HomeGuidesAPI ReferenceChangelogDiscussions
Log In

CHANGELOG

CHANGELOG

[5.18.1] - 2023-09-29

Added

  • Security: Added support for OAuth authentication for email security

Changed

  • Policies: parameters are now only required if the status is "Active"
  • Removed CQRS from Asset module
  • Added Asset Service to handle all business rules of the Asset controller and added correct swagger documentation
  • UX: Addressed spacing issues on password toggle
  • Bug Fix: New risks created via the Risk Assessment Wizard do not require a target risk score

[5.18.0] - 2023-09-27

Added

  • Components: Added external ID field and API for ease of integrating with outside tools/data
  • FedRAMP: Added fields to support FedRAMP Rev 5 requirements for Leveraged Authorizations
  • FedRAMP: Expanded interconnect module to support FedRAMP Rev 5 requirements
  • FedRAMP: Added fields to support Risk Exposure Template export in Rev 5
  • Lightning Assessment: Now shows parts and parameters on the left side view
  • Lightning Assessment: Now shows the parent security control on the left side view
  • Lightning Assessment: Left and right side are now independently scrollable
  • Lightning Assessment: Now allows incremental progress (can save 1 control at a time)
  • Lightning Assessment: Now allows editing assessments
  • Lightning Assessment: Allows you to flag an issue as reportable and will auto-generate an issue
  • Questionnaire Security: Added access control for both internal and external users
  • Ability to export POA&MS from a Security Plan as FedRAMP Rev 5 Risk Exposure Excel workbook
  • UX: Added persistent footer to the application
  • Workflow: Added options for assigning workflows and building new ones using the subsystem
  • Workflow: Added ability to assign and create workflows directly to a manager
  • Issue Screening: Added quick action buttons to create Causal Analysis records
  • UX: Workbench is now the default landing page
  • FedRAMP Rev 5 SSP Appendix A export in Word format
  • FedRAMP Rev 5 CIS export in Excel
  • FedRAMP Rev 5 Test Case Procedure export in Excel at Security Plan level and Continuous Monitoring level
  • Continuous Monitoring tab now has a "Create New" button
  • Issues: new fields for manual issue detection
  • Web accessibility attributes for the RegScale logo, notifications area, and page landmark regions
  • Questionnaire question file upload support
  • Workflow: Added a new API for creating custom workflows programmatically

Changed

  • Performance: Optimized page loads for RegScale forms
  • UX: Change list view fields for Privacy Impact Assessments
  • UX: Consolidated dashboards into the List View system of modules
  • UX: Removed sidebar from left side of the screen
  • Performance: Improved indexing on Components
  • Performance: Improved query speed when retrieving a Security Control or Control Implementation
  • Context Viewer: Now shows the part description when creating a new option and auto-closes once option is completed
  • Enhancement: Catalog error messages now persist on the page when uploading
  • Bug Fix: Removed duplicate FedRAMP tab on Control Implementations
  • Bug Fix: Risk scorecard now renders properly
  • Added logic to ReadMe.io version update during release pipeline to parse the version from the environment first, then defaults to version # in package.json
  • Bug Fix: Addressed issue where Control Context Viewer always returned to Parts when editing Parameters
  • Bug Fix: Addressed you are already logged in bug when redirected to login page
  • Bug Fix: Addressed various issues with maintaining questionnaire state
  • Print: FedRAMP fields added to control implementation printable form
  • Bug Fix: Global admin redirect now works properly
  • Bug Fix: Editing tasks in the Kanban subsystem does not result in console errors
  • Bug Fix: Ports and Protocols table is present in the FedRAMP SSP (Rev 4 and Rev 5) export
  • Bug Fix: Supply Chain contract owner dropdown does not contain duplicated usernames
  • Bug Fix: Issue ID is returned as part of the api.issues.create event
  • Bug Fix: Login banner must be acknowledged before using the application after login
  • Security: Patching NPM vulnerabilities
  • Updated the executive summary text for the FedRAMP SSP Rev 4 templates (Moderate and High)
  • Bug Fix: Catalogue export as OSCAL JSON uses correct encoding
  • Added 'deprecated' label for FedRAMP Rev 4 SSP and continuous monitoring exports
  • Bug Fix: Leveraged authorizations appear in FedRAMP SSP export
  • Questionnaire: Process questionnaire rules when dropdown answer changes
  • Bug Fix: Validation in the policy form and policy template now apply together
  • Bug Fix: Automation panel only shows DAG execution date-time
  • Bug Fix: The api/Organizations/getList endpoint correctly displays organization managers and manager IDs
  • Bug Fix: Saving a new questionnaire presents a single toast notification
  • Bug Fix: Editing a questionnaire QUID doesn't automatically move the cursor to the end of the QUID
  • Questionnaire instance comparison export (Excel) format is now one instance per row
  • Questionnaire rich text editor control styling matches the rest of the application
  • Updated SSP's MegaAPI result to include an asset's list of software inventories
  • Bug Fix: Addressed issue with updating a Task within the Event system
  • Lines of Inquiry: Now warns you if navigating forward or back without saving

[5.17.1] - 2023-09-13

Added

  • UX: Can now create a new profile from the Builder Wizard

Changed

  • Bug Fix: Custom fields dropdown list addresses issue with adding new items
  • Bug Fix: Addressed SSO login issue for thin provisioning and logging in new SSO users
  • Bug Fix: Addressed issue with launching Security Profile importer
  • UX: Replaced Digital Signature with Electronic Signature labels

[5.17.0] - 2023-09-12

Added

  • Questionnaire: Add execution constraint to rules to limit when certain rules are executed

Changed

  • Cause Code Admin Panel for Causal Analysis
  • Sonarqube integration for issues
  • Updated CSP Name for FedRAMP Test Case Procedures export to use CSP Organization Name from the Preparation tab of the Security Plan
  • Questionnaire: Allow various Action Functions to accept list of questions to change
  • Questionnaire: Make Action Functions resilient to updating question (quid) that does not exist
  • Questionnaire: Update rules of open instances when updating open instances
  • Support: Improved logging for toasts to assist with testing and debugging

[5.16.3] - 2023-09-11

Added

  • Ability to dynamically set fields to read-only based on record state
  • List Views: Added ability to create a child record from the list view
  • Security: Hardened JWT timeout checks for all Angular routes
  • Reports: Improved FedRAMP export of the Risk Exposure Report
  • Workflow: Now supports management approvals
  • Workflow: Added functional role assignments
  • Workflow: Added action system
  • Workflow: Added comments, files, and links to the workflow record viewer

Changed

  • UX: Catalog importer moved to the list view next to the "New" button
  • UX: Improved formatting of the print screen
  • Bug Fix: Removed FedRAMP tab from SSP
  • Bug Fix: Added FedRAMP tab to control implementations
  • Bug Fix: Navigation system not showing titles as links
  • Bug Fix: Addressed error on Group retrieval
  • UX: Improved formatting of the user list in the Admin panel
  • Bug Fix: Manage risk visualization on home page updated
  • Bug Fix: Issue screening now pulls the correct comments, files, and links

[5.16.2] - 2023-09-08

Added

  • FedRAMP: Added risk fields to POA&M to support the Risk Exposure Template export
  • Metadata: Added reseeding option to the Admin panel (accommodates new changes over time to picklist)
  • Automation: Support for scheduling, pausing, and checking status of Airflow jobs
  • RegML: Added license confirmation box allowing all SaaS customers to opt-in to AI/ML capabilities in RegScale
  • Ability to export FedRAMP POAMs for Rev 5

Changed

  • Enhancement: Refactored seed metadata method to be consistent across the application
  • Bug Fix: Added SQL check to skip some specialized indexing for unsupported SQL Server versions
  • Bug Fix: User activation API returns 400 when the request is empty
  • Accessibility: Added more keyboard-based navigation and alternative text content
  • Bug Fix: Required field count and completion percentage for new records works correctly
  • Bug Fix: After making a change on a control implementation record, when navigating away and choosing "Cancel" no navigation occurs

[5.16.1] - 2023-09-07

Added

  • N/A

Changed

  • Bug Fix: CONMON display fix for progress report
  • Bug Fix: Addressed issues looking up Security Plans on controls list view
  • Performance: Database index tuning based on Azure recommendations
  • Performance: Multiple query optimizations for fetching control implementations
  • Performance: Refactored Navigation system query to be more performant
  • Bug Fix: Addressed issue where subsystems would sometimes not show for a control implementation with related evidence
  • Bug Fix: Setting a new task as Closed updates the percent complete to 100%
  • Bug Fix: Phone number fields on questionnaires require a valid phone number before saving
  • Bug Fix: Security Control Implementations list view Control ID sorting matches other Control ID sorting in the application

[5.16.0] - 2023-09-06

Added

  • FedRAMP: POAMs now export as OSCAL
  • FedRAMP: Added XML Export for OSCAL SSPs
  • Security: All event logging is now performed server side
  • Performance: Optimized the subsystem count query to be more performant
  • Issue Status: Can now manage the full lifecycle with status gates and workflows
  • Flag to dynamically set fields to readonly based on workflow

Changed

  • Bug Fix: Added fix for multiple quick clicks of the login button
  • Tech Debt: Forms now centrally driven by a single config (pre-requisite for enabling custom data labels in the future)
  • Explanation for Other than Operational Status field is only required for FedRAMP SSPs now
  • OAuth: Fixed login issue to improve Okta support
  • Security: Now record date a user was deactivated
  • 508 Compliance - added scope attribute to table headers
  • DEPRECATED API: Removed all GetAll endpoints, now requires using filter methods or paging in GraphQL to avoid performance impacts
  • Bug Fix: New Requirements form tab names match the cockpit section names
  • Bug Fix: Added missing fields for advanced search in questionnaire
  • Bug Fix: Counts in Risk by Trend chart on the main dashboard match the number of records in the drilldown modal
  • Bug Fix: Moving a slider no longer reloads a tab's data
  • Bug Fix: Changing a security plan's status updates the form to trigger validation rules
  • Bug Fix: Scorecards, Status Boards, and Gantt charts now use the same query
  • Bug Fix: System roles pulldown now provides a "blank" user since it is no longer required
  • Bug Fix: Addressed many role-based authorization queries based on specialized roles
  • UX: Fixed minor rendering issue with search bar on Status Boards
  • UX: Added line breaks to Implementation Part statements
  • UX: Fixed issue with comments tab sometimes rendering off screen in Lightning Assessments
  • Bug Fix: Control Implementations and Requirements now require a parent ID and parent Module
  • Bug Fix: Addressed issues with Security Plan not printing controls in Community Edition
  • UX: Group manager now displays the group ID in the list
  • Error Logs - now supports a back button
  • Tech Debt - removed legacy SecurityPlanId field from Control Implementations
  • Bug Fix: Changed questionnaire Rules field back from RichText to TextArea
  • Made event topics more consistent
  • Bug Fix: Source OSCAL URL field saves correctly when creating a new catalogue
  • Removed event manager columns pertaining to Active status and updated list filtering
  • Saving after adding a new questionnaire section works as expected when reloading the page
  • Questionnaire: email question type supports validation before proceeding
  • Questionnaire: Renders properly if the questionnaire only has instructional questions

