Provides details on all changes to the RegScale platform over time.

[4.22.0] - 2023-03-21

Added

Changed

Bug Fix/Tech Debt: Added many missing fields to search and consolidated search field lookup
Bug Fix: Fixed styling on icons in Threats module
Bug Fix: Validation messages now show properly in the Threats module
Bug Fix: Addressed issues on time travel revert
Bug Fix: Interconnects - fixed IP address validation issues

[4.21.2] - 2023-03-19

Added

Enhancements to risk form and process flow indicators

Changed

Bug Fix: Objective/Parameter Order Fixed

[4.21.1] - 2023-03-18

Added

FedRAMP: Continued improvements to the handling of parameters

Changed

Bug Fix: Addressed issues with modals

[4.21.0] - 2023-03-15

Added

FedRAMP: Exported FedRAMP SSP now directly attaches to the file system for download
Improved the overall Parameter user experience

Changed

Bug Fix: Removed bad link to old registration form (broken during website migration)

[4.20.2] - 2023-03-09

Added

FedRAMP: Address and company fields to the user profile

Changed

Performance: Increased timeout to 5 minutes for long running jobs (i.e. FedRAMP SSP export)
Performance: Refactored SSP Word export to reduce build times, improved document formatting

[4.20.1] - 2023-03-09

Added

Assets: Added fields to fully support FedRAMP Inventory workbook

Changed

Bug Fix: Code behind errors fixed on forms
Bug Fix: Addressed styling issues on export buttons and added missing export options
Security: Enhancement for email encryption
FedRAMP SSP: Added more logging, interconnections, ports and protocols

[4.20.0] - 2023-03-08

Added

New Home Page navigation bar on side panel and discrete routes for dashboard analytics
New toolbar added to forms, utility UI consolidated into new design
Tenant Id added to the JWT providing for more efficient API calls
Security: Added support for TLS 1.2 for sending email using FIPS approved services
Improved error handling and logging for all form saves/updates
Fine grained access control per API call to accommodate Read Only use cases
FedRAMP: Detailed logging to Mega API and FedRAMP exports to help troubleshoot environmental issues
eMASS: SAP/SAR Export

Changed

Bug Fix: Fixed bug showing option to create child security controls directly under security plans (forces through Builders)
Security: Now refreshes the server side user cache after any change to a user role
Bug Fix: Improved formatting on Personal Access Token
Bug Fix: Formatting on Security Plan print improved
Bug Fix: Addressed issue where sometimes RBAC editing would not be properly enabled
Bug Fix: Addressed issues with read-only permissions throughout the application
Bug Fix: Import catalogue parameter UUID if it exists when importing catalogues
Performance: Fixed slow loading speed with large numbers of security controls
CSS: Fixed deprecated style tags
Enhancement: Ports and protocols data added to Interconnects in the MegaAPI
Enhancement: Display catalogue date imported
Enhancement: Import catalogue parameter default if it exists when importing catalogues
Security: Container patching for Linux Alpine image
Bug Fix: Addressed periodic date rendering issues throughout the application
Improved completeness of FedRAMP SSP export
Fixed rendering issues on Status Board spacing
Bug Fix: Fixed import issues on UUID and default parameter values

[4.19.0] - 2023-03-01

Added

Improved formatting of Catalog print page along with adding more information (parameters, objectives, and tests)
Digitized the FedRAMP Low, Moderate, and High catalogs using FedRAMP resolved catalogs
Additional filtering options to the scorecard controls (customer responsibility)
Added roll up by control family to the Scorecard visualization
Built out additional FedRAMP and eMASS automated exports

Changed

Security: Red Hat UBI and Rocky Linux patching
Catalog print now sorts by "sort-id"
Security: Improved validation of user data when creating a new user
Improved data validation in all back end controllers
Improved export file names to include object title, module, and RegScale record ID
Added indentation to the downloaded catalogues (JSON)

[4.18.2] - 2023-02-24

Added

Changed

Bug Fix: Corrected issue where sometimes eMASS exports can become corrupted in Excel files
Bug Fix: Improved validation and error handling for FedRAMP exports

[4.18.1] - 2023-02-22

Added

Cloud implementation field for Control Implementations - supports Hybrid cloud use cases
Security Checks capability to Assets
Parameters on security controls can now accept default values
Support for eMASS POAM export

Changed

Bug Fix: Fixed typo Security Plan Cloud tab
Bug Fix: Options now refreshes objectives when a new one is created
Bug Fix: Periodic issues with corrupting Word exports
Tweaked CI/CD pipeline files and added GitHub templates
Security: Fixed an issue related to Azure AD SSO deactivation
Security: Last login now properly stored for SSO users

[4.18.0] - 2023-02-22

Added

STIG fields to issues (Security Checks and Recommended Actions)
Cloud fields added to SSP metadata to support FedRAMP
FedRAMP fields added to Interconnect module
Dynamic Policy Authoring Capability
CMMC Enhancements - loaded 800-171A objectives and tests to the catalog
Support for Australian ISM catalog (leveraging our OSCAL importer)
Control status strip to the Scorecard
Mega-API - added Teams and References

Changed

Bug Fix: Addressed alignment issues in the compliance visualizer
Bug Fix: Addressed issue where sometimes the vertical scrollbar on the page would not reach the last field
Bug Fix: Close button now works properly on lightning assessments
Bug Fix: Improved status coloring in the compliance cockpit
Bug Fix: Creating components from SSPs now works properly
Bug Fix: Security controls can now be edited without errors
NPM security patching
Refactored and consolidated the Continuous Monitoring experience in the application
Rearranged the control implementation form to streamline data entry and intelligently render the UI based on objectives and parameters being available

[4.17.0] - 2023-02-15

Added

API support in Readme.io with example code for testing API code in 20+ languages
Control Context Viewer
Interconnect information is now returned as part of the SecurityPlan Mega-API
FedRAMP Preparation fields and tab to the Security Plans module
Components and SSP Evidence reports

Changed

Bug Fix: You can now properly search within Explorer list view tables
Security: Patching of all NUGET packages for .NET
Objectives now show parameters values for control implementations
Bug Fix: OSCAL SSP now properly exports all control implementation data
Improved layout and token explanation on the user profile page
Simplified "My Profile" side panel text and display
Added sorting and indexing to improve control display and retrieval

[4.16.1] - 2023-02-09

Added

Changed

Hot Fix: Issue page loading (missing migration)

[4.16.0] - 2023-02-08

Added

Crumb Cake Navigation
Added SortId to Security Controls (allows for custom sorting algorithms for catalogs such as NIST)
Adverse Condition reporting to Issues Module
Added ability to import and export Classification Types (published 800-60 options on the website)
Continuous Monitoring records now have an editable form for metadata
Ports and protocols to FedRAMP SSP Export

Changed

Moved up Risk Dashboard toggle button
Bug Fix: Duplicate components can no longer be added for an asset
Bug Fix: Security Controls paging now works correctly in list views
Bug Fix: Add New user button now works correctly
Group names are now editable
Tech Debt: Refactored group service and improved security
Bug Fix: Fixed issue with loading Categorization profiles
Bug Fix: Improved validation for creating implementation options on a security control

[4.15.1] - 2023-02-03

Added

Control Owner added to Security Plan Mega API
Improvements to subsystem intra-system navigation
Support for linking issues to Microsoft Defender for Cloud
Pagination to Classified Record Subsystem
Added risk and issue drilldown to the Status Boards

Changed

Tech Debt: Angular 15 upgrade along with multiple NPM package updates, security patching
Bug Fix: Fixed issue where sometimes the spinner would not load or dismiss
Bug Fix: Fixed periodic rendering issues with the Time Travel system
Bug Fix: Removed Date Created column on Service Account queries
Bug Fix: Back arrow now works on navigation strip for control implementations
Bug Fix: FedRAMP and eMASS exports now only show on the appropriate modules
Bug Fix: Security Plan print and Transformer now working properly
Bug Fix: Paging now works properly on Classification
Bug Fix: References field now properly displays on Security Controls

[4.15.0] - 2023-02-02

Added

Support for Rocky Linux containers
FedRAMP Export to Word SSP (BETA)
"Archived" as a status for Control Implementations
Unified Subsystem UI for easier navigation between systems

Changed

Bug Fix: Fixed issues exporting OSCAL related to Time Travel
Bug Fix: Added server side validation to the license key
Bug Fix: Risk tabs now show the correct related modules
Bug Fix: All related tabs now properly check for duplicates
Bug Fix: All related tabs have been refactored to work with the Read Only toggle
Security: Disabled password reset and password change for AD/LDAP users
Implementation options are now set at the control level v/s the objective level
Security: Removed Bearer token from the UI, no longer displays
Bug Fix: Pagination now works properly with multiple grids on the same page
Bug Fix: Fixed edge cases where Time Travel was not rendering properly

[4.14.0] - 2023-01-25

Added

New Inheritance Engine supporting many to many architecture

Changed

Bug Fix: Charts now format properly on the security plan print form
Bug Fix: Recurrence engine now works properly for assessments
Bug Fix: My Activity now formats and pulls data correctly
Bug Fix: Expiration date now displays properly for Interconnects
Bug Fix: Components mapping now shows valid security plans in the picklist
Bug Fix: Lineage tab now properly pulls all Inheritance data
Bug Fix: History system now properly records all view events
Enhancement: Improved documentation linking system
Enhancement: Explorer is now more resilient to data issues and renders properly

