic workflow system engine
- Re-factored News Feed, comments on the news now flow down to the record
- Update API for Links
- Replaced all Alerts with Toasts for a modern UI experience
- Security Plan Builder Wizard implemented
- Pipelines updated and SendGrid bug fixed
- Upgrade to .NET Core 3.1
- Added the DoD CMMC into ATLAS
Changed
- Deletions via API now remove all child/related objects
- Improved form validation across all modules
- Removed version history, moved to the change log
- Improvements to file upload
- Replace Feather icons with Font Awesome - reduced build size
- Metadata manager now hides modules with no fields to customize
- File upload now throws an error if no file provided
- Cleaned up instructions for recurring records
[0.1.9] - 2020-01-10
Added
- Added search capability to all subsystem tabs
- Added a list view for security control implementations
- Added Kubernetes configuration files for ease of automated deployments
- Built Windows DEV environment
- Added GUI for creating service accounts
- Added loading spinners
- Added profile owner to security profiles
- CI/CD now handles DB changes
- Added search to history
- Added logic to "Show/Hide" the Show More button on the News Feed and My Activity
- Added URL encoding to search
- Added end of life, status, and purchase date to Assets
Changed
- New navigation system implemented
- Performance improvments for the navigation system
- Removed legacy breadcrumb system
- Removed sensitive user data from API calls
- Fixed bug on "add child" wizard in the navigation system
- Fixed Docker build error with new Angular update
[0.1.8] - 2019-12-06
Added
- Added error checking on all forms for 'Record Not Found'
- Added a requirements module
- Created a wizard interface for building security plans
- Created a wizard interface for managing compliance requirements
- Added a view of all implementations for a given control
- Added event type filter to the News Feed
- Added Select All and Remove All buttons to the security profile
- Added toggle to show/hide search filters on the list view
Changed
- Multiple data validation bug fixes
- Re-factored assessment API to support automated DevOps testing
- Re-factored UX for all forms
- Improved formatting of the Splash page
- Improved density of the UI on all subsystem tabs
[0.1.7] - 2019-10-30
Added
- All APIs compliant with Swagger/OpenAPI format
- Added initial Swagger API documentation page
- All APIs have Swagger documentation
- Added recurring assessment feature
- Added recurring data call feature
- Added recurring task feature
- Comments are now integrated with the News Feed and History
- File upload/download is now integrated with the News Feed and History
- Links are now integrated with the News Feed and History
- Added Swagger documentation to the ATLAS models
- Added High Value Asset toggle to the Security Plan module
- Required fields are now marked on the forms
- Added Refresh button to the News Feed
- Added catalogue to the News Feed and My Activity
- CSA CCM controls uploaded
- Assessments auto-update control implementations
- Added control implementation details to the dashboards
Changed
- Fixed workflow step bug on the News Feed
- Fixed bug with blank avatars on the News Feed
- Fixed issues on the Catalogue Form
- Updated the Security Controls data model
- Security profile refactoring
- My Activity now shows unique records
- Refactored the Workbench UI
- Updated Splash page - compliance frameworks + Star Wars
[0.1.6] - 2019-09-30
Added
- Added click-through license agreement
- Added printer dialogue button
- Added validation to the RBAC manager
Changed
- Fixed checkbox indent
- Made blob storage private - validated encryption of files and privacy of URLs
[0.1.5] - 2019-09-06
Added
- Added email notification for new account creation
- Added a password reset feature
- Improved validation for login processes
- Added support for Markdown files in ATLAS
- Added initial Help system with Markdown support
- Added progress bar, totals, and legend to the calendar
Changed
- Upgraded to Angular 8
- Fixed NPM package vulnerabilities
[0.1.4] - 2019-08-26
Added
- Tested new navigation menu on mobile, Mac, and Windows
- Added a warning banner for ALPHA testing
- Enhanced data validation logic across all modules
- Improved formatting of date picker controls
Changed
- Moved all navigation to the top to allow more screen real-estate on small screens
- Fixed navigation bug on mobile with dropdown menus
- Fixed login/logout flow
- Fixed status check logic for tasks
- Removed max/min controls
- Fixed a rare show/hide bug in the navigator
[0.1.3] - 2019-08-10
Added
Changed
- Fixed card height issues on the splash screen
- Fixed login/logout issues with showing/hiding content
[0.1.2] - 2019-07-27
Added
- Added data validation to new user account creation
- Added vanity URL for the ATLAS sandbox: atlas.c2labs.com
- Added default image
Changed
- Fixed width issues on mobile platforms for logins
- Improved password management features on new user creation
- Fixed data validation when updating the user profile
- Updated format of the unauthorized access page and footer
[0.1.1] - 2019-07-10
Added
Changed
- Updated readme.md file to better describe the modules and build process
- Various fixes to improve support on Windows (IE and Edge)
- Disabled service worker code (throwing errors and not being used right now)
- Removed xlsexport, incompatible with latest Angular framework
- Fixed duplicate tags on the home page
- Fixed logic on login/logout/user creation