[5.15.4] - 2023-08-31

Added

  • Questionnaire: Export one or more responses to a single Excel worksheet
  • Accessibility: Additional support for tab-key navigation, aria labels for icons
  • Data Subsystem - Code Mirror added for editing raw XML and JSON in the platform
  • FedRAMP: POAMs now export as OSCAL
  • FedRAMP: SSPs now export as OSCAL
  • FedRAMP: Added new fields to stakeholder system and flag to set if Individual or an Organization
  • FedRAMP: Can now add external stakeholders to a system role assignment (previously was just internal users)
  • FedRAMP: Added new features to support tracking Cryptographic modules

Changed

  • Bug Fix: Addressed periodic issues in pulling Status Board data for Security Plans
  • Tech Debt: Improved POST/PUT APIs for Facilities and Stakeholders
  • Tech Debt: Improved OSCAL XML export code for SSPs to be more resilient
  • Catalog MegaAPI for efficiently fetching a catalog with all related child data (controls, parameters, tests, options, etc.)
  • Bug Fix: Text-based questionnaire answers are not accepted if they contain only whitespace
  • Bug Fix: DOE SSP export matches new data and formatting requirements
  • Bug Fix: Asset Type field only appears on the Basic Info tab for Assets

[5.15.3] - 2023-08-29

Added

  • Logic to prevent duplicate file names when uploading a file to a record
  • API endpoint to rename duplicate files for a provided record ID and module name
  • FedRAMP: Lightning assessments now support Risk Analysis
  • Mini-Subsystem - added to Lightning Assessments, can add files, comments, and links at the assessment test level along with assigning Quick Actions - Request Evidence or Create Issue
  • RegML Auditor for control implementation evaluation (BETA)
  • FedRAMP - added asset types to components
  • Logic to prevent duplicate file names when uploading a file to a record
  • API endpoint to rename duplicate files for a provided record ID and module name
  • Swagger: Brought documentation for the Push Notifications endpoints up to standard
  • Delegate System: Profile now allows you to set delegates for your approvals
  • Create endpoint for Ports and Protocols available via Swagger
  • Functional Roles: Ability for administrators to define functional roles and to add users to those roles
  • "Create" endpoint for Ports and Protocols available via Swagger
  • Event-based Architecture: Added events for questionnaire status changes
  • System URL text field on the Basic Info tab in Security Plans
  • API endpoint for creating a classified record
  • Organization URL text field on the Organization Manager form
  • FedRAMP: RegScale Assigned User is now an optional field on a System Role

Changed

  • UX: Administration panel for system administrators now shows options in Alphabetical order
  • Bug Fix: Changing SSP status to anything other than Operational sets Explanation for "Other than Operational Status" as required
  • Bug Fix: Questionnaires module does not appear in the user menu when it has been disabled
  • Bug Fix: Changing an asset's category updates the available tabs accordingly
  • Bug Fix: Setting an incident's phase as "Closed" makes the Date Resolved field required
  • Tech Debt: Optimized TypeScript library loading with Angular
  • OSCAL: Objectives renamed to "Parts" throughout the UI to align with current NIST/FedRAMP terminology
  • Removed drill-down from module record History charts
  • Updated all exports generated from RegScale follows a naming convention that ends _YYYYMMDD
  • Several fixes for DOE template and SSP exports in general
  • Bug Fix: Questionnaires required to have at least one section
  • Analytics (dashboards) side nav only displays dashboards for which the current user can access with their roles
  • Navigating via URL to a dashboard the current user doesn't have access to shows a toast notification and redirects to the home dashboard
  • Bug Fix: Evidence Locker advanced search works correctly for Date Created and Evidence Owner fields

[5.15.2] - 2023-08-25

Added

  • FedRAMP: Ability to assign multiple sources, origination, and status at the control implementation level
  • Questionnaires: Ability to download the Excel import template
  • Questionnaires: Ability to export questionnaire to Excel
  • Questionnaires: Ability to export a questionnaire response to Excel
  • Questionnaires: Ability to modify a questionnaire that has already been published
  • Keyboard accessibility for the form menu (e.g., back, save)

Changed

  • Bug Fix: Advanced search for a blank item in a picklist now works properly
  • Bug Fix: Addressed validation logic on new Security Plans
  • Bug Fix: Addressed issue deleting Lines of Inquiry
  • Bug Fix: Removed roles from the workbench
  • Tech Debt: Added missing IDs on links to support testing automation
  • Tech Debt: Truncate strings for Excel exports to avoid corrupting the workbook
  • Performance: Refactored required field validation to be more performant on the client side
  • Infrastructure: Event topic names are pluralized
  • Bug Fix: Webhook form saves successfully even with a misconfigured webhook
  • Bug Fix: Marking a task as "completed" requires the user to enter a value for the Date Completed field
  • Bug Fix: By Point of Contact chart on the Incident Response dashboard renders user names correctly
  • Bug Fix: Required custom fields for a new Case Management record appear in the cockpit regardless of status change
  • Bug Fix: Fixed issue with security profiles being unable to update
  • After assigning a questionnaire the Responses tab is automatically updated to reflect the new assignment
  • UX: Improved the display of the control in the Lightning Assessment and added deep link to view the parent control
  • Bug Fix: When creating a new questionnaire form, the Builder, Assignment, and Responses tabs require saving the questionnaire first

[5.15.1] - 2023-08-24

Added

  • Reporting: New report showing all comments on controls for a given Security Plan
  • Loading spinner to Inheritance Engine to show progress as work is executing
  • Keyboard accessibility for top nav bar and left nav bar (WCAG)

Changed

  • Improved alerting and labeling when a parent security control is not found for a control implementation
  • Bug Fix: Addressed issue with inheriting between Security Plans
  • Bug Fix: Functional areas can now be searched for Assessment Plans
  • Bug Fix: Server side auditing working properly for comments
  • Bug Fix: Addressed console error when loading components for an SSP
  • Bug Fix: Print Preview shows all pages
  • Bug Fix: When creating a new task with a closed status, the cockpit correctly lists required fields completion
  • Bug Fix: Questionnaires save correctly when the created-by and last-updated-by user are the same

[5.15.0] - 2023-08-23

Added

  • FedRAMP: System Roles can now have multiple users assigned
  • FedRAMP: Add button to auto-assign all FedRAMP defined system roles
  • FedRAMP: Added explanation field if "Other" checked for Cloud Model
  • FedRAMP: Added "Other" option for Cloud Deployment Model
  • FedRAMP: Added Data Center tab to Security Plans
  • FedRAMP: Expanded properties subsystem to add Label and Other Attributes fields (optional)
  • Causal Analysis Role - restricts creating, updating, and deleting a Causal Analysis to users with this role (who normally have specialized training)
  • Assessment Lines of Inquiry - multiple enhancements: Can dynamically add new lines of inquiry without a parent Assessment Plan and can apply multiple assessment plans
  • FedRAMP: Added validation to the deployment option selections if a FedRAMP SSP (flag based on FedRAMP ID # not being empty)
  • FedRAMP: Added "Under Major Modification" and "Other" status to components
  • FedRAMP: Added Explanation for Other status to components
  • FedRAMP: Expanded links to support external identifiers and attributes
  • FedRAMP: Security Plans added field for explanation for Other than Operational status
  • FedRAMP: Allows system role assignments at the Component and Control Implementation level (one to many)
  • FedRAMP: References now support optional description field and UUIDs
  • FedRAMP: Added Responsibility and Leveraged Authorization fields at the Control Objective level
  • POA&M checkbox for Issues under POA&M Info tab to indicate if the issue is a POA&M item
  • FedRAMP: Added all reference types allowed from FedRAMP to the References tab
  • Metadata - added ability to define external keys for metadata (allows for mappings, i.e. to FedRAMP/OSCAL values), metadata is now editable
  • Event Driven Architecture - added status changes and fixed several edge case bugs

Changed

  • Tech Debt: APIs cleaned up to remove logging fields (Created By, Date Created, Last Updated By, Date Last Updated)
  • Bug Fix: Improved validation for properties system on the server side
  • Lines of Inquiry - added ability to remove a line of inquiry from a given assessment
  • Tech Debt: Added many missing tables to the GraphQL layer
  • Bug Fix: Export of DOE SSP fixes special character issues
  • Bug Fix: FedRAMP Risk Exposure export will now display if any child items of the Security Plan has a risk associated to it
  • FedRAMP POAMs Export will now only export issues with the POA&M checkbox checked under POA&M Info tab
  • Bug Fix: Marking a security plan as "operational" makes key date fields required
  • Swagger: Brought documentation for the Threads endpoints up to standard
  • Bug Fix: Marking an assessment as "complete" marks newly required fields as required
  • Bug Fix: Marking a case as "complete" marks newly required fields as required
  • Bug Fix: Marking a causal analysis as "complete" marks newly required fields as required
  • Bug Fix: Marking a data call status as "complete" marks newly required fields as required
  • Bug Fix: Marking an exception status as "complete" marks newly required fields as required
  • Bug Fix: Marking an incident status as "complete" marks newly required fields as required
  • Bug Fix: Marking an issue as "complete" marks newly required fields as required
  • Bug Fix: Marking an interconnection status as "complete" marks newly required fields as required
  • Bug Fix: Marking an project as "complete" marks newly required fields as required
  • SECURITY: Hardened forgot password feature based on penetration testing recommendations
  • Bug Fix: Marking a project as "complete" marks newly required fields as required
  • Bug Fix: Marking a risk as "closed" marks newly required fields as required
  • Bug Fix: Marking a threat as "mitigated" or "eliminated" marks newly required fields as required
  • Bug Fix: Marking a policy as "active" marks newly required fields as required
  • Added "Risk Accepted" status option for control implementations
  • Change: "Partially Implemented" controls no longer require planned implementation date or steps to implement
  • Changed the way team data is displayed SSP export (Word format)
  • Moved SAP and SAR exports from Security Plans to Continuous Monitoring
  • Event architecture: Added interceptor to handle status and severity changes