[4.13.0] - 2023-01-18

Added

OSCAL - supports "by-component" markings on SSP controls now
Refresh button for notifications
Upgraded all .NET Core SDK and Nuget packages to .NET 7
Completed major UI redesign
Refactored forms and list views to reduce duplicate code and improve quality
Added server side auditing to all records in RegScale
Added support for Azure Key Vault for SaaS secrets
Added higher performance Role Based Access Control (RBAC) on the server side
Added Properties subsystem
Added stricter validation to server side for ParentId and ParentModule to support API integrations
Added method for purging logs (used by the CLI) and improved indexing on Log queries
Expanded Exceptions module - added Technical POC, Risk Analysis, and Mitigations to the form
Read-only views for all modules; ability to toggle into Edit view
Expanded response plan fields/data in support of the Incident Response module
New References system to support FedRAMP use cases
Security Plans - added Purpose and Conditions of Approval
New risk fields to support automated FedRAMP exports
New threat fields to support automated FedRAMP exports
FedRAMP methodology fields to Continuous Monitoring
Significantly expanded the assessment module to support larger scale audit needs
Team system for tracking teams and points of contacts for various applicable modules
Milestone system added for tracking key dates on projects, assessments, issues, etc.
Conditions system added for tracking assumptions, deviations, and constraints
GraphQL system for dynamic data querying
Tools system added for conducting assessments with automation (supports FedRAMP)

Changed

Bug Fix: Modals on reports are now formatted properly
Bug Fix: Catalogs no longer duplicate subsystems in the JSON export (50% file size reduction)
Updated End User License Agreements (Enterprise and Community)
Transformer feature is now hidden when no mappings exist
Bug Fix: Transformer modal for mapping now properly maintains state, eliminated duplicate code
Bug Fix: Transformer now properly renders on the Security Plan printable form
Modal styling improved throughout the app
Bug Fix: Risk Assessment Wizard now properly resets all fields when creating new
Bug Fix: Component Mappings now checks for duplicates
Bug Fix: Improved validation for the assessment result
Bug Fix: Relationship modal issues are now fixed
Bug Fix: Database seeding now properly timestamps tenant creation
Bug Fix: Incident module now appropriately disables in the App menu without role
Removed subscription/poller that updated notifications to improve application performance
Removed support for Windows container builds, now Linux only
Bug Fix: Fixed security setting blocking Azure AD SSO popup window
Improved alert system styling while adding ability to dismiss
Multiple performance optimizations for list views
Bug Fix: Control Implementation API - QuickUpdate now works in Swagger
Bug Fix: RBAC checks now enforced on Delete operations
Dramatically improved performance for cascade delete operations
Bug Fix: Improved the ability to delete (cascading) records throughout the system with higher efficiency
Refactored print services for better quality of reporting
Bug Fix: Fixed multiple errors with missing/incorrect links in emails
Optimized dashboard rendering and toggling between years
Expanded responsibility list for controls to meet FedRAMP requirements
Cutover links to new documentation system at README.io
Added warning when creating custom fields that they cannot be deleted
Redesigned dashboard UI
Improved performance of backend calls to minimize network traffic
Security patching and upgrades of all .NET Nuget and NPM packages to the latest versions
Updated process for publishing Helm charts
Improved build times for CI/CD pipeline, cleaned up legacy code
Improved logging and checks for startup environment variables

[4.12.2] - 2022-11-29

Added

Changed

Hot Fix: SSO login fix

[4.12.1] - 2022-11-11

Added

Improve Azure Object storage support
SBOM generation added to CI/CD pipeline

Changed

Removed all legacy Sentry.io monitoring code (using Datadog for SaaS)
Bug Fix: Resolved security control preventing OSCAL download
Removed OSCAL validation from RegScale code, now done by CLI
Updated Kubernetes managed service installation instructions
Bug Fix: Causal analysis now displays properly in the Explorer
Security: Patching of NPM vulnerabilities (fixed critical)

[4.12.0] - 2022-11-02

Added

Added support for Microsoft Defender via CLI/APIs
Software Inventory Tracking
Many additional fields for asset tracking
Added support Azure blob/object storage
Added Datadog Application Performance Monitoring (APM) for SaaS
API for filtering issues by integration type
Added support for Software Bill of Materials (SBOM)
PrettyJSON print functionality with dark mode
Security.txt record for security researchers to contact RegScale for vulnerabilities (https://securitytxt.org/)

Changed

Patched Kendo libraries, Angular, TypeScript, and other libraries
Bug Fix: Fixed catalog spinner not disappearing when import is completed
Security: restricted sensitive API calls
Security: Enabled Content-Security-Policy
Tech Debt: Stored CSS files locally to prevent need for internet access
Removed Google Maps feature - now supported via external Business Intelligence reporting
Refactored System Configuration UI
Bug Fix: corrected issue where Tenant ID may not be properly set for a new user in a tenant
Security: added server side checking for User Profile edits to prevent account spoofing
Security: comment metadata is now set server side
Security: Limited LDAP logging to avoid exposing sensitive information
Performance: Improved indexing for returning logs in the admin panel

[4.11.0] - 2022-10-22

Added

Increased logic, cascading, and logging for deleting security plans
New APIs to support the Reminder CLI
OSCAL: SSP Export upgraded to support 1.0.4 version
OSCAL: Added support for exporting inventory
OSCAL: Now exports all SSP properties
OSCAL: Comments are now exported as remarks
OSCAL: Attachments and links are now exported as links
OSCAL: Objectives are now exported as statements
OSCAL: Added generic method to export all properties of an object in OSCAL format, enriched data in the export
OSCAL: Added specific validators to prevent errors in the export

Changed

License check is now performed pre-login
Bug Fix: Fixed legacy Atlasity tag on email notifications
Improved performance of bulk deletes on subsystem records
Bug Fix: Security profile importer now has the correct label
Bug Fix: Categorization no longer shows the toolbar options (print, email, etc.)
Security Patching: Nuget and NPM

[4.10.1] - 2022-10-16

Added

Changed

Bug Fix: Routing for risk assessment wizard
Bug Fix: Parent linkage for risk assessment wizard
Enhancement: Improved risks assessment UI when no controls are available

[4.10.0] - 2022-10-15

Added

Risk Assessment Wizard
Reminder APIs to support the CLI
OSCAL Version 1.0.4 enriched for SSP model

Changed

Patched Telerik libraries with latest upgrades and bug fixes.
Added timer and progress spinner to catalog upload (useful for long uploads (i.e. for 800-53))
Bug Fix: properly redirects after login
Security: Password reset must always be done server side now.

[4.9.2] - 2022-10-02

Added

Billing/Utilization system
Improved error handling for file uploads
Task reporting

Changed

Added way to revert inherited controls back to a default status if done by mistake
Archived controls can now be found when looking up a control implementation's parent security control
Time Travel system now removes HTML tags and properly formats text for display to the user
Bug Fix: Kanban now properly resets status when moving from "Closed" to "In Progress"
Group list is now sorted alphabetically and permissions were relaxed for READ operations
Workflow: Selecting a workflow now auto-closes the modal in the subsystem

[4.9.1] - 2022-09-26

Added

New assessment reporting

Changed

Bug Fix: Password buttons are now hidden for AD/LDAP users
Bug Fix: Filter tasks now works properly on the list view

[4.9.0] - 2022-09-25

Added

Access Logs added to User Admin Panel
AD/LDAP Distinguished Name is now inferred v/s explicitly set on login (supporting a wider variety of configurations)
Centralized Avatar component used throughout the application
Security Plan Mega API to pull all details and pre-format for processing
Additional details now print on the Security Plan:
- Objectives
- Parameters
- Attachments
- Comments
- Links

Changed

Added ID tags to all home page elements to support automated E2E testing
Added default alert if a user logs in without any roles assigned
Bug Fix: Tweaked alerts for creating System Admininstrator in the Admin Panel

[4.8.3] - 2022-09-22

Added

Password complexity component to centralize business logic
New multi-tenant management experience
Distinguished Name field for customizing AD/LDAP sync functionality

Changed

Bug Fix: Tenant manager now redirects properly to the Admin form for new tenant setup
Improved formatting/spacing for license info

[4.8.2] - 2022-09-19

Added

Now able to enable/disable the email feature in RegScale
Copy component - for easily copying and pasting info to the clipboard

Changed

Improved error handling for detecting invalid or malformed JSON uploads for a catalog or profile
Bug Fix: Now prevent Chrome autofills on Email form
Security Enhancement: All email now requires authorization to send
Bug Fix: Catalogs now correctly set the UUID
Enhancement: Added fallback to try and find a control by ID when importing a profile (more resilient)

[4.8.1] - 2022-09-12

Added

Ports and Protocols tab to Interconnects
Increased SQL Timeout for Long Running Jobs
Ability to edit links
Refactored security plan print to pull more data

Changed

Bug Fix: Fixed minor formatting issues on Look Ahead and New Form Cockpit
Minor color and styling tweaks throughout the application for issues
Enhancements: Inheritance now only displays security plans for selection with one or more inheritable controls
Mnor improvements to fonts/styling throughout the application
Bug Fix: Continuous Monitoring now logs properly to history
Bug Fix: Login "admin" check is no longer case sensitive
Tenant form now defaults to the User view in the IAM panel