[5.14.1] - 2023-08-18

Added

  • Org Chart Viewer - organization manager now lets you visually browse the org chart
  • BETA: New version of DOE SSP export released
  • SECURITY: Improved login experience for MFA and SSO users and hardened the process end to end (NOTE: Customers may want to test in DEV before rolling to PROD)
  • Security Plans - added version field
  • FedRAMP: Vulnerability system added to Continuous Monitoring
  • FedRAMP: Added multiple new fields to support SAR exports (Actual Finish Date and flag for Date Adjustment for Corrections)
  • Infrastructure to support unit testing

Changed

  • Bug Fix: Paging now works properly for Service Accounts, improved layout of page formatting
  • Security: NPM patching for vulnerabilities
  • Security: Service account tokens now hidden in the UI, added copy button for ease of pasting with CLI and Swagger
  • Improved RegML automated reviewer interaction with the control implementation form
  • Bug Fix: Change validation for required fields now works properly on edits
  • Bug Fix: Changing status to closed auto-sets % complete to 100 on saves and edits
  • Updated CIS/CRM export to include Security Plan Name, CSP Name, and Security Plan's impact level to the Instructions tab
  • Fixed incorrect logic for controls with an implementation status of "Not Applicable" in FedRAMP Test Case Procedures export
  • Bug Fix: FedRAMP Risk Exposure export will now display if any child items of the Security Plan has a risk associated to
  • Bug Fix: Custom fields only populate after save operation completes

[5.14.0] - 2023-08-16

Added

  • Risk Scorecard
  • Data Subsystem - stores raw JSON, YAML, and XML data for integrations
  • Questionnaire: Added electronic signature support
  • Questionnaire: Added new field types for Dates, Phone Numbers, and Emails
  • Process questionnaire rules after each question response and choice change
  • Added Questionnaires tab to the following modules to make it easier to navigate to associated questionnaires: Components, Policies, Security Plans, Supply Chain
  • Questionnaires: Added alerts for unanswered required questions within current section before leaving the current section
  • Questionnaires: Added support for linking directly to a specific page of a questionnaire
  • Questionnaires: Added updating browser's displayed to specific page of a questionnaire when user navigates with Next and Back buttons
  • Check to ensure the user is on a supported browser (Edge or Chrome)

Changed

  • SECURITY: Patching of core .NET packages
  • Improved validation and error handling for Control Objectives, Tests, and Test Plans
  • Bug Fix: Addressed issue where validation of control implementations did not match server and client side preventing being able to update a reecord in "Not Implemented" status
  • Bug Fix: Misconfigured/unavailable webhook endpoints yield better logging
  • Bug Fix: Drilldown links for the Fix Problems dashboard display a modal a list view with the same number of records as shown on the dashboard
  • Bug Fix: Assess Program dashboard modal links have list views that match the record counts shown on the dashboard
  • Bug Fix: Assessment-role users have access to the Tasks module
  • Bug Fix: When creating a system administrator with break glass account, system now checks config to make sure email is enabled before trying to send the email
  • Bug Fix: Questionnaires can be submitted without being logged in
  • Questionnaires: Navigating between questionnaire pages returns to the top of the page
  • Questionnaires: Responses now have a back button
  • Questionnaires: Rules are processed after each question response and choice change
  • Questionnaires: Assigned By and Block Layout toggle removed from assignee view of the questionnaire
  • SUPPORT: Added a new environment variable, "EMAIL_NO_TLS", to allow customers to disable TLS for email in legacy environments where it is not supported
  • Questionnaires: Submitter name for assignees outside of RegScale no longer required for submission
  • Bug Fixes: Fixed multiple bugs causing the FedRAMP Test Case Procedures export generating a corrupt Excel workbook

[5.13.0] - 2023-08-05

Added

  • Support for webhooks to listen for specific events in RegScale externally
  • Application Insights for SaaS monitoring and troubleshooting for Customer Success
  • Architecture implementation for event queues and distributed processing
  • Chart views have a checkbox to toggle auto-fitting of charts to the viewing region
  • Questionnaire instances can be reopened
  • Added email validation to bulk questionnaire assignment
  • Backend support for questionnaire instance history
  • Questionnaires: consolidated assignment functionality into a single screen
  • Questionnaires: responses now show as a tab under the questionnaire record
  • Questionnaires: now auto-generate a security token to provide access control protection for external users
  • (Beta) SSP export in Department of Energy (DOE) format
  • Support for Salesforce integration with issues for Case Management
  • (Beta) Admin tab for events to allow managing event topics and webhooks

Changed

  • Bug Fix: RegML Author button appears correctly based on tenant state
  • Bug Fix: Drilldown works correctly on the My Activity tab of the Workbench
  • Questionnaires: Can now be attached to any parent module (removed hard coding to Security Plans)
  • Questionnaires: Consolidated functionality into instance table (removed assignment table)
  • Questionnaires: Share link now opens in a new tab, added "Copy" icon
  • Bug Fix: Questionnaire response form no longer reports console errors
  • Bug Fix: Toast notification dismisses properly in Lightning Assessments
  • Bug Fix: Addressed console errors when viewing a continuous monitoring record
  • Bug Fix: Addressed RegML loading infinite loop when connection not found
  • Bug Fix: Analyze Risk functionality in Lightning Assessments creates a risk record
  • Bug Fix: Controls Author timeout increased to handle longer control implementation statements
  • Bug Fix: Causal Analysis Step 2 renders correctly in dark mode
  • Bug Fix: Target Risk Score field is required when creating a new risk
  • Bug Fix: Users can be readonly for some modules and have greater rights in other modules
  • Bug Fix: Chart views render correctly
  • Bug Fix: Swagger page loads correctly
  • Bug Fix: Outage Summary field displays in the cockpit if an outage is required
  • Bug Fix: Close button on Workflows slideout works correctly
  • Bug Fix: Controls and Implementations cannot be created without a parent
  • Improved user feedback for bulk-assignment of questionnaires via email
  • Improved performance of the recurrence components in Tasks, Assessments, and Data Calls

[5.12.0] - 2023-08-02

Added

  • Performance: Optimized all Angular queries to eliminate slowed performance over time and need to refresh the application
  • Questionnaire system supports grouping questions into sections
  • Questionnaire system supports creating rules that can show/hide questions and set/clear answers based on user-defined conditions
  • Questionnaire system Excel import supports multiple question types, required flag, section IDs, and question IDs
  • Questionnaire system sends emails to assigned recipients
  • Questionnaire system allows bulk assignment via Excel worksheet of recipients
  • Organization Hierarchy support
  • Properties endpoint to support batch updates
  • Ability to create a new Assessment Plan directly from the assessment record
  • Ability to auto-generate an issue from a failed Line of Inquiry on an Assessment Plan
  • FedRAMP: Added fields for "guidance" and "constraints" to parameters
  • Reports: Added Date Last Updated to the SPRS 800-171 Report

Changed

  • Dropdown lists are initialized from configurations and are populated through Angular caching (support work for dynamic data labeling)
  • UX: Improved data validation warnings across 34 different screens
  • Bug Fix: Questionnaire responses display information instead of a blank page
  • Bug Fix: Templates for FedRAMP Moderate and High include additional placeholders for Table 6-1 and 6-2
  • Bug Fix: Drilldown and Status board counts for issues on an SSP match
  • Bug Fix: Due date validation messages for tasks is easier to understand
  • Bug Fix: For interconnects, IP addresses are validated only if non-empty
  • Bug Fix: Assessment Plans list view displays correctly
  • Bug Fix: URL fields in Supply Chain records support automated testing
  • Bug Fix: Improved target risk score label in the Required Fields section when creating a new risk
  • Bug Fix: List of required fields for new issues works correctly when changing issue status
  • Bug Fix: Updated the Policies Controller such that Swagger loads correctly
  • Bug Fix: Outage Summary field for Change records is only required for completed changes
  • Bug Fix: Saved contents on the Lookups tab for Supply Chain records persist after page refresh
  • Bug Fix: Charts on Issues by Severity Level by Status report render correctly
  • Bug Fix: Changes module loads correctly
  • Bug Fix: Addressed task validation error with due dates in the past
  • Bug Fix: Fix for module name to re-display questionnaire responses in list view
  • Bug Fix: RegScale user list populates correctly on page refresh
  • Bug Fix: Deleting a questionnaire marks it as inactive
  • Bug Fix: Default question for a new questionnaire is auto-assigned a unique ID (QUID)
  • Bug Fix: Addressed some HTML formatting issues in the control test preview
  • Bug Fix: Questionnaire link in email points to the unique response
  • Change: Request Evidence is now the first option on the Lightning Assessment buttons
  • Change: User baseball cards now have a header and dismiss modal button
  • Change: Scorecard now shows % of controls assessed and % passing in Overall Compliance section
  • Change: Removed closed issues from the Status Boards
  • Change: Improved ability to handle unencrypted email via SMTP
  • Change: Component Status Board only shows components that are active

[5.11.1] - 2023-07-20

Added

  • Architecture support for feature flags
  • Update endpoint for the Scan History API

Changed

  • Bug Fix: Button colors for the Policy Template editor match the rest of the application
  • Bug Fix: Policy Template editor renders properly in dark mode
  • Bug Fix: FedRAMP SSP export handles missing controls and suppresses unnecessary errors
  • Bug Fix: Documents that are generated directly into the Files subsystem have the correct content format
  • Bug Fix: Method in Questions controller marked ignorable to Swagger

[5.11.0] - 2023-07-19

Added

  • Risk Assessment Wizard
  • Security: Login banner now forces the user to acknowledge the banner before proceeding
  • Scorecards are now the default view for existing records on organizers
  • CMMC Export for Components (uses inheritance)
  • Questionnaires support multiple choice, checkboxes, and dropdowns
  • Questionnaire builder supports required fields and question IDs
  • Continuous Monitoring - can add all controls with a single button click (supports initial authorization flow)

Changed

  • Moved Delete button further away from the save button to avoid accidental clicks
  • Removed Authorizing Official (AO), System Owner, and ISSO as required fields for SSPs
  • Improved user experience for the questionnaire response form
  • Bug Fix: Addressed data validation errors and labels throughout the application
  • Bug Fix: Addressed issue on SAR export
  • Bug Fix: Addressed issue where the clickable area of a button was sometimes too large
  • Bug Fix: Addressed new issue validation bug
  • Bug Fix: Addressed miscellaneous problems with issue counts between Status Boards, Scorecards, and Gantt charts
  • Bug Fix: Delete button now works on Teams and Tools tabs
  • Bug Fix: Removed duplicate close buttons on the dashboards
  • Bug Fix: Analysis button removed from Vulnerabilities tab for an asset record
  • Bug Fix: Questionnaires must have at least one question before being assigned
  • Bug Fix: Addressed issue where new SSO user button was not showing
  • Bug Fix: Security Profile module is available for users with Evidence, Projects, Policies, Security Plans, or Supply Chain
  • Improved user experience for the questionnaire response form
  • Remediated vulnerabilities from UBI build process
  • Bug Fix: Corrected typo on logged in alert message
  • Bug Fix: Password validation checks for new users show green and red appropriately

[5.10.0] - 2023-07-12

Added

  • Enterprise Risk: Added Risk Treatment tab to the Risk module
  • Enterprise Risk: Added Risk Action tab to the Risk Module
  • Enterprise Risk: Added fields for tracking timelines for conducting risk assessments of a risk

Changed

  • Reports: Added "All Time" as a filter to date ranges (pull last 10 years of data)
  • Questionnaire system supports submitting a questionnaire response
  • Questionnaire system allows assigning a questionnaire to a security plan
  • Bug Fix: Addressed issue with "auto-login" for SSO users after logging out
  • Bug Fix: Fixed edge case on login logic
  • Bug Fix: Service accounts can be deleted
  • Bug Fix: Addressed data validation issue on the client side for assessments
  • Bug Fix: Personal Access Tokens (PATs) cannot be created if the service account user cannot be created
  • Bug Fix: Fixed many validation issues on new records
  • Bug Fix: Security Plan tabs are hidden if the user doesn't have access to view the contents
  • Bug Fix: Corrected CSS errors and legacy code
  • Bug Fix: Corrected classification count in the subsystem (paging bug)
  • Issue Screening: Severity Level, Issue Owner, and Due Date lock after screening
  • Bug Fix: OSCAL FedRAMP SAP and SAR export options for Continuous Monitoring work as designed
  • Tech Debt: Reduced build warnings by 68%
  • Bug Fix: FedRAMP Risk Exposure export for Security Plans has applicable threats and mitigating controls/factors

[5.9.0] - 2023-07-05

Added

  • Issue Screening feature
  • Ability to generate tenant specific service accounts
  • Labels shown in dashboards are dynamic rather than hard-coded
  • OSCAL: SSP export - controls now export using the sort-id
  • FedRAMP: Control implementation now use the NIST Control ID v/s the RegScale primary key in the export
  • FedRAMP: Added planned implementation date and steps to implement for a control implementation
  • FedRAMP: SSP exports now support FedRAMP status settings and control originations
  • FedRAMP: System Roles now export in OSCAL for control implementations
  • FedRAMP: Control implementations now properly export statements (objectives) using the by-component OSCAL format
  • OSCAL: Attachments, Links, and Comments now export into the OSCAL SSP

Changed

  • Bug Fix: Corrected data validation problem on issues
  • Bug Fix: FedRAMP SSP responsible role field is populated by role instead of the owner name
  • Bug Fix: All required fields for SSP system roles are identified and validated
  • Bug Fix: Threat identified date cannot be in the future
  • Bug Fix: Policy preview works correctly when uploading a new template
  • Bug Fix: Lookahead view works correctly upon direct navigation by URL
  • Bug Fix: The spinner deactivates and a message is displayed if a list view query fails
  • Security: Added the ability to delete/revoke Service Accounts
  • Bug Fix: Validation errors message in Issues module appears correctly at the bottom of the page
  • Bug Fix: Issues Workflows dropdown in the Workflows subsystems supports scrolling
  • Bug Fix: Minor fixes in the FedRAMP Test Case Procedures export
  • Bug Fix: Confirm Account button for a new account works correctly
  • Enhancement: Scorecard font increased for table view
  • Tech Debt: Removed legacy issue severity level service
  • Security: Tightened up MFA login to only use the current code (removed the recent code grace period)
  • Bug Fix: Addressed issue with count being off 1 on Time Travel subsystem
  • Enhancement: Replaced colored shield icon with padlocks to indicate public vs access controlled records
  • UX: Validation errors now render inside of the alert v/s below it
  • Bug Fix: Long lists of user roles now properly render on the Workbench panel
  • UX: Assess button on Scorecard no longer switches sides on the card when toggling into Edit mode
  • Bug Fix: Addressed Mega-API error when exporting system roles for a control implementation
  • Bug Fix: Fixed grand totals column on the issues by severity report

[5.8.1] - 2023-06-29

Added

  • N/A

Changed

  • Security: Improved route trimming for the Global Admin
  • UX: Improved tenant setup experience for Community Edition customers
  • Improved system setup wizard (differentiates between Global Admin and System Administrator now)
  • Bug Fix: Lightning Assessment toggle for implementation and evidence has a default state
  • Bug Fix: Replaced bad link for Community Edition license registration
  • UX: Minor formatting and button alignment tweaks
  • UX: Addressed formatting on the user confirmation page

[5.8.0] - 2023-06-28

Added

  • Questionnaire system supports adding questions to a questionnaire
  • Assessment Plan Module with Lines of Inquiry
  • Lines of Inquiry experience for conducting checklist based audits using the Assessment Plan module

Changed

  • Tech Debt: Removed unused files from two code projects
  • Bug Fix: Added attribute to an API method so that Swagger loads successfully
  • Enhancement: Added button route information to support automated testing
  • Bug Fix: Security Plans' GET API returns a 404 response when there is no security plan by a given ID
  • Bug Fix: Importing a policy template Word document completes without a 500 error
  • Bug Fix: User is informed why a policy template preview is unavailable
  • Security: Nuget patching for vulnerabilities
  • Bug Fix: Homepage dashboards with little or no data render correctly
  • Bug Fix: List view of risks on Risk Dashboard has correct title/header
  • Bug Fix: Section headers for the Risk Score card on the Risk Status Board are aligned
  • Bug Fix: Better contrast on Analytics sidebar slide-out
  • Bug Fix: Organization page renders properly when navigating via direct URL
  • Bug Fix: Facility form in the Setup panel validates input
  • Bug Fix: Control Implementation form shows validation messages
  • Bug Fix: Improved validation on Variables and Secrets section of the Admin panel

[5.7.1] - 2023-06-21

Added

  • N/A

Changed

  • Fixed bug in FedRAMP Test Case Procedure export button not displaying
  • Security: Patching of Nuget packages for .NET
  • Bug Fix: Policy editor tab is hidden until a new policy is saved

[5.7.0] - 2023-06-14

Added

  • Basic questionnaire builder features (BETA)
  • Basic RegScale ML features (BETA - SaaS only)
  • FedRAMP: Added System Role to control implementations
  • FedRAMP: Added overlays to OSCAL SSP export in system characteristics
  • FedRAMP: Added new fields to assets for FedRAMP
  • FedRAMP: Added FedRAMP overlays to the inventory section of the SSP export
  • Gantt view now allows for adding issues directly from the UI
  • Lightning Assessment: added the parent, title, and description to the left panel
  • Ability to make an implementation option private so that it is not shared
  • FedRAMP: Excel export of test case procedures
  • Reporting: Adding Evidence Locker files to the Component & Security Plans Evidence Reports

Changed

  • Performance: Refactored breadcrumb/navigation system lookup to be significantly faster
  • Performance: Refactored subsystem lookup to be significantly faster
  • Bug Fix: Page titles in the Changes module match the module name
  • Bug Fix: Creating new configuration variables works as expected
  • Bug Fix: Login works even if the login banner is not defined (or blank)
  • Bug Fix: Addressed logout issue when session expires
  • Bug Fix: User is prompted about unsaved changes when navigating away from a form
  • Bug Fix: Crumbcake navigation dropdowns dismiss when clicking outside them
  • Bug Fix: Crumbcake level links correctly navigate to their target records
  • Bug Fix: Minor rendering issues on assets
  • Bug Fix: Addressed validation error for assessments
  • Bug Fix: Icon close window fixed
  • Bug Fix: In evidence locker, delete button is now hidden in readonly mode
  • Bug Fix: Addressed logo rendering issue on the Unauthorized page
  • Bug Fix: Paging now works on the Tenant list for the global admin account
  • Bug Fix: Addressed a date comparison issue in the Incident Response module
  • Security: Trimmed access to missed routes based on authorization
  • Security: Added route guards preventing the Admin account from accessing other admin pages they should not
  • Bug Fix: System Administrator list on the global admin screen can now longer see service account users
  • Bug Fix: Addressed edge case error on FedRAMP POAM exports
  • Bug Fix: Time Travel count in subsystem menu is now correct
  • Bug Fix: Control tests now sort by Test ID providing a better index for sorting
  • Improved issue and task validation checks

[5.6.2] - 2023-06-09

Added

  • Continuous Monitoring to Supply Chain
  • FedRAMP - added FedRAMP System Roles to the SSP and OSCAL export
  • FedRAMP - now auto-generates the default system component based on the SSP
  • Questionnaires System supports uploading an Excel-based questionnaire
  • Added functionality to highlight missing data in exports (currently only available with SAR export)