[4.8.0] - 2022-09-05

Added

Support for Exporting/Importing Profiles via OSCAL in RegScale
Redesigned Master Assessment/Continuous Monitoring System
Improved UX for managing Users
Gantt Chart - now supports toggling for a List View
Added new risk fields - Title/Unique ID and Risk Tier
API for retrieving license info (used by RegScale-CLI)
Login now captures history of logins by users
Added a guided/interactive walkthrough for Admins to setup RegScale
Added a Setup panel for Admins to guide progress for initial system setup
Refactored catalog upload to be more performant and resilient for large catalogs (i.e. 800-53)
Spinner added to Logs page when looking through large amounts of data
AD/LDAP Sync now shows directory attributes to assist in mapping, refactored and improved UX
Added ability to deactive/delete all AD/LDAP users for the Global Admin account
Lightning assessments now prompt you to create tests if none exist

Changed

Bug Fix: RMF mapping features are now properly locked to enterprise
Bug Fix: Service accounts no longer show in the User Role assignment list
Bug Fix: Bulk editing security controls now works properly
Bug Fix: Inherited controls now properly show in the wizard for security plans
Bug Fix: Added try/loopback logic on catalogs (avoids intermittent network errors on very large catalog uploads)
Bug Fix: Master catalogs are now locked to Enterprise Edition
Bug Fix: Mapping conversion panel now dismisses the modal
Bug Fix: Notifications can now be properly disabled in the Admin panel
Bug Fix: Modal for AD/LDAP sync now renders properly
Bug Fix: Tested and fixed all catalog import/exports
Bug Fix: OSCAL Profile exports now work properly
Consolidated all export functionality to simplify code
Added Excel export option to tables in reports
Improved design of headers within the Admin panels
Components can now use the Continuous Monitoring feature

[4.7.2] - 2022-08-28

Added

Admins now have the ability to manually change a user's password

Changed

Bug Fix: AD/LDAP sync now properly shows/hides based on enabling/disabling the feature
Bug Fix: Administrators can no longer change other user's profile pictures
Bug Fix: Several options for configuration now properly disabled for the Global Admin account
Bug Fix: Categorization header on the modal now formats properly

[4.7.1] - 2022-08-24

Added

Changed

Inheritance engine now only allows inheritance of Security Plan controls that are flagged as inheritable
Bug Fix: Navigation panel now properly pulls the correct controls in all situations

[4.7.0] - 2022-08-23

Added

Inheritance Engine
Lineage Tab now shows inheritance info

Changed

User ID is now copyable to the clipboard on the User Profile
Replaced Bootstrap Modals with Angular Material
Multiple minor enhancements to reporting
Fixed bug with strange characters sometimes showing in Kendo UI
Added CISA KEV as a Threat Type
Bug Fix: Project builder now properly links to profiles
Bug Fix: CMMC fields now properly show/hide
Bug Fix: Fixed periodic errors fetching a user ID

[4.6.1] - 2022-08-12

Added

Ability to delete Custom Reports on List Views
Added multiple new reports for Issues/POAMs
Added support for Red Hat Universal Base Image (UBI) containers for RegScale
Added support for publishing RegScale containers to Amazon Container Registry
Redesigned Look Ahead system on the main dashboard
Added Azure Sentinel SIEM/SOAR monitoring for managed service customers

Changed

Issue Report by Date Range - can now show/hide details
Refactored list views to remove unnecessary services
Bug Fix: Drilldown for assessments, issues, and risks on the Status Boards now pulls all data regardless of what level it is stored
Bug Fix: Categorizations can now be properly exported
Refactored reports based on customer feedback, added minor new features

[4.6.0] - 2022-08-02

Added

Categorization Engine MVP
News Feed Redesign for the Main Dashboard
eMASS Exports

Changed

Added custom icons for the modules in the navigation menu
Added missing module toggles for Components and Catalogues
License check now trims whitespace to avoid copy/paste errors
Bug Fix: Fixed issue with non-OSCAL naming convention not showing objectives
Bug Fix: Made "Name" a database required field for Security Profiles
Bug Fix: Icons now load correctly without a 3rd party pre-loading NPM package
Bug Fix: Assessment charts now render correctly on list views
Bug Fix: Supply Chain Status Board - chart rendering issue
Bug Fix: Replatformed icons to remove NPM package and work with Angular 14
Bug Fix: Fixed search on Requirements Navigation Bar

[4.5.1] - 2022-07-07

Added

Improved Control Status visualization across Status Boards and Scorecard
Ability to describe the mitigation type for a control for a risk (Key Control or Compensating Control)
Master Assessment now allows the user to select specific controls to assess in support of continuous monitoring programs
Status Boards now pull deep-linked issues and risks for a more complete compliance picture (matching the Scorecards)
Optimized startup file configuration
MVP of Risk Status Board

Changed

Fixed coloring on Status Board aggregate view for control status
Bug Fix: Security controls can now be edited
Bug Fix: Wrapped Serilog in try/catch to ensure it doesn't block new installation startup
Renamed Master Assessments to Continuous Monitoring
Refactored status board logic to be more efficiently rendered, multiple minor bug fixes
Consolidated SSP and Component status boards into one
Consolidated compliance scoring for status boards and score cards
Master Assessments now can be scheduled for components
Added Draft as a Risk status
Added Validation to do NULL checks on strings

[4.4.4] - 2022-06-22

Added

Now supports dynamic OSCAL content authoriing for objectives and parameters
Parameters now inherit from their parent catalog
Added advanced logging support via Serilog
Added support for parsing and dynamically updating OSCAL parameters in the control implementation module
Added SignalR for real-time communications on notifications (removed polling)
Added Route Titles in Angular
Addded Logs tab to the Admin panel to improve Customer Support experience
Added notification toast when classification options are saved/removed
Added a new "toast" system for notifications using Angular Material
Deep linking to Jira tickets for Issues/POAMs
Component name now shows on control implementation list view
Database rearchitecture in Entity Framework to allow multiple database support
ServiceNow integration
"Inherited" option for a Control Implementation status

Changed

Bug Fix: Page now refreshes after editing license key
Username and password are now trimmed of whitespace to avoid paste errors
System service-account no longer shows in the user list
Fixed CSS on user role tables
Bug Fix: can now create a component from a SSP
Implemented AsNoTracking on all read queries to improve query performance against the database
Removed legacy logging system
Removed blank status option for Requirements
Bug Fix: Controls can no longer be added as children to Assets (only to their parent Components)
Suppressed false errors on Angular build
Removed legacy Jira code (now bulk processes in CLI)
Refactored to fix FirstOrDefault inconsistency bug
Assessment buttons now intelligently show/hide based on the state of the form (isDirty)
Fixed critical alerts from Sonarqube
Security Plan Status Board now properly reflects all status options for a Control
Bug Fix: Progress calculation on control navigation strip now excludes NA and Inherited from total

[4.3.0] - 2022-06-05

Added

Deep linking for Wiz.io issues in RegScale
Enhanced container error logging for LDAP issues
Control navigation bar in the Control Implementation and Requirements forms
New Assessment and Naviations System UX for Controls/Requirements
Added support for AWS Simple Email Service (SES)
Added mouse hover effect for Status Board links
Angular 14 upgrade
Ugraded CI/CD deployment process - removed legacy pipeline files
ServiceNow Integration for Incidents

Changed

Improved signaling for Volpe integration (better handles errors on Volpe side)
Improved threat data validation
Security Plan Print - now shows additional parent control fields
Security hardening, patching, and remediation from penetration tests
Added a spinner to the Password Reset to visualize progress
Bug Fix: Multiple drilldown issues fixed on Status Boards
Bug Fix: Component to Asset mapping is now fully bi-directional
Security: All Nuget .NET packages patched and updated
Removed legacy/inefficient AI code
Security: NPM upgrades/patching of packages
Caching bug fixes on tenant form
Bug Fix: Data Call - fixed missing toasts
Bug Fix: Security Controls - Control ID is now sortable

[4.2.0] - 2022-05-30

Added

Deep linking URLs to support SSO use cases
eMASS fields added to the risk form
Risks and Issues can now be tightly related for improved risk modeling
Risks and Incidents can now be tightly related for improved risk modeling
Risks and Threats can now be tightly related for improved risk modeling
Modules now have a label tag in the Compliance Cockpit for ease of module identification
Threats - now have a "Date Resolved" field
Compliance cockpit now has a tooltip showing the full title for longer length titles

Changed

Bug Fix: Interconnects modules now display correctly
Interconnect form - conditionally shows red asterisks for date fields
Security Plan form - conditionally shows red asterisks for date fields
Risk from - conditionally shows red asterisks for date fields
Security - Password reset token can now be used only once (formerly were good for 24 hours - now will expire in 24 hours or upon first use)
Enhanced formatting of Compliance Cockpit
Added a tooltip to Transformer to explain "Master" catalog
Incidents module now has a new Forensic tab
Threat module has a new Analysis and Mitigations tab
Risks - "Mitigation Effectiveness" is now a required field

[4.1.2] - 2022-05-26

Added

Changed

Bug Fix: Objective options now save and refresh correctly
Bug Fix: Avatars now can be changed without refreshing the page