Changed

  • Bug Fix: Comments will now prompt the user to confirm before allowing a delete
  • Bug Fix: Addressed issues with assessing requirements using the Lightning Assessment
  • Enhancement: You can now dynamically add tests to a Lightning Assessment as part of Continuous Monitoring
  • Bug Fix: Calendar option removed from Modules and Features configuration screen
  • Bug Fix: Fixed SSO auto-login after logout (now must take an overt action to SSO back in)
  • Enhancement: Various improvements to login flow to reduce confusion and improve the UX
  • Tech Debt: Removed Datadog monitoring code from SaaS
  • Bug Fix: Addressed issue checking LDAP status for the 'admin' break glass account
  • Bug Fix: Addressed dual logo rendering on the change password page
  • Bug Fix: Fixed error with routing between pages for first time with the admin account login
  • Enhancement: Removed login link since the application auto-redirects the user if not logged in
  • Security: QR code now emailed to setup MFA; further protecting the QR code secrets
  • Security: Added a prefix for MFA to distinguish between multiple environments (DEV, QA, PROD, etc.)
  • Bug Fix: Risks dashboard shows the correct number of open and closed risks
  • Bug Fix: Files subsystem shows pagination controls

[5.6.1] - 2023-06-08

Added

  • Software inventory feature for hardware assets
  • Billing Utilization: Ability to pull daily access logs as an Admin on the Utilization panel

Changed

  • Bug Fix: SSO now properly supports new user thin provisioning
  • Bug Fix: Fixed validation checks on control implementations with a "Not Applicable" status
  • Improved OSCAL SAP/SAR export for FedRAMP
  • Security: Improved role checks with JWT tokens throughout user and RBAC service
  • Fixed errors in UBI docker image

[5.6.0] - 2023-06-07

Added

  • Multi-Factor Authentication (MFA) support for all local accounts using Google Authenticator
  • FedRAMP Security: Now recording the date of the last password change
  • FedRAMP Security: Now records the date a user account was de-activated
  • FedRAMP Security: Re-organized the login experience to hide details and improve the authentication flow
  • SSO flag to indicate whether user accounts are externally managed by a 3rd party SSO provider
  • Kanban: Now tracks original due dates for tasks and any associated date slides
  • Patching: UBI Docker image that has fewer vulnerabilities
  • New export experience for transforming compliance artifacts

Changed

  • Bug Fix: Selecting multiple options in Value to Search dropdown for advanced search works as designed
  • Bug Fix: updated SBOM workflow to work on GitHub runners
  • Bug Fix: Fixed legacy link to C2 Labs support email
  • Bug Fix: Change password button works as designed
  • Improved SAP/SAR exports for OSCAL - now version 1.04 compliant
  • Tech Debt: Removed legacy atlasity ids throughout the application
  • Enhancement: Improved Asset endpoint comments for Swagger (getAll, GET, PUT)
  • Removed duplicate asset tab on Components
  • Enhancement: Improved button layout for integrations in the Admin panel
  • Naming convention for Docker images has changed from regscale:ubi-VERSION to regscale-ubi:VERSION as well as regscale-rocky:VERSION

[5.5.0] - 2023-05-31

Added

  • Workflow to automatically update the CHANGELOG on ReadMe.io when a new release is created
  • Workflow to automatically update the version on ReadMe.io when a new release is created
  • FedRAMP: Added security policies to the Admin panel (BETA feature)
  • Contingency Planning roles to cyber team responsibilities
  • BETA: Added SAR export to Word

Changed

  • Bug Fixes: Fixed console errors when loading the Context Viewer
  • Bug Fix: OSCAL exporter now works properly on Security Plans
  • Bug Fix: Evidence locker now accepts an update frequency of zero
  • Bug Fix: Operational SSP key date validation works as designed
  • Bug Fix: Continuous Monitoring instructions supports lengthier text
  • Bug Fix: Corrected issues on the Home Page dashboard
  • Bug Fix: Continuous Monitoring instructions can now handle long text
  • Bug Fix: Various improvements to inheritance UI
  • Bug Fix: Corrected date validation issues on the SSP
  • Tech Debt: Corrected various namespace issues in the controllers
  • Enhancement: Evidence locker now displays which controls are already selected
  • Enhancement: Evidence locker now allows hitting enter to search v/s having to press the button
  • Improved standards support for OAuth configuration of tokens

[5.4.0] - 2023-05-24

Added

  • Controls, Issues, Risks, and Assets tabs added to organizers
  • Refactored the Lightning Assessment experience within Continuous Monitoring
  • Evidence Locker - added fields (Evidence Owner, Update Frequency, and Last Evidence Update)
  • Evidence Locker now tracks owner and update frequency requirements - added to the Workbench for accountability tracking
  • Evidence Locker - uploading new evidence now automatically updates the Last Evidence Update field

Changed

  • Performance: Optimized indexing across modules to improve DB query performance
  • Bug Fix: Fixed weird logo rendering when logging in with break glass account
  • Re-arranged tabs on Security Plans for ease of data entry
  • Bug Fix: SortId added to control implementation filter API
  • Bug Fix: YAML upload works as designed
  • Bug Fix: Child record drop-down in the crumbcake nav dismisses when the user clicks outside of it
  • Bug Fix: Evidence Locker now looks up parent component in addition to parent security plan when doing bulk mapping
  • Bug Fix: License check validation improved to do a "soft" cap on users
  • Bug Fix: Lightning Assessments now validate that all tests have a valid result before saving
  • Bug Fix: Lightning Assessment failed tests now require a gap to be identified
  • Bug Fix: Manual assessments now correctly apply a compliance score
  • Bug Fix: All fields now correctly set defaults when saving manual assessments
  • Bug Fix: Addressed compliance calculation issues with Inherited controls
  • GraphQL: Added the Reference table to the graph

[5.3.2] - 2023-05-19

Added

  • FedRAMP: Added user logout alert

Changed

  • Security: Patched all NUGET libraries for .NET
  • Bug Fix: Addressed issue with CLI config API
  • Bug Fix: Removed analytics sidebar for GlobalAdmin
  • Performance: Optimized SBOM query to find all entries for an asset
  • Bug Fix: Improved change detection and fixed errors on several Angular pages
  • Bug Fix: Sort ID now properly set for a control on catalog import
  • Bug Fix: Classification system paging now works properly
  • Bug Fix: Evidence icon now renders properly in light mode
  • Bug Fix: Addressed issue with trying to save an objective without selecting an option

[5.3.1] - 2023-05-18

Added

  • Asset Cloud Identifiers for AWS, Azure, and GCP

Changed

  • Labeling: Security Checklist visualization now says Risks Remediated v/s Risks Mitigated
  • Added "Not Reviewed" to Security Checklist status options
  • Bug Fix: "Today" button for the date picker works in dark mode
  • Enhancement: "Dismiss" text for toast notifications is green
  • Bug Fix: Control Implementation now displays correctly when no objectives or parameters

[5.3.0] - 2023-05-17

Added

  • Improved UI for Inheritance and Control Mappings
  • Added ability to better document controls at the Objective level

Changed

  • Security: Performed some API hardening
  • Tech Debt: API controller class/files names match endpoints visible in Swagger
  • Bug Fix: Child records that are the same type as their parents render correctly in the crumbcake navigation
  • Bug Fix: Toast notifications work correctly in the Evidence Mapping Wizard
  • Bug Fix: Percent of issues closed on time is correctly computed on the Fix Problems dashboard
  • Bug Fix: Save button for editing user profile works properly
  • Bug Fix: "Other" status for security plans displays correctly in the status bar
  • Bug Fix: Security Plans Dashboard drill-down modals display correctly
  • Bug Fix: Security profile mapping renders correctly in dark mode

[5.2.2] - 2023-05-12

Added

  • N/A

Changed

  • SSO Bug Fix

[5.2.1] - 2023-05-12

Added

  • N/A

Changed

  • Privacy Impact Assessment (PIA) form streamlined based on customer input
  • Bug Fix: Refresh now works properly with the counters on the Evidence Locker
  • Buttons and badges are styled consistently
  • Fixed styling of the Risk Status Board for dark mode
  • Bug Fix: Added null-check before validating the CLI configuration
  • Tech Debt: Project and solution files simplified to not compile unused code

[5.2.0] - 2023-05-10

Added

  • FedRAMP System Roles added to the Security Plan
  • Automation admin panel to allow the CLI configuration to be saved securely in the RegScale database
  • Evidence Locker System
  • Description (Requirement Text) added to tailored SSP template and parameters replaced in description
    • If replaced, parameter is bold; if no parameter exists, parameter tag is highlighted
  • Categorization Justification added to tailored SSP template

Changed

  • Bug Fix: Fixed issues with usernames that have a capital letter in them
  • Bug Fix: Print view for Security Plans shows correct child record counts; also displays spinner when loading security control implementations
  • Bug Fix: The status bar has consistent arrow usage and a status indicator for active records
  • Bug Fix: Assignment link within emails navigates to the correct URL
  • Bug Fix: Usernames are not case-sensitive.
  • Bug Fix: Redirecting to a page after login works correctly.

[5.1.2] - 2023-05-05

Added

  • New risk scoring fields to the Risk module

Changed

  • Renamed all Azure AD labels to OAuth SSO
  • Bug Fix: Addressed Red Hat UBI build issue
  • Added UPN support for SSO with Azure AD

[5.1.1] - 2023-05-04

Added

  • New APIs for querying Supply Chain records
  • Categorization justification to the Security Plan module

Changed

  • Bug Fix: Fixed chart alignment for iPad
  • Bug Fix: Errors when connecting to LDAP
  • Big Fix: Pagination works correctly in the Files subsystem

[5.1.0] - 2023-05-03

Added

  • Outage Summary field to the Change Management module
  • Updated eMASS Software List sheet and mappings
  • Control Source and Exclusion Justification to Control Implementations
  • Home page sidebar is expandable/collapsable
  • Issue Status by Owner and Security Plan and Issue Status by Owner and Component reports have charts; those reports also default to all dates

Changed

  • Fixed warning on scope for renewing OAuth tokens
  • Bug Fix: Search works properly for Security Control Implementation and Scorecard
  • Tech Debt: Eliminated legacy calls to pre-load the old home page
  • Bug Fix: Improved chart queries and fixed various errors
  • Bug Fix: "Show More" button on the newsfeed is enabled/disabled properly
  • Bug Fix: Custom color theme works properly for multi-tenancy
  • Bug Fix: Form input left and right padding increased to accommodate scrollbars to prevent focus state border from being cut off
  • Bug Fix: Top nav buttons stay present when going from dashboard to any other page
  • Bug Fix: Overall status for Component dashboard calculates percentage correctly
  • Bug Fix: Users can properly log in after access token expires
  • Bug Fix: User Management System correctly shows added roles for a user
  • Bug Fix: User Management System correctly shows existing roles for a user
  • Big Fix: Drilldown modals from the dashboards show a close button