[4.1.1] - 2022-05-25

Added

Enhancements to Issue Reporting

Changed

Bug Fix: Report page renders properly
Bug Fix: SPRS drilldown on View link

[4.1.0] - 2022-05-23

Added

Enhancements to Toast System
Enhanced Custom Field validation
Assets can now be mapped to many components
Components can now be created stand-alone (not required to be a child of a security plan)
Components can now be mapped to many security plans
Can now load default tests from the catalog into control implementation tests (templates from the catalog to feed Lightning Assessments)
Added spinners when building artifacts using the Builder Wizards to show progress
Objectives tab on control implementations now shows/hides based on parent catalog
New top navigation system to better organize modules
Unit testing framework to support automated testing
Wiz integration for Assets
Report - Issues by Time Range - query and see status of closing issues/POAMs due in a given time range, grouped by issue owner
Explorer now shows the Level flag for better visual indication of the tiering
Added logging and spinners to better show progress when importing and deleting catalogs

Changed

Bug Fix: Can now add Assets to Components
Bug Fix: Asset mapping APIs are no longer hidden
Profile mapping engine now shows IDs of the parent catalogue
Bug Fix: Fixed intermittent bugs on Component and Project Builder Wizards
Refactored assessment services for performance optimization
Bug Fix: Fixed naming convention on Excel download files
Trivy was added to the container build as a second vulnerability scanner for defense in depth
Startup file was refactored to be more efficient on launching the application
Improved logging to detect intermittent upload errors with catalogs
Bug Fix: Avatars render properly on user admin forms
Bug Fix: Added null check for custom fields on security control form
Bug Fix: Subsystems now show properly on security control forms
Bug Fix: Catalog export now excludes archived controls

[4.0.3] - 2022-05-11

Added

Changed

Bug Fix: Removed Avatars on Excel downloads
Bug Fix: Improved error handling for catalog uploads
Bug Fix: Corrected intermittent issues with custom fields

[4.0.2] - 2022-05-10

Added

Changed

Fixed POAM tab not showing
Improved RBAC logging for access control issues

[4.0.1] - 2022-05-09

Added

Changed

Improved hide/close button on builders (always shows)
Questionnaires now have a BETA tag
Cleaned up legacy Print, Email, and Export code
Bug Fix: Errors on Project Builder
Build optimizations on backend
Supply Chain tables now sort correctly by Title
Create New stakeholder button now shows/hides when displaying the data entry form
Updated SPRS Report CMMC Links
Password confirmation now supports additional special characters
OSCAL download now working correctly
Bug Fix: Fixed error where numbers were sometimes converted to dates by the Time Travel system

[4.0.0] - 2022-05-08

Added

Redesign of the Compliance Cockpit and RegScale form system
NGRX for client side caching and extreme front-end performance improvements
Updated Support Links to the new RegScale Hubspot system
Component Builder

Changed

Refactored all Builder code
QA: Added validation to Supply Chain cost fields (contract value, funded amount, and actual costs)
Reordered case management form to be more logical for data entry
Fixed user button label
Various minor bug fixes from Sonarqube
Section 508 improvements
Minor bug fixes and enhancements throughout the application
Updated and improved icons and styling
Date check bug fixes throughout the forms

[3.13.0] - 2022-04-25

Added

Catalog import/export now include child tables
API to retrieve a specific service account
API to rename a system security plan
Integrations for Security Plans with Wiz Projects, ServiceNow Assignment Groups, Jira Projects, and Tenable Asset Groups

Changed

Bug Fix: Printable version of control implementation now works
Updated verbiage in the Time Travel system
Control tests can now be batch created
Scorecards are now properly locked to Enterprise Edition customers
CSS: Explorer now shows link cursor for child items
Rebased to master to pickup CI/CD changes
Bug Fix: Transformer mappings now work properly on the security plan print form

[3.12.0] - 2022-04-20

Added

Added ability to exclude components from SPRS report
Added account lockout features (5 bad passwords disables the account)
Added a Close button for the Explorer modal

Changed

Bug Fix: Subsystems now show correctly on control implementation form
Bug Fix: Prevented API calls that were throwing errors when unauthenticated
Bug Fix: Can now delete tasks from the Kanban board
Bug Fix: Control Implementations now render properly for emails
Bug Fix: Added validation for Draft issue status
Bug Fix: Security Plan Print now works properly

[3.11.1] - 2022-04-19

Added

Changed

Hot Fix: License count now calculates correctly on login

[3.11.0] - 2022-04-18

Added

SPRS Rollup Report available for NIST 800-171 (rolls up score for SSP and all child components)
Control Implementation - Navigation buttons now check for changes before allowing navigation away from the page (Next and Previous buttons)
Added Mediatr pattern for improved testability of C# code
Catalog Import/Export now processes child records of the security control (objectives, parameters, tests, CCIs)

Changed

Bug Fix: Fixed View Model for Control Implementations - dramatically reduced data query size
Controller optimization for improved API performance at scale
Bug Fix: Gantt chart queries now execute exponentially faster
Bug Fix: Gantt chart hidden for new records
Bug Fix: License key generator fixed after Node.js patch
Bug Fix: System configuration now listens for license key changes and updates after saving

[3.10.0] - 2022-04-13

Added

Added support for DISA CCIs to support STIG scanners
Added support for classification banners in the header/footer of the application

Changed

Bug Fix: Licensed user count no longer counts deactivated users
Exceeding licensed user count no longer prevents login, just throws a warning

[3.9.0] - 2022-04-10

Added

Added Cancel button when editing RegScale system configuration
Added Parts to Objectives to support OSCAL modeling
Added Parameter Types to Security Controls (extension to OSCAL for improved automation)
Added Parent Parameter to Control Implementation parameters (allowing inheritance from a catalog's parameters to better align with OSCAL)
Added API to retrieve all Objectives for a given catalog

Changed

Bug Fix: Corrected issue with generating new license keys after patching CryptoES
Bug Fix: "Other ID" on Control Objective is no longer required
Bug Fix: Removed datetime checks on required fields in C#, removed compiler warnings
Bug Fix: Fixed loop logic in ApplyProfile C# API
Bug Fix: Security Control subsystems now listen for changes when navigating
Improved formatting and labeling of security control objectives

[3.8.0] - 2022-04-06

Added

API for applying Security Profiles via API
Extended Issues/POAMs module to support all FedRAMP fields
Added support for the CISO Known Vulnerability Exploits feed

Changed

Bug Fix: Inheritance of objectives on the SPRS report is fixed

[3.7.4] - 2022-04-04

Added

Changed

Security Plans now hide Gantt Chart and Ports/Protocol tabs until the record is saved
Refactored security plan builder to work more efficiently and consistently, removed redundant code
Builders: View profile links now work properly and open in a new tab
Builders: Now close consistently after clicking finish
Added server side validation for Case management status/date resolved

[3.7.3] - 2022-04-02

Added

Changed

Bug Fix: Control implementations now search properly in the Relationship module
Bug Fix: Multiple enhancements to the SPRS report

[3.7.2] - 2022-03-30

Added

Security - forced patching of the base image prior to initial build

Changed

Minor bug fixes to builders
Changing an Implementation Option now changes the status of all related Objective option selections
Bug Fix: Component Statusboard now pulls issues from all levels
Tweaked CI/CD build and release files
Minor Sonarqube bug fixes

[3.7.0] - 2022-03-28

Added

New UX for builders for:
- Policies
- Security Plans
- Supply Chain
- Projects
Added Sonarqube Cloud source code scanning
Added additional fields to the user object:
- ExternalId - for syncing with external accounts (i.e. Active Directory)
- DateCreated
- LastLoginDate
- Read-Only Flag
Improved User Experience for Scorecard

Changed

Cleaned up CI/CD pipeline files
Added API to pull a simple list of user accounts (with no sensitive data)
Removed legacy Cypress testing to reduce file size of the build
Added API to support bulk syncing of Azure AD groups

[3.6.2] - 2022-03-16

Added

Views can now be toggled between SSP and Component on the SPRS Report for NIST 800-171

Changed

Toggle now available to show objectives in a printable form for each control on the SPRS Report for NIST 800-171

[3.6.1] - 2022-03-14

Added

SPRS Report - bug fixes and added logging to show missing objectives

Changed

Created View/Create models to simplify the APIs for creating and updating Profile Mappings
Bug Fixes: Minor tweaks to Component Dashboards and Gantt charts
Bug Fixes: Profile mapping not showing in the API list

[3.6.0] - 2022-03-10

Added

Subsystem redesign of the UX
New SPRS scoring report for NIST 800-171
Categorization functionality to RegScale to better support control selection for overlays
Issue Gantt chart functionality for visualizing issues/corrective actions
Component Dashboard

Changed

Bug Fix: Fixed security plan builder issue where some controls improperly showed redundant
Bug Fix: Comment alerts on delete are more intuitive.
Bug Fix: Link alerts on delete are more intuitive.
Bug Fix: Comment alerts now work on creating a new comment.
Bug Fix: File system deletion alerts are now green v/s red on success.
Bug Fix: Subsystem now hides until loaded.
Bug Fix: Classified records now wrap properly in the subsystem.
Fixed rebasing issues across branches

[3.5.0] - 2022-02-24

Added

Aggregate APIs for pulling bulk data visualizations in external data visualization tools
Explorer now auto-expands the current record and shows/hides the sneak peek if you are already on the record
Requirement form now shows the parent control if it exists in the Regulations tab
Component Status Board
Lineage and deep linking added for Assessments and Risks (previously just on issues)
Aggregate queries added for external data visualization

Changed

Bug Fix: Main dashboard for security plans now loads with no data (checks for null first)
Bug Fix: LGPL license now points to RegScale
Bug Fix: Form labels now display correctly for change password, password reset, and confirmation pages
Bug Fix: Added validation to prevent the maximum length of a Requirement title from being exceeded
Requirement form reorganized to show/hide fields based on whether it has a parent control
Bug Fix: Child issues and assessments now showing correctly on the Policy Status Board

[3.4.2] - 2022-02-17

Added

Added UUID info for the user on the workbench
Reformatted user profile page

Changed

Hotfix: Issue External ID queries refactored for non-null set
Bug Fix: Spinner updated for OSCAL export for security plans
Bug Fix: CSS styling on Workbench

[3.4.1] - 2022-02-16

Added

Changed

Hotfix: Issue External ID queries refactored for null set

[3.4.0] - 2022-02-15

Added

Improved user caching to make more consistent
New dashboards/home page design
Ability to link issues to multiple records/tiers for ease for querying and reporting
Issues can now be related at multiple layers for ease of querying/reporting, to include:
- Control Implementations
- Assessments
- Requirements
- Security Plans
- Projects
- Supply Chain
- Policies
- Components
- Incidents
Added a bulk processor API to issues to allow the RegScale CLI to do bulk conversions for customers with legacy data
Project, Security Plan, Supply Chain, and Policy Status Boards redesigned and improved UX

Changed

Subsystems - close button made smaller and moved to the top to avoid visual confusion with Save button
Time Travel UX refactored to work better in a modal view
All Find by "External ID" APIs on issues now return multiple records instead of a single (Prisma, Wiz, ServiceNow, and Jira)
Added method to show plural name of modules in the Module Service
Improved Login styling
Bug Fix: Fixed issue where spinner would sometimes not dismiss on session timeout from the login page
Bug Fix: Parent ID and Module now passes correctly to the new record creator
Bug Fix: Editing security controls now works properly
Bug Fix: Catalogs now corectly display metadata
NPM package updates for vulnerabilities
Fixed footer links to point to RegScale.com and updated EULAs and Privacy Policy

[3.3.1] - 2022-01-25

Added

Kanban view optimized to be in a modal view

Changed

Added configuration to slow down monitoring endpoints
Removed legacy Cucumber testing tags on the List Views
Bug Fix: Lightning Assessment sliders now work again
Bug Fix: Kanban drag and drop now works correctly/consistently

[3.3.0] - 2022-01-23

Added

Copy token button added to user profile
Health monitoring system added for RegScale
Add multiple new layers to the Security Control model for OSCAL to improve the UX:
- Implementation Options
- Test Plans
- Control Objectives/Enhancements
- Parameters
Added spinner to Transformer to show that it is still processing for larger data loads
Objectives can now be assessed at the control implementation level
Added the ability to categorize risk through various lenses
Added support for Risk Trending
Added level of effort for Tasks and Issues to help with resource loading
Added CMMC Asset category to components and assets

Changed

Bug Fix: errors with date filters pulling on the dashboards
All dashboards are now driven by a year selection
Added more options for Security Plan and Control Implementation Status
Bug Fix: Requirements and Security Controls now parsed correctly in Explorer
Bug Fix: Subsystem Reload after Save
Bug Fix: Health check stylesheet now served properly within a container deployment
Classification levels can now be archived from the List View
Ports and Protocols: default end port to be the same as the start port
Changes to ports and protocols now are logged in history
SSP OSCAL export now provides more control implementation metadata

[3.2.0] - 2022-01-04

Added

TreeView visualization to Explorer - accordion expansion
Volpe Threat Modeling Integration - MVP 1

Changed

Bug Fix: Formatting on system configuration
Changed favicon to new RegScale logo
Optimized all images for faster browser loading

[3.1.1] - 2021-12-23

Changed

Bug Fix: Fixed .NET Core bug with IIS 6

[3.1.0] - 2021-12-19

Added

Added support for Volpe Risk Modeling integration
History table is now sortable and filterable
Drilldown is now available on all charts

Changed

Bug Fix: Fixed formatting on Lightning Assessment Header
Bug Fix: Eliminated security risk on password reset
Improved visualization, sorting, and filtering on My Activity and the News Feed
Improved button layout for user management
Email service improved with better logging/validation

[3.0.6] - 2021-12-13

Changed

Bug Fix: .NET Core Optimizations

[3.0.5] - 2021-12-10

Changed

Bug Fix: Removed legacy wait-for-it script, made SQL startup more resilient

[3.0.4] - 2021-12-10

Changed

Bug Fix: Bash optimization for multi-stage build

[3.0.3] - 2021-12-10

Changed

Bug Fix: Added bash back to the Linux container

[3.0.2] - 2021-12-10

Changed

Bug Fix: Permission error on wait for it.sh file

[3.0.1] - 2021-12-08

Changed

.NET Core Version 6 upgrade including all Nuget packages
Container hardening and upgrades

[3.0.0] - 2021-12-05

Added

Rebranded from Atlasity -> RegScale
New form system design with three columns and floating toolbar
Tenable.sc integration
Jira integration
Ability to model control implementations by responsibility (i.e. provider, customer, shared)
New Overall/Master dashboard for home page
Requirements now support Lightning Assessments
Scorecard now implemented for Projects, Supply Chain, Components, and Policies
Angular 13 upgrade
Loading spinnners added for sending emails
Security Controls can now be exported
Add labels to drill down charts on the List Views
Added links to online documentation
Header to dashboard

Changed

Improved the loading spinner implementation when fetching data
Dashboard filters can now be toggled on/off
Security Plan status board now has tabs to toggle between individual and aggregate views
Bug Fix: Fixed issue with incorrect lookup of catalog title on Transformer
Bug Fix: Copying a requirement no longer copies last assessment result
Bug Fix: Policy Status Board now calculates 'Not Assessed' status correctly
Bug Fix: Service Accounts are now properly locked as an Enterprise feature
Supply chain module can now track actual costs
Project module can now track actual finish date
All spinners are now consistently styled
Removed legacy PWA code
Refactored to remove a large amount of redundant code
Profile mapping moved into a tab v/s subsystem
History visualization now shows by default and has labels
Cause Code Tree is now in its own tab
Upgraded Kendo UI for Angular packages to the latest
Security patching of NPM packages
Bug fix on Requirement controller
Updated routing to allow for more efficient copying
Profile Mapping User Experience enhanced
Fixed periodic rendering issues on history visualization
Swagger API cutover to RegScale branding - no impact to customer integrations/routes
Bug Fix: Fixed RBAC errors on default settings (parent inheritance working again)
All Builders/Wizards have the UI/UX refactored
Scorecard now defaults to showing open issues v/s total
Bug Fix: eliminated double API calls to the subsystem
Bug Fix: requirement module now correctly pulls control tests

[2.4.0] - 2021-10-11

Added

Enriched data model for Catalog OSCAL export
Supports namespaces for OSCAL
Ports and protocol support added for Assets, Components, and Security Plans
Azure Active Directory (AD) Single Sign On (SSO) Support
Integration dashboard for improved ease in managing integrations
Added ability to generate Personal Access Tokens (PATs) to support Service Accounts that can be leveraged for API automation
Added integration with MITRE Security Automation Framework (SAF) via Inspec/STIG profiles using OSCAL
Indicators to grids to better indicate sorting functionality
Master assessments now allow you to visualize the individual assessments that make up the overall score
Added support to generate OSCAL SAP/SAR documents from Atlasity assessments
Improved dashboard visualizations including stacked bar charts
Profiles now display info for Control Ids and and Catalogs

Changed

Bug Fix: Check for null on Login Banner
Bug Fix: OSCAL Security Plan export handles null dates
Bug Fix: OSCAL Catalog export handles null dates
Lightened N/A CSS on the Security Plan Scorecard
Bug Fix: Fixed memory leak to unsubscribe on notifications
Replaced Chart.js with Telerik Charts - improved UI
Replaced eCharts pie charts with Telerik Charts - improved UI
Improved UI for Security Plan Print - added Catalog data
Improved UI for Security Scorecard - added Catalog data
Added "Automation" fields to assessments to support OSCAL and integrations
Improved labeling around risks
Bug Fix: Control Id is now sortable
Default styling changed for form focus
Workbench impersonation renamed
Custom fields now show a default view when no fields
Bug Fix: Some fields were not sorting correctly and have been fixed
Bug Fix: Copy security control did not copy control type
Bug Fix: Deactivated users can no longer log in
Moved custom fields to a tab on the component form
Custom fields all moved into the tabbed interface
Bug Fix: Copy security control did not copy control type
Bug Fix: Catalog print now correctly displays all controls
Back button only prompts warning if data has changed (form is dirty)
Login now redirects to the dashboard as the Home page
Bug Fix: Control implementation sorting now works in the grids
Security: Added a flag to allow the warning banner to be bypassed for security scans

[2.3.0] - 2021-09-12

Added

Validation to .NET controllers and simplified Create/Update APIs
Security profiles can now be printed and emailed
Added Login Banner capability that can be customized by tenant
Added Privacy Police notice to the footer of the application

Changed

Removed ElasticSearch integration
Added ability to toggle on Sentry.io monitoring with an environment variable for .NET Core
Removed Angular Sentry.io monitoring (not useful)
Bug Fix: Workflow enabled for cases
Bug Fix: Notification link now works for questionnaires
Bug Fix: Pivot table visualization works for cases
Bug Fix: Toasts now correct when creating a new organization
Bug Fix: Component print and email now works