[5.0.1] - 2023-04-27

Added

  • Improved Lightning Assessment formatting for Dark Mode
  • Hover effects for My Activity and Notifications icons

Changed

  • Bug Fix: Tweaks to home page
  • Bug Fix: Technical POC on Exceptions now shows as a required field
  • Bug Fix: Corrected problem where issues may not save correctly
  • Bug Fix: Removed duplicate export option on SSPs
  • Truncated Lightning Assessment scoring
  • Removed console.logging on login
  • Improved validation for Security Plan FedRAMP Authorization status
  • Removed redundant "Close" buttons in modals
  • Multiple minor tweaks to Dark Mode formatting
  • Bug Fix: Addressed some issues with drilldown on Causal Analysis

[5.0.0] - 2023-04-26

Added

  • OAuth Identity Provider Support for Bring Your Own Identity (BYOI) and SSO
  • Ability to support sending unauthenticated SMTP email
  • Redesigned Home Page
  • Dark Mode
  • Changed GraphQL timeout to 60 seconds; added Initialize on startup for faster first queries
  • Redesigned the Lightning Assessment System
  • Added eMASS Hardware and Software list to Security Plans

Changed

  • Bug Fix: Organization Manager and Reports modules redirect to the login page if the user isn't authenticated
  • Updated logic for eMASS POAMs Export on SSPs to populate the milestone columns when no milestones are associated with the issue
  • Bug Fix: Policy Editor now hidden until the record is saved
  • Bug Fix: Children of Change Management records now correctly inherit RBAC permissions
  • Bug Fix: SecurityPlanId field for Issues is now properly assigned on creation
  • Bug Fix: Workflow now allows for formatted content in the comments field
  • Bug Fix: You can now create multiple custom fields with the same name if they are in a different tenant
  • Multiple enhancements and bug fixes to the security checklists for assets
  • Added warning on delay time for the Password Reset token
  • Bug Fix: OSCAL SAP & OSCAL SAR exports are available for Continuous Monitoring
  • Policy editor enhancements to utilize the Files subsystem for faster loading of large Word documents
  • Bug Fix: Ports and protocols now properly map in the SSP export

[4.26.3] - 2023-04-20

Added

  • FedRAMP: improved classification markup in OSCAL, added internal/external user counts
  • FedRAMP: Added support for Leveraged Authorizations
  • Security: Added SHA-256 Hashes to File Uploads
  • Vulnerabilities can now be associated with Assets
  • Asset Check Visualization
  • Improved drilldown into charts along with performance improvements throughout the application
  • Security control implementations have two independently scrollable content panes for Control Context and Configuration

Changed

  • Bug Fix: Modal dialogs from within the dashboards and crumbcake navigation now dismiss when navigating to the home page, status boards, modules, reports, or notifications.
  • Bug Fix: Fixed the SBOM pipeline
  • Bug Fix: Fixed issue where eMASS POAMs export was not handling special characters in issue description during export
  • Bug Fix: Modal for the file hash in the Files subsystem renders and closes correctly
  • Bug Fix: Catalog - FindbyGUID API now works properly
  • Bug Fix: RBAC inheritance now works properly throughout the application
  • Updated the warning on Control Inheritance (supports external Leveraged Authorizations now)
  • Bug Fix: Drilldown for some dashboard charts has been restored
  • Bug Fix: Policies can now be properly saved

[4.25.0] - 2023-04-12

Added

  • FedRAMP Automation overlays to SSP OSCAL export
  • FedRAMP E-Authentication levels to the System Security Plan (SSP)
  • FedRAMP Authorization Process flows
  • Spinner when loading large Asset SBOM files or when pulling SSP Status Board issues

Changed

  • Privacy Impact Assessment (PIA) data is now included in the SSP OSCAL export
  • Bug Fix: Exceptions can now be added to issues and risks
  • Bug Fix: Control tests now show properly as a Tab on assessments
  • Bug Fix: Addressed issue where group manager sometimes would not refresh group name after a change
  • Bug Fix: Addressed issue where Add User modal would not launch for a new user in a group
  • Bug Fix: Addressed issue where validation message would sometimes be off the page for Privacy Impact Assessment
  • Bug Fix: User avatar on side strip now navigate to user profile
  • Bug Fix: Generic SSP export updated for edge case issues on export

[4.24.2] - 2023-04-06

Added

  • Tenable ID field under integrations for Assets

Changed

  • Both the implementation statement and cloud implementation statement are now written to the Implementation Overview of the tailored SSP export
  • Bug Fix: Crumbcake navigation modal now closes when clicking on the app logo, My Activity, Notifications, and user profile menu
  • Bug Fix: Changes to generic SSP export

[4.24.1] - 2023-04-05

Added

  • N/A

Changed

  • Bug Fix: Fixed periodic export issue with generic SSP in Word
  • Bug Fix: Labels fixed on PIA Module
  • Bug Fix: SBOM workflow uses the correct internal URL
  • Bug Fix: Gantt charts now show for components
  • Replaced Azure AD with OAuth integrations panel
  • Provided a more friendly gnome graphic for control assessment failures

[4.24.0] - 2023-04-04

Added

  • Privacy Impact Assessment (PIA) Module
  • Security checklist queries via GraphQL
  • Improved signaling on Gantt charts plus the ability to toggle between Gantt and List Views
  • Importing policy templates from Word docs
  • Export tailored (generic) SSP in Word format
  • Qualys ID field for Assets under Integrations
  • APIs for batch creation and update of Security Checklists

Changed

  • Bug Fix: Gantt chart visualizations now sort by date and only show open issues
  • Improved signaling on the Scorecards for control status
  • Bug Fix: FedRAMP POAM export no longer highlights cells non-empty cells
  • Bug Fix: Several minor enhancements to the new Change Management module
  • Bug Fix: Gantt chart visualizations now sort by date
  • Bug Fix: Print view no longer includes icons from left nav
  • Bug Fix: Save button is available when creating a new supply chain
  • Bug Fix: Compliance visualization modal now properly dismisses

[4.23.0] - 2023-03-29

Added

  • Supply Chain Identifiers
  • Change Management Module
  • Endpoint to validate RegScale token
  • CMMC: Added Information Owner role to Teams system and Management Type to Assets
  • FedRAMP POAM Export
  • FedRAMP Risk Exposure Export
  • Asset Owner added to the MegaAPI for Security Plans
  • CUI SSP Export in Word format for NIST 800-171 (security plans only)

Changed

  • Increased size of toolbar options (e.g., save, delete)
  • Bug Fix: Enterprise utilities now properly show/hide based on license
  • Bug Fix: FedRAMP CIS/CRM Export - added FedRAMP High Template for Security Plans with a High overall categorization
  • Removed TestTimeout API
  • Fixed typos on eMASS SAP/SAR template
  • Tech Debt: Organized FedRAMP and eMASS template files into better structure
  • Added logging for SBOM workflow script
  • Bug Fix: Pressing Enter in search no longer toggles form to readonly mode
  • Bug Fix: Console errors no longer occur for custom fields
  • Bug Fix: Components tab for Assets module now accessible for Asset Users
  • Bug Fix: Gantt Chart tab correctly displays for Organizer modules
  • Bug Fix: Fixed issue where sometimes a new asset could not be saved
  • Increased button spacing on the toolbar to support touchscreens (e.g., iPad)

[4.22.0] - 2023-03-21

Added

  • N/A

Changed

  • Bug Fix/Tech Debt: Added many missing fields to search and consolidated search field lookup
  • Bug Fix: Fixed styling on icons in Threats module
  • Bug Fix: Validation messages now show properly in the Threats module
  • Bug Fix: Addressed issues on time travel revert
  • Bug Fix: Interconnects - fixed IP address validation issues

[4.21.2] - 2023-03-19

Added

  • Enhancements to risk form and process flow indicators

Changed

  • Bug Fix: Objective/Parameter Order Fixed

[4.21.1] - 2023-03-18

Added

  • FedRAMP: Continued improvements to the handling of parameters

Changed

  • Bug Fix: Addressed issues with modals

[4.21.0] - 2023-03-15

Added

  • FedRAMP: Exported FedRAMP SSP now directly attaches to the file system for download
  • Improved the overall Parameter user experience

Changed

  • Bug Fix: Removed bad link to old registration form (broken during website migration)

[4.20.2] - 2023-03-09

Added

  • FedRAMP: Address and company fields to the user profile

Changed

  • Performance: Increased timeout to 5 minutes for long running jobs (i.e. FedRAMP SSP export)
  • Performance: Refactored SSP Word export to reduce build times, improved document formatting

[4.20.1] - 2023-03-09

Added

  • Assets: Added fields to fully support FedRAMP Inventory workbook

Changed

  • Bug Fix: Code behind errors fixed on forms
  • Bug Fix: Addressed styling issues on export buttons and added missing export options
  • Security: Enhancement for email encryption
  • FedRAMP SSP: Added more logging, interconnections, ports and protocols

[4.20.0] - 2023-03-08

Added

  • New Home Page navigation bar on side panel and discrete routes for dashboard analytics
  • New toolbar added to forms, utility UI consolidated into new design
  • Tenant Id added to the JWT providing for more efficient API calls
  • Security: Added support for TLS 1.2 for sending email using FIPS approved services
  • Improved error handling and logging for all form saves/updates
  • Fine grained access control per API call to accomodate Read Only use cases
  • FedRAMP: Detailed logging to Mega API and FedRAMP exports to help troubleshoot environmental issues
  • eMASS: SAP/SAR Export