[2.2.3] - 2021-08-31

Added

Integration fields for issues (JIRA, ServiceNow, Wiz, Prisma)
Classification subsystem
New tenant auto-seeds picklist metadata
Indexing for Relationships module to improve performance
Indexing for Classified Records to improve performance
Indexing for Events/Timeline to improve performance
Indexing for Workflow to improve performance
Indexing for Cases to improve performance
Additional features and functionality for OSCAL exports of Security Plans and Components

Changed

Patched JWT Nuget package to address security vulnerability
Updated Telerik PROD License Key
Fixed legacy CSS issues with / and moved to math.div
Upgraded to Angular 12.2
Added Step indicator to recurrence wizards
Added server side data validation and API simplification for assessments and issues
Custom fields now print
Added warning when creating a custom field that data type cannot be changed
Added properties to parameters for OSCAL

[2.2.2] - 2021-08-24

Added

Scorecard now shows modal for open issues

Changed

Added Control ID to show on the control implementation form
JWT tokens now expire in 24 hours instead of 2
ControlId added to Transform Mapper
Transformer now refreshes controls when the base control changes
Fixed duplicate IDs on the catalog form
Fixed bug where child issues were not always pulling correctly on the Scorecard
Fixed bug to default printable if security control type is undefined
Security groups are now sorted for RBAC
Lightning assessment always refreshes when closing the page now
Fixed CSS styling on date picker controls
Added CSS styling to show N/A controls are excluded from Scorecard calculations
Fixed bug where control type was not being set properly when loading a new catalog

[2.2.1] - 2021-08-17

Added

Security Plan Scorecard
Added Wizard interface for Assessments, Data Calls, and Tasks Recurrence

Changed

Bug Fix: All events on the status board are now processed correctly when hovering over the heat maps
Uploading files now generates a toast to confirm the upload
Softened colors on the Security Plan Status Board
Bug Fix: Bulk edit of control implementations now works properly
Bug Fix: Last Assessment hover fix
Improved tooltips on the Status Boards
Bug Fix: Updated date formatter based on NPM library update

[2.1.3] - 2021-08-06

Added

Case Management Module
Added mapping flag to catalogs as a visual indicator
Enhanced date picker added throughout all modules
Improved data validation prompts
OSCAL: Inheritable flag added to control implementations (used for leveraged authorizations)
Transformer feature now shows mappings in the UI
Builders now track linkages between profiles and the records they create (OSCAL)
Dashboards now have pageable/filterable grids
Catalogs now have links to the source OSCAL file that generated them
All modules have an API to be queried by custom fields

Changed

Bug Fix: Catalog title is now a required field via the API
Performance - rewrote the export JSON functionality
Bug Fix: Logic was broken on show/hide mapping wizard
Bug Fix: Confirmation email link now works
Bug Fix: Registration link now works
Bug Fix: Removed deprecated Service Account API
Bug Fix: Can now delete catalogs and security controls with mapped controls
Added warning when trying to map a catalog with no controls
Risk matrix removed hard coded thresholds
Bug Fix: Date picker popups now work in modal windows
Catalog and security controls are now archived versus deleted
Bug Fix: Setup now shows for Global Admin on Community Edition
Bug Fix: Menu options now hidden from the Global Admin account
Angular 12.1.4 minor upgrade and various npm package upgrades
Bug Fix: Get all controls by security plan query was not always accurate, fixed lookup
Bug Fix: Fixed sporadic bug where lightning assessments sometimes would not create for general users
Bug Fix: Kanban not showing tasks on workbench
Kanban button colors are now white
Bug Fix: Tasks on workbench now reset correctly with impersonation
Bug Fix: Kanban now shows profile pictures again
OSCAL validation no longer prevents downloads - just throws warnings

[2.0.2] - 2021-07-19

Added

Added Record Level access control to all modules
OSCAL export functionality for Security Plans, Catalogs, Profiles, and Components with AJV schema validation
Each Atlasity instance now has a unique GUID tied to its license for improved Software Assurance
License is now checked on login and access is enforced based on license validity
Upgraded WYSIWYG Editor
Recurrence Engine - now allows preview and group assignments
Performance - major improvements to query performance on list views

Changed

License key management - Community Edition locks after 30 days and requires a license registration
License now managed only at the Global Admin account, removed on Setup page
Added support for Stored Procedures for SQL performance optimization on the backend
Bug Fix: Org list not shown when creating users using the Global Admin account
Added password validation when creating a new user
Bug Fix: Domain now set properly on login
Multiple backend performance improvements (query optimizations)
Minor bug fixes and improvements
AI for issues now driven by a button click instead of defaulted for performance reasons
Bug Fix: All licensing now set from Admin panel versus environment variables
Bug Fix: Catalog export now working
Added Control ID to security control list view

[1.6.1] - 2021-06-06

Added

Added Risk Mitigation module to map controls to risks they mitigate
Added Control Mapping matrix visualization
Component module with OSCAL export functionality
Added builders to components and flowed down to assets (with visualizations)
Date graphing throughout the application
Kanban Task Board feature enabled for all modules

Changed

Assets can now be mapped to many components
Assets now have tabs to organize the form
Provided a GUI for adding/managing control parameters
Angular 12 upgrade
Swapped crypto-js library for crypto-es (TypeScript friendly)
Cleaned up NPM vulnerabilities
Updated NPM dependencies, removed unneeded packages
Bug Fix: Domain lookup now functions properly under all circumstances

[1.5.0] - 2021-05-07

Added

Added Project Status Board
Added Supply Chain Builder
Added Project Builder
Added Policy Builder

Changed

BUG FIX: Security plan delete now works and removes control tests and results

[1.4.1] - 2021-04-30

Added

Master Assessment feature (schedule many assessments at once)
Relationship Manager for many to many linking of records
Lightning assessments now support links, comments, and attachments

Changed

Reformatted Quality system on control implementations
Lightning Assessment feature now hidden when there are no tests created
BUG FIX: Lightning Assessments works properly again for a single assessment
BUG FIX: Delete button works again for assessments
BUG FIX: Toggle off for Supply Chain and Policy now works

[1.3.0] - 2021-04-17

Added

Questionnaire Module
Added metadata fields to Control Implementations
Added tabs to Control Implementations UX
Added quality management to Control Implementations
Added Risk Maturity Tier to Security Plans
Added filters to the Calendar for user (default), facility, and org
Google style search bar added to all modules
Added Control Tests to each Control Implementation for Enterprise Customers
Added Lightning Assessment Functionality
Added a new API to pull all child records for a given security plan in a single call

Changed

Controls now show in the preview box for the security plan builder
Bug Fix: Search bar formatting improved for CSS
Added reset to search on Security Plan Status Board

[1.2.0] - 2021-03-30

Added

MD5 checks and enhancements for Time Travel
AI Engine built for issue recurrence analysis
Refactored reporting engine page
Added summary info to the Security Plan module
Enhanced pagination support for large data sets
Added export functionality for all modules (JSON format)

Changed

Bug Fix: Handled null records on Time Travel and improved formatting
Bug Fix: Org pivot tables now work when visuallizing records in lists
Fixed width of user table in the Admin panel
API key merged into the User Profile versus a separate page
Bug Fix: Corrected calculation error on the DOD 171 self-assessment scoring
Added divider between catalog controls on printable form
Re-organized catalog print page
Bug Fix: Hide control implementations until save on security control form
Enhancement: Moved action buttons on user form to the left to prevent scrolling off page
Security Control weight now accepts decimals; not just integers

[1.1.1] - 2021-03-21

Added

Persists login username in localStorage, uses it to remember username and to check LDAP status

Changed

Bug Fix: AD/LDAP bug fixed
Bug Fix: Creating new users

[1.1.0] - 2021-03-15

Added

License key is now driven by the Admin panel versus an environmental variable
Additional fields for risk modeling
Added Organization module
Added Questionnaire backend
Added Reporting module with DoD 800-171 Self-Assessment Scoring
Risk visualization to the risk form
Greater visualization and interactivity to the Security Plan Status Board
Added visualization for all control implemenations of a given security control

Changed

Bug Fix: Security plan status board can now handle nulls when parsing data
Bug Fix: Google Maps API now allows connections from any domain
Updated licensing agreement
Updated copyright date
Bug Fix: Reset on search now resets the data
Bug Fix: Login now resets the license type without a refresh
Bug Fix: Can now add multiple users without refreshing, enhanced validation and logging

[1.0.2] - 2021-02-07

Added

More options for risk categorization
CMMC options to the policy module
Added ability to handle multiple mapping options via the wizard

Changed

Bug Fix: Controller fixed for Status Board
Bug Fix: CMMC data was not printing on security plans or control implementations
Bug Fix: Search bug fixes for .NET 5 (IndexOf -> Contains)

[1.0.1] - 2021-02-04

Added

Mapping functionality now locked to Enterprise customers

Changed

Bug Fix: Controller fixed for Status Board

[1.0.0] - 2021-02-02

Added

Added catalogs and support for all baselines of NIST 800-53 Rev4
Added catalogs and support for all FedRAMP baselines
API for interacting with unique ControlIds for security controls
Licensing info now shows on the tenant Admin panel
Added ability to delete a workflow template step from the designer
Added ability to delete workflow instances
Added workflow ID to the workflow instance form
Major dashboard refactoring and improvements
Added Parent Slider to the Workflow Instance system
Added Component module to support the OSCAL standard
Added Parameter to the data model to support the OSCAL standard
Added ability to print the full Catalog with all child controls
Added NIST 800-171 Self-Assessment Report for DoD

Changed

Bug Fix: Hot fix for DB migration issue
Bug Fix: Workflow now passes ID properly to the instance page after creation
Bug Fix: Worfklow system now auto-creates the "System" group if it doesn't exist
Bug Fix: Supply chain system now handles null stock data
Bug Fix: Catalog search now works properly
Bug Fix: Security controls search now works properly
Bug Fix: Security Plan status board explanation no longer interferes with My Activity slider
Bug Fix: Time Travel "Revert" button now works
Bug Fix: Sort order on custom fields now works properly under all circumstances
Enhancement: Workflow notifications give a better indication of what is happening (Approval v/s Notification)
Enhancement: Colors are now consistent on graphs relative to status
Enhancement: Added advanced visualizations to the security plan status board
Enhancment: Minor UX tweaks throughout the application
Enhancement: Added a prompt before reverting Time Travel to a previous state

[0.9.8] - 2020-1-14

Added

Added Control Mapping system to map controls from multiple catalogs into a single control mapping
Added a unique Control ID to the security control module to allow a "business friendly" control name for easier searching and lookups
Added AD/LDAP auto-sync job with the ability to map attributes for a deeper sync process with Atlasity
Custom Fields can now be ordered with drag and drop on the Admin panel. Display consistently on the form.
Can now view the related module on the workflow template designer

Changed

Bug Fix: Now hides password related features if AD/LDAP sync is turned on
Bug Fix: Broken icon on delete toasts fixed across the application
Bug Fix: Navigation system now shows child security plans for a profile
Improved data validation on the front and back end; better visual indicators and API protections
Additional status options for interconnects added
Bug Fix: Links in Sliders now close modals
Bug Fix: Notifications now loads properly on login/logout
Bug Fix: My Activity now loads properly on login/logout

[0.9.7] - 2020-1-07

Added

Time Travel feature implemented
Bulk editing of security control implementations
Supply Chain Risk Status Board
Supply Chain - configuration panel added for analyzing 3rd party risk
Security Plan - now has form data for Authorization Boundary, Network Architecture, and Data Flow
Security Plan Form - now implements tabs to make the form more compact with less scrolling
Security Plan Print - UX improved to add dynamic charting and visualizations
At a Glance Tags added to security plan for quick visual indication of key data
User Groups - can now be viewed on the user profile
Workflow - now tracks start and end times for the overall workflow and each step
Upgrade to Angular 11 and .NET Core 5.0.1
Performance Optimization - Supply Chain, Policy, and Security Plan Status Board refactor

Changed

Bug Fix: Removed domain check since it is config driven.
Bug Fix: News posts links for Supply Chain and Causal Analysis are now formatted correctly.
Performance: Index optimization for frequently executed queries
Packaging: Optimized build to decrease container size
Security: Hardened the base image to eliminate vulnerabilities and reduce the attack surface
Refactored News Posts to be more efficient
Removed Catalog field from security control form (could cause data integrity issues)
Added new status for Security Plans (Retired/Decommissioned)
Bug Fix: Removed register new user link on the Forgot Password page
Bug Fix: Fixed bug that would not allow adding Interconnects to a security plan
Bug Fix: fixed broken breadcrumb links on the workflow modules
Group Management - now disabled for Global Admin (god-mode account), must login with regular Administrator role to access group management
Group Management - UI refactored to improve the user experience
Workflow Designer - UX refactored to improve the user experience
Bug Fix: Worflow notifications now go to all users in the group, not just to the first user
Bug Fix: Added history events for workflow
Added ability to toggle on/off bulk editing of security controls and added alerts for saves
Bug Fix: fixed issue with Javascript changing numbers to dates under some circumstances
Bug Fix: Removed index on control implementations to allow for large field sizes
Bug Fix: Fixed back button when deleting a security plan
Bug Fix: Fixed hidden elements from a bad DIV tag on the security plan print report
Bug Fix: Supply Chain Risk parent ID is no longer nullable
Bug Fix: If same parent type (i.e. nested security plans), child controls now render correctly
Validation: Refactored for Security Plans

[0.9.6] - 2020-11-18

Added

Base image changed to Linux Alpine for smaller size and improved security
UUIDs added to all modules to improve machine to machine data interchange
Added navigation to app menu to view My Activity in a slide out panel
Added user "baseball cards" to display contact info for any user selected
Added validation for all environmental variables on startup. Now throws errors in the container logs when validation fails.

Changed

Applied phone masks for improved formatting
Fixed duplicate IDs on HTML tags on the Catalog
Fixed print error on security controls
Assessments can now be added to assets
Bug Fix: Can no longer view dashboard when module is disabled in setup
Bug Fix: Can no longer 'Add Child' records when module is disabled in setup

[0.9.0] - 2020-10-30

Added

Improved logging
Added functionality to hard reset the admin password with an environment variable and restarting the app
OSCAL SSP Import
Added Stakeholders subsystem
All Home Page Dashboards completed
Added System Owner to the Security Plan Module
@Mention feature implemented for notifications (Comments Subsystem, Workflow, and News Feed)
Added Policy Status Board
Added Control Weight to Security Controls (used for risk calculations and DFARS Self-Assessments)
Email Viewer
Added Export for Security Plans and Control Implementations - used for external integrations
Can now "opt in" to receive email notifications
Notifications now issued for new record assignments (within Atlasity and via email if "opted in")
Added "Slide out" feature to preview the parent record
Base image changed to Linux Alpine for smaller size and improved security
UUIDs added to all modules to improve machine to machine data interchange
Added navigation to app menu to view My Activity in a slide out panel
Added user "baseball cards" to display contact info for any user selected

Changed

Bug Fix: No longer shows option to add a Control Implementation to the Security Plan using the Add Child button (must use the builder)
Refactored Security Plan report to allow for more customization in reporting
Can now delete comments
Improved signaling on navigation links
FIPS and System Type and now configurable as Metadata
Refactored notification system UI for performance
Group manager now displays a default of 25 records
Fixed email viewer bug, now displays all sent emails correctly
Fixed bug for 'Create New' on Supply Chain Status Board
Date Last Assessed and Last Assessment Result are now labels - must be set via assessment
NIST 800-171 now available as a catalog
Increased length of security control titles
Changed the cursor on the navigation tab
Added more discrete validation to the tenant configuration form
Fixed blank password bug for email configuration
Improved validation for AD/LDAP settings
Bug Fix: Exception lookup now working correctly
Add Child button now hidden until a module is selected
Cleaned up divider lines based on permissions in the Navigation bar
All logins now redirect to the workbench as the standard home page
Bug Fix: System Owner now displays properly in the list view
Added ability to enable/disable email SSL by tenant
Applied phone masks for improved formatting

[0.8.0] - 2020-10-2

Added

OSCAL Security Plan Export
Performance Tuning - Lazy Loading in Angular, Bundle Size Optimization
Added Cypress Front End Testing (rebased with testing branch)
MITRE Heimdall Integration for Assessment
Added Help system for all modules
Metadata seeding re-factored for each module
Refactored global admin workflow
Control owner visualization for security plans
Added the Maintainer role
Users default to activated
Facility Status Board now handles offline gracefully

Changed

Added ability to show/hide CMMC fields based on Admin Config
Fixed bug where Atlasity would not accept complex email addresses with multiple periods
Bug Fix: Fixed route on creating a new user
Added "Last Assessment Result" graph to the Security Plan Visualizer
Bug Fix: Recurring assessment route fixed
Bug Fix: Fixed "Create New" route for projects
Bug Fix: Cause codes now load defaults on new installations
Bug Fix: Supply Chain picklists now configurable
Bug Fix: License now displays properly when not logged in
Bug Fix: Fixed date validation errors from the testing harness
Bug Fix: User profile system bug fixed, can now upload photos
Cache now clears on logout and when adding a user
SMTP Email Password is no longer required (for non-authenticated use cases)
Bug Fix: Notification count reset to zero on logout
Bug Fix: Non-admins can now access their User Profile

[0.7.0] - 2020-08-28

Added

Added Supply Chain Module
New landing page with dashboards
Custom fields can now be ordered via drag and drop
Angular 10 upgrade
FontAwesome now installed locally v/s CDN include
Calendar now supports Angular 10
Facility Status Board MVP 1

Changed

Added currency formatting to the Project input controls
Renamed Atlasity export files
Workbench component now properly named
Fixed bug on AD sync
Added Post-Incident Evaluation field to the Incident Response module
Email alerts now indicate that it was sent to you
Hides ID field on Security Control Implementations
Refactored Facility Status Board for efficiency

[0.6.0] - 2020-07-31

Added

Added support for email CC
Activew user toggle added for the user list
Fixed max filesize setting on Startup
Fixed bug on test email, made code more resilient
Help/Support now points to Atlasity.io
Added the Facilities module to the Admin panel
Printable reports now have clickable headers
Added causal analysis module
Added event module for timeline
Custom fields are editable