Changed

  • Bug Fix: Fixed bug showing option to create child security controls directly under security plans (forces through Builders)
  • Security: Now refreshes the server side user cache after any change to a user role
  • Bug Fix: Improved formatting on Personal Access Token
  • Bug Fix: Formatting on Security Plan print improved
  • Bug Fix: Addressed issue where sometimes RBAC editing would not be properly enabled
  • Bug Fix: Addressed issues with readonly permissions throughout the application
  • Bug Fix: Import catalogue parameter UUID if it exists when importing catalogues
  • Performance: Fixed slow loading speed with large numbers of security controls
  • CSS: Fixed deprecated style tags
  • Enhancement: Ports and protocols data added to Interconnects in the MegaAPI
  • Enhancement: Display catalogue date imported
  • Enhancement: Import catalogue parameter default if it exists when importing catalogues
  • Security: Container patching for Linux Alpine image
  • Bug Fix: Addressed periodic date rendering issues throughout the application
  • Improved completeness of FedRAMP SSP export
  • Fixed rendering issues on Status Board spacing
  • Bug Fix: Fixed import issues on UUID and default parameter values

[4.19.1] - 2023-03-03

Added

  • Theming system selecting custom colors throughout the application
  • Longer timeouts for doing FedRAMP exports to accomodate large jobs

Changed

  • Bug Fix: Interconnects can now be created under Security Plans
  • Scorecard now defaults to using the SortId field for ordering controls
  • Bug Fix: Sort ID now used by default in profile mappings

[4.19.0] - 2023-03-01

Added

  • Improved formatting of Catalog print page along with adding more information (parameters, objectives, and tests)
  • Digitized the FedRAMP Low, Moderate, and High catalogs using FedRAMP resolved catalogs
  • Additional filtering options to the scorecard controls (customer responsibility)
  • Added rollup by control family to the Scorecard visualization
  • Built out additional FedRAMP and eMASS automated exports

Changed

  • Security: Red Hat UBI and Rocky Linux patching
  • Catalog print now sorts by "sort-id"
  • Security: Improved validation of user data when creating a new user
  • Improved data validation in all back end controllers
  • Improved export file names to include object title, module, and RegScale record ID
  • Added indentation to the downloaded catalogues (JSON)

[4.18.2] - 2023-02-24

Added

  • N/A

Changed

  • Bug Fix: Corrected issue where sometimes eMASS exports can become corrupted in Excel files
  • Bug Fix: Improved validation and error handling for FedRAMP exports

[4.18.1] - 2023-02-22

Added

  • Cloud implementation field for Control Implementations - supports Hybrid cloud use cases
  • Security Checks capability to Assets
  • Parameters on security controls can now accept default values
  • Support for eMASS POAM export

Changed

  • Bug Fix: Fixed typo Security Plan Cloud tab
  • Bug Fix: Options now refreshes objectives when a new one is created
  • Bug Fix: Periodic issues with corrupting Word exports
  • Tweaked CI/CD pipeline files and added GitHub templates
  • Security: Fixed an issue related to Azure AD SSO deactivation
  • Security: Last login now properly stored for SSO users

[4.18.0] - 2023-02-21

Added

  • STIG fields to issues (Security Checks and Recommended Actions)
  • Cloud fields added to SSP metadata to support FedRAMP
  • FedRAMP fields added to Interconnect module
  • Dynamic Policy Authoring Capability
  • CMMC Enhancements - loaded 800-171A objectives and tests to the catalog
  • Support for Australian ISM catalog (leveraging our OSCAL importer)
  • Control status strip to the Scorecard
  • Mega-API - added Teams and References

Changed

  • Bug Fix: Addressed alignment issues in the compliance visualizer
  • Bug Fix: Addressed issue where sometimes the vertical scrollbar on the page would not reach the last field
  • Bug Fix: Close button now works properly on lightning assessments
  • Bug Fix: Improved status coloring in the compliance cockpit
  • Bug Fix: Creating components from SSPs now works properly
  • Bug Fix: Security controls can now be edited without errors
  • NPM security patching
  • Refactored and consolidated the Continuous Monitoring experience in the application
  • Rearranged the control implementation form to streamline data entry and intelligently render the UI based on objectives and parameters being available

[4.17.0] - 2023-02-15

Added

  • API support in Readme.io with example code for testing API code in 20+ languages
  • Control Context Viewer
  • Interconnect information is now returned as part of the SecurityPlan Mega-API
  • FedRAMP Preparation fields and tab to the Security Plans module
  • Components and SSP Evidence reports

Changed

  • Bug Fix: You can now properly search within Explorer list view tables
  • Security: Patching of all NUGET packages for .NET
  • Objectives now show parameters values for control implementations
  • Bug Fix: OSCAL SSP now properly exports all control implementation data
  • Improved layout and token explanation on the user profile page
  • Simplified "My Profile" side panel text and display
  • Added sorting and indexing to improve control display and retrieval

[4.16.1] - 2023-02-09

Added

  • N/A

Changed

  • Hot Fix: Issue page loading (missing migration)

[4.16.0] - 2023-02-08

Added

  • Crumb Cake Navigation
  • Added SortId to Security Controls (allows for custom sorting algorithms for catalogs such as NIST)
  • Adverse Condition reporting to Issues Module
  • Added ability to import and export Classification Types (published 800-60 options on the website)
  • Continuous Monitoring records now have an editable form for metadata
  • Ports and protocols to FedRAMP SSP Export

Changed

  • Moved up Risk Dashboard toggle button
  • Bug Fix: Duplicate components can no longer be added for an asset
  • Bug Fix: Security Controls paging now works correctly in list views
  • Bug Fix: Add New user button now works correctly
  • Group names are now editable
  • Tech Debt: Refactored group service and improved security
  • Bug Fix: Fixed issue with loading Categorization profiles
  • Bug Fix: Improved validation for creating implementation options on a security control

[4.15.1] - 2023-02-03

Added

  • Control Owner added to Security Plan Mega API
  • Improvements to subsystem intra-system navigation
  • Support for linking issues to Microsoft Defender for Cloud
  • Pagination to Classified Record Subsystem
  • Added risk and issue drilldown to the Status Boards

Changed

  • Tech Debt: Angular 15 upgrade along with multiple NPM package updates, security patching
  • Bug Fix: Fixed issue where sometimes the spinner would not load or dismiss
  • Bug Fix: Fixed periodic rendering issues with the Time Travel system
  • Bug Fix: Removed Date Created column on Service Account queries
  • Bug Fix: Back arrow now works on navigation strip for control implementations
  • Bug Fix: FedRAMP and eMASS exports now only show on the appropriate modules
  • Bug Fix: Security Plan print and Transformer now working properly
  • Bug Fix: Paging now works properly on Classification
  • Bug Fix: References field now properly displays on Security Controls

[4.15.0] - 2023-02-02

Added

  • Support for Rocky Linux containers
  • FedRAMP Export to Word SSP (BETA)
  • "Archived" as a status for Control Implementations
  • Unified Subsystem UI for easier navigation between systems

Changed

  • Bug Fix: Fixed issues exporting OSCAL related to Time Travel
  • Bug Fix: Added server side validation to the license key
  • Bug Fix: Risk tabs now show the correct related modules
  • Bug Fix: All related tabs now properly check for duplicates
  • Bug Fix: All related tabs have been refactored to work with the Read Only toggle
  • Security: Disabled password reset and password change for AD/LDAP users
  • Implementation options are now set at the control level v/s the objective level
  • Security: Removed Bearer token from the UI, no longer displays
  • Bug Fix: Pagination now works properly with multiple grids on the same page
  • Bug Fix: Fixed edge cases where Time Travel was not rendering properly

[4.14.0] - 2023-01-25

Added

  • New Inheritance Engine supporting many to many architecture

Changed

  • Bug Fix: Charts now format properly on the security plan print form
  • Bug Fix: Recurrence engine now works properly for assessments
  • Bug Fix: My Activity now formats and pulls data correctly
  • Bug Fix: Expiration date now displays properly for Interconnects
  • Bug Fix: Components mapping now shows valid security plans in the picklist
  • Bug Fix: Lineage tab now properly pulls all Inheritance data
  • Bug Fix: History system now properly records all view events
  • Enhancement: Improved documentation linking system
  • Enhancement: Explorer is now more resilient to data issues and renders properly

[4.13.0] - 2023-01-18

Added

  • OSCAL - supports "by-component" markings on SSP controls now
  • Refresh button for notifications
  • Upgraded all .NET Core SDK and Nuget packages to .NET 7
  • Completed major UI redesign
  • Refactored forms and list views to reduce duplicate code and improve quality
  • Added server side auditing to all records in RegScale
  • Added support for Azure Key Vault for SaaS secrets
  • Added higher performance Role Based Access Control (RBAC) on the server side
  • Added Properties subsystem
  • Added stricter validation to server side for ParentId and ParentModule to support API integrations
  • Added method for purging logs (used by the CLI) and improved indexing on Log queries
  • Expanded Exceptions module - added Technical POC, Risk Analysis, and Mitigations to the form
  • Read-only views for all modules; ability to toggle into Edit view
  • Expanded response plan fields/data in support of the Incident Response module
  • New References system to support FedRAMP use cases
  • Security Plans - added Purpose and Conditions of Approval
  • New risk fields to support automated FedRAMP exports
  • New threat fields to support automated FedRAMP exports
  • FedRAMP methodology fields to Continuous Monitoring
  • Significantly expanded the assessment module to support larger scale audit needs
  • Team system for tracking teams and points of contacts for various applicable modules
  • Milestone system added for tracking key dates on projects, assessments, issues, etc.
  • Conditions system added for tracking assumptions, deviations, and constraints
  • GraphQL system for dynamic data querying
  • Tools system added for conducting assessments with automation (supports FedRAMP)