Changed

User search now shows by default
File size limit now in MBs
Admin email now updates when saving a new email in the Admin panel
Cache now refreshes when new user is created or AD is synced
Improved security of account creation when doing an AD/LDAP sync
Facilities added to all forms/searches
ListView buttons are always formatted on the right now
Fixed 'Setup' link for non-Enterprise installs
Required fields properly marked on the user form
Email now saves to the database before sending and throws error prompt when it has issues sending
Many multi-tenant user flow bug fixes
Fixed routes to profiles and catalogs (no longer have to be an administrator to view)
Domain stored locally to reduce API traffic
Fixed back icon on Control Implementation form
Domain name now adds '/' character to the end if not provided
Link to CMMC added throughout security plans
Save button now disabled until Save events complete (prevents multiple saves of the same record when clicking quickly)
Facility name must now be unique for a given tenant
Added test button for Slack/Teams
Prevents duplicate cause codes
Added cause type to causal analysis
Fixed bug when copying security plans
Auto-adds controls to plan using Security Plan builder without having to click an add button
Added link icon to compliance navigator
Removed Apparent Cause and minor UI tweaks
Email configuration labels and validation improved

[0.5.0] - 2020-05-29

Added

Custom Reporting and Dynamic Searching
Expanded test coverage and integrated with CI/CD
ELK stack expanded for enterprise monitoring and reporting
User-defined fields implemented
Added Email GUI
Rebranded to ATLASITY
App configuration now driven by license key
Licensing info now displayed for global admin users
FSSC Catalog import functional
One step import/export now for a catalog and all child controls
Custom fields are now tenant specific
Added test button for SMTP email configuration
Service Account now displays the current token
Tooltips and instructions now provided on the AD/LDAP admin panel
Custom fields now allows a choice list
AD/LDAP now allows test/sync on the Admin panel, searches nested accounts

Changed

IAM flow improved along with UI
Fixed various security authorization bugs
Fixed email bug in the ATLAS container
Fixed various container deployment bugs and improved documentation
Fixed bugs in the build process, sped up build times significantly
My Activity moved under user profile and user form for Admins
Calendar now graphs assessments across days
Worked through Sonarqube bug fixes and Angular build bug fixes
Removed cyber specific fields where possible (can add via Custom Fields for a customer)
Fixed validation errors where form was not resetting
Fixed bugs on workbench and adding items, moved config to a service
Various multi-tenancy fixes
Recurring bug fix - bi-annually now calculates correctly
Custom fields now hidden for Community Edition
Clearing security controls no longer throws an error toast message (warning instead)
Fixed AD/LDAP bug on login
Logout now in red and moved to bottom to be easier to find
Create security plan now shows a spinner while building the plan with controls
Fixed registration bug for users

[0.4.0] - 2020-03-27

Added

Tenant and User services now cache results to improve performance
Combined IAM modules into one config panel and re-factored
Custom monitoring solution for K8s, APM, SQL Server, and Containers built using ELK
Refactored user group by queries - improving query performance

Changed

Fixed password reset bug
Added show/hide fields to all password fields (default hides)
Refactored service accounts for multi-tenancy
Files are now searchable/sortable and show the MD5 hash
Bug Fix - News Feed and My Activity filters now work for over time visualization
Bug Fix - URL now updates after saving a record, fixing issues with the Back button

[0.3.0] - 2020-03-13

Added

Created Admin panel for configuration
Enabled AD/LDAP authentication
Added deploy instructions for catalogues
Added AES-256 encryption for secrets in the DB
Added Group Management functionality for users
Added System Integration tests with Cucumber/Selenium
Angular now caches lookup fields
Added ability to create and manage User Groups

Changed

Updated deployment instructions for persistent storage on local installs
Bug fixes on redirects after Catalogues and Security Plans are built
Sorted/updated regulations on the Splash page
Removed workflow trigger from new forms
Made max number of file uploads configurable
Can now enable/disable Microsoft Teams, Slack, and AD/LDAP authentication
Bug Fix: Only activated users show in the user list

[0.2.0] - 2020-02-28

Added

CMMC fully implemented
Avatars now stored in the DB
Workflow now supports drag and drop
Added Print/Email capability for Catalogues and Security Controls
Added ability to mount storage in K8s for file storage
Catalogues now allow for JSON import and export
Angular Unit Testing
Added LGPL license to ATLAS
Added Compliance Status Board for Security Plans
Added Slack and Microsoft Teams integration
Added multi-tenancy

Changed

Minor icon bug fixes on the News Feed
Re-factored dashboards to use the list view
Add CMMC filters to security plans and control implementations
Tuned SonarQube rules to filter out false positives
Allows multiple file uploads
Shows counter for number of catalogues on the Splash page
Added C# unit tests and new folder structure
Fixed bugs and legacy alerts
Can now tie issues to assets

Changelog

[0.1.10] - 2020-01-31

Added

Basic workflow system engine
Re-factored News Feed, comments on the news now flow down to the record
Update API for Links
Replaced all Alerts with Toasts for a modern UI experience
Security Plan Builder Wizard implemented
Pipelines updated and SendGrid bug fixed
Upgrade to .NET Core 3.1
Added the DoD CMMC into ATLAS

Changed

Deletions via API now remove all child/related objects
Improved form validation across all modules
Removed version history, moved to the change log
Improvements to file upload
Replace Feather icons with Font Awesome - reduced build size
Metadata manager now hides modules with no fields to customize
File upload now throws an error if no file provided
Cleaned up instructions for recurring records

[0.1.9] - 2020-01-10

Added

Added search capability to all subsystem tabs
Added a list view for security control implementations
Added Kubernetes configuration files for ease of automated deployments
Built Windows DEV environment
Added GUI for creating service accounts
Added loading spinners
Added profile owner to security profiles
CI/CD now handles DB changes
Added search to history
Added logic to "Show/Hide" the Show More button on the News Feed and My Activity
Added URL encoding to search
Added end of life, status, and purchase date to Assets

Changed

New navigation system implemented
Performance improvments for the navigation system
Removed legacy breadcrumb system
Removed sensitive user data from API calls
Fixed bug on "add child" wizard in the navigation system
Fixed Docker build error with new Angular update

[0.1.8] - 2019-12-06

Added

Added error checking on all forms for 'Record Not Found'
Added a requirements module
Created a wizard interface for building security plans
Created a wizard interface for managing compliance requirements
Added a view of all implementations for a given control
Added event type filter to the News Feed
Added Select All and Remove All buttons to the security profile
Added toggle to show/hide search filters on the list view

Changed

Multiple data validation bug fixes
Re-factored assessment API to support automated DevOps testing
Re-factored UX for all forms
Improved formatting of the Splash page
Improved density of the UI on all subsystem tabs

[0.1.7] - 2019-10-30

Added

All APIs compliant with Swagger/OpenAPI format
Added initial Swagger API documentation page
All APIs have Swagger documentation
Added recurring assessment feature
Added recurring data call feature
Added recurring task feature
Comments are now integrated with the News Feed and History
File upload/download is now integrated with the News Feed and History
Links are now integrated with the News Feed and History
Added Swagger documentation to the ATLAS models
Added High Value Asset toggle to the Security Plan module
Required fields are now marked on the forms
Added Refresh button to the News Feed
Added catalogue to the News Feed and My Activity
CSA CCM controls uploaded
Assessments auto-update control implementations
Added control implementation details to the dashboards

Changed

Fixed workflow step bug on the News Feed
Fixed bug with blank avatars on the News Feed
Fixed issues on the Catalogue Form
Updated the Security Controls data model
Security profile refactoring
My Activity now shows unique records
Refactored the Workbench UI
Updated Splash page - compliance frameworks + Star Wars

[0.1.6] - 2019-09-30

Added

Added click-through license agreement
Added printer dialogue button
Added validation to the RBAC manager

Changed

Fixed checkbox indent
Made blob storage private - validated encryption of files and privacy of URLs

[0.1.5] - 2019-09-06

Added

Added email notification for new account creation
Added a password reset feature
Improved validation for login processes
Added support for Markdown files in ATLAS
Added initial Help system with Markdown support
Added progress bar, totals, and legend to the calendar

Changed

Upgraded to Angular 8
Fixed NPM package vulnerabilities

[0.1.4] - 2019-08-26

Added

Tested new navigation menu on mobile, Mac, and Windows
Added a warning banner for ALPHA testing
Enhanced data validation logic across all modules
Improved formatting of date picker controls

Changed

Moved all navigation to the top to allow more screen real-estate on small screens
Fixed navigation bug on mobile with dropdown menus
Fixed login/logout flow
Fixed status check logic for tasks
Removed max/min controls
Fixed a rare show/hide bug in the navigator

[0.1.3] - 2019-08-10

Added

Changed

Fixed card height issues on the splash screen
Fixed login/logout issues with showing/hiding content

[0.1.2] - 2019-07-27

Added

Added data validation to new user account creation
Added vanity URL for the ATLAS sandbox: atlas.c2labs.com
Added default image

Changed

Fixed width issues on mobile platforms for logins
Improved password management features on new user creation
Fixed data validation when updating the user profile
Updated format of the unauthorized access page and footer

[0.1.1] - 2019-07-10

Added

Changed

Updated readme.md file to better describe the modules and build process
Various fixes to improve support on Windows (IE and Edge)
Disabled service worker code (throwing errors and not being used right now)
Removed xlsexport, incompatible with latest Angular framework
Fixed duplicate tags on the home page
Fixed logic on login/logout/user creation