Changed

  • Bug Fix: Modals on reports are now formatted properly
  • Bug Fix: Catalogs no longer duplicate subsystems in the JSON export (50% file size reduction)
  • Updated End User License Agreements (Enterprise and Community)
  • Transformer feature is now hidden when no mappings exist
  • Bug Fix: Transformer modal for mapping now properly maintains state, eliminated duplicate code
  • Bug Fix: Transformer now properly renders on the Security Plan printable form
  • Modal styling improved throughout the app
  • Bug Fix: Risk Assessment Wizard now properly resets all fields when creating new
  • Bug Fix: Component Mappings now checks for duplicates
  • Bug Fix: Improved validation for the assessment result
  • Bug Fix: Relationship modal issues are now fixed
  • Bug Fix: Database seeding now properly timestamps tenant creation
  • Bug Fix: Incident module now appropriately disables in the App menu without role
  • Removed subscription/poller that updated notifications to improve application performance
  • Removed support for Windows container builds, now Linux only
  • Bug Fix: Fixed security setting blocking Azure AD SSO popup window
  • Improved alert system styling while adding ability to dismiss
  • Multiple performance optimizations for list views
  • Bug Fix: Control Implementation API - QuickUpdate now works in Swagger
  • Bug Fix: RBAC checks now enforced on Delete operations
  • Dramatically improved performance for cascade delete operations
  • Bug Fix: Improved the ability to delete (cascading) records throughout the system with higher efficiency
  • Refactored print services for better quality of reporting
  • Bug Fix: Fixed multiple errors with missing/incorrect links in emails
  • Optimized dashboard rendering and toggling between years
  • Expanded responsibility list for controls to meet FedRAMP requirements
  • Cutover links to new documentation system at README.io
  • Added warning when creating custom fields that they cannot be deleted
  • Redesigned dashboard UI
  • Improved performance of backend calls to minimize network traffic
  • Security patching and upgrades of all .NET Nuget and NPM packages to the latest versions
  • Updated process for publishing Helm charts
  • Improved build times for CI/CD pipeline, cleaned up legacy code
  • Improved logging and checks for startup environment variables

[4.12.2] - 2022-11-29

Added

  • N/A

Changed

  • Hot Fix: SSO login fix

[4.12.1] - 2022-11-11

Added

  • Improve Azure Object storage support
  • SBOM generation added to CI/CD pipeline

Changed

  • Removed all legacy Sentry.io monitoring code (using Datadog for SaaS)
  • Bug Fix: Resolved security control preventing OSCAL download
  • Removed OSCAL validation from RegScale code, now done by CLI
  • Updated Kubernetes managed service installation instructions
  • Bug Fix: Causal analysis now displays properly in the Explorer
  • Security: Patching of NPM vulnerabilities (fixed critical)

[4.12.0] - 2022-11-02

Added

  • Added support for Microsoft Defender via CLI/APIs
  • Software Inventory Tracking
  • Many additional fields for asset tracking
  • Added support Azure blob/object storage
  • Added Datadog Application Performance Monitoring (APM) for SaaS
  • API for filtering issues by integration type
  • Added support for Software Bill of Materials (SBOM)
  • PrettyJSON print functionality with dark mode
  • Security.txt record for security researchers to contact RegScale for vulnerabilities (https://securitytxt.org/)

Changed

  • Patched Kendo libraries, Angular, TypeScript, and other libraries
  • Bug Fix: Fixed catalog spinner not disappearing when import is completed
  • Security: restricted sensitive API calls
  • Security: Enabled Content-Security-Policy
  • Tech Debt: Stored CSS files locally to prevent need for internet access
  • Removed Google Maps feature - now supported via external Business Intelligence reporting
  • Refactored System Configuration UI
  • Bug Fix: corrected issue where Tenant ID may not be properly set for a new user in a tenant
  • Security: added server side checking for User Profile edits to prevent account spoofing
  • Security: comment metadata is now set server side
  • Security: Limited LDAP logging to avoid exposing sensitive information
  • Performance: Improved indexing for returning logs in the admin panel

[4.11.0] - 2022-10-22

Added

  • Increased logic, cascading, and logging for deleting security plans
  • New APIs to support the Reminder CLI
  • OSCAL: SSP Export upgraded to support 1.0.4 version
  • OSCAL: Added support for exporting inventory
  • OSCAL: Now exports all SSP properties
  • OSCAL: Comments are now exported as remarks
  • OSCAL: Attachments and links are now exported as links
  • OSCAL: Objectives are now exported as statements
  • OSCAL: Added generic method to export all properties of an object in OSCAL format, enriched data in the export
  • OSCAL: Added specific validators to prevent errors in the export

Changed

  • License check is now performed pre-login
  • Bug Fix: Fixed legacy Atlasity tag on email notifications
  • Improved performance of bulk deletes on subsystem records
  • Bug Fix: Security profile importer now has the correct label
  • Bug Fix: Categorization no longer shows the toolbar options (print, email, etc.)
  • Security Patching: Nuget and NPM

[4.10.1] - 2022-10-16

Added

  • N/A

Changed

  • Bug Fix: Routing for risk assessment wizard
  • Bug Fix: Parent linkage for risk assessment wizard
  • Enhancement: Improved risks assessment UI when no controls are available

[4.10.0] - 2022-10-15

Added

  • Risk Assessment Wizard
  • Reminder APIs to support the CLI
  • OSCAL Version 1.0.4 enriched for SSP model

Changed

  • Patched Telerik libraries with latest upgrades and bug fixes.
  • Added timer and progress spinner to catalog upload (useful for long uploads (i.e. for 800-53))
  • Bug Fix: properly redirects after login
  • Security: Password reset must always be done server side now.

[4.9.2] - 2022-10-02

Added

  • Billing/Utilization system
  • Improved error handling for file uploads
  • Task reporting

Changed

  • Added way to revert inherited controls back to a default status if done by mistake
  • Archived controls can now be found when looking up a control implementation's parent security control
  • Time Travel system now removes HTML tags and properly formats text for display to the user
  • Bug Fix: Kanban now properly resets status when moving from "Closed" to "In Progress"
  • Group list is now sorted alphabetically and permissions were relaxed for READ operations
  • Workflow: Selecting a workflow now auto-closes the modal in the subsystem

[4.9.1] - 2022-09-26

Added

  • New assessment reporting

Changed

  • Bug Fix: Password buttons are now hidden for AD/LDAP users
  • Bug Fix: Filter tasks now works properly on the list view

[4.9.0] - 2022-09-25

Added

  • Access Logs added to User Admin Panel
  • AD/LDAP Distinguished Name is now inferred v/s explicitly set on login (supporting a wider variety of configurations)
  • Centralized Avatar component used throughout the application
  • Security Plan Mega API to pull all details and pre-format for processing
  • Additional details now print on the Security Plan:
    • Objectives
    • Parameters
    • Attachments
    • Comments
    • Links

Changed

  • Added ID tags to all home page elements to support automated E2E testing
  • Added default alert if a user logs in without any roles assigned
  • Bug Fix: Tweaked alerts for creating System Admininstrator in the Admin Panel

[4.8.3] - 2022-09-22

Added

  • Password complexity component to centralize business logic
  • New multi-tenant management experience
  • Distinguished Name field for customizing AD/LDAP sync functionality

Changed

  • Bug Fix: Tenant manager now redirects properly to the Admin form for new tenant setup
  • Improved formatting/spacing for license info

[4.8.2] - 2022-09-19

Added

  • Now able to enable/disable the email feature in RegScale
  • Copy component - for easily copying and pasting info to the clipboard

Changed

  • Improved error handling for detecting invalid or malformed JSON uploads for a catalog or profile
  • Bug Fix: Now prevent Chrome autofills on Email form
  • Security Enhancement: All email now requires authorization to send
  • Bug Fix: Catalogs now correctly set the UUID
  • Enhancement: Added fallback to try and find a control by ID when importing a profile (more resilient)

[4.8.1] - 2022-09-12

Added

  • Ports and Protocols tab to Interconnects
  • Increased SQL Timeout for Long Running Jobs
  • Ability to edit links
  • Refactored security plan print to pull more data

Changed

  • Bug Fix: Fixed minor formatting issues on Look Ahead and New Form Cockpit
  • Minor color and styling tweaks throughout the application for issues
  • Enhancements: Inheritance now only displays security plans for selection with one or more inheritable controls
  • Mnor improvements to fonts/styling throughout the application
  • Bug Fix: Continuous Monitoring now logs properly to history
  • Bug Fix: Login "admin" check is no longer case sensitive
  • Tenant form now defaults to the User view in the IAM panel

[4.8.0] - 2022-09-05

Added

  • Support for Exporting/Importing Profiles via OSCAL in RegScale
  • Redesigned Master Assessment/Continuous Monitoring System
  • Improved UX for managing Users
  • Gantt Chart - now supports toggling for a List View
  • Added new risk fields - Title/Unique ID and Risk Tier
  • API for retrieving license info (used by RegScale-CLI)
  • Login now captures history of logins by users
  • Added a guided/interactive walkthrough for Admins to setup RegScale
  • Added a Setup panel for Admins to guide progress for initial system setup
  • Refactored catalog upload to be more performant and resilient for large catalogs (i.e. 800-53)
  • Spinner added to Logs page when looking through large amounts of data
  • AD/LDAP Sync now shows directory attributes to assist in mapping, refactored and improved UX
  • Added ability to deactive/delete all AD/LDAP users for the Global Admin account
  • Lightning assessments now prompt you to create tests if none exist

Changed

  • Bug Fix: RMF mapping features are now properly locked to enterprise
  • Bug Fix: Service accounts no longer show in the User Role assignment list
  • Bug Fix: Bulk editing security controls now works properly
  • Bug Fix: Inherited controls now properly show in the wizard for security plans
  • Bug Fix: Added try/loopback logic on catalogs (avoids intermittent network errors on very large catalog uploads)
  • Bug Fix: Master catalogs are now locked to Enterprise Edition
  • Bug Fix: Mapping conversion panel now dismisses the modal
  • Bug Fix: Notifications can now be properly disabled in the Admin panel
  • Bug Fix: Modal for AD/LDAP sync now renders properly
  • Bug Fix: Tested and fixed all catalog import/exports
  • Bug Fix: OSCAL Profile exports now work properly
  • Consolidated all export functionality to simplify code
  • Added Excel export option to tables in reports
  • Improved design of headers within the Admin panels
  • Components can now use the Continuous Monitoring feature

[4.7.2] - 2022-08-28

Added

  • Admins now have the ability to manually change a user's password

Changed

  • Bug Fix: AD/LDAP sync now properly shows/hides based on enabling/disabling the feature
  • Bug Fix: Administrators can no longer change other user's profile pictures
  • Bug Fix: Several options for configuration now properly disabled for the Global Admin account
  • Bug Fix: Categorization header on the modal now formats properly

[4.7.1] - 2022-08-24

Added

  • N/A

Changed

  • Inheritance engine now only allows inheritance of Security Plan controls that are flagged as inheritable
  • Bug Fix: Navigation panel now properly pulls the correct controls in all situations

[4.7.0] - 2022-08-23

Added

  • Inheritance Engine
  • Lineage Tab now shows inheritance info

Changed

  • User ID is now copyable to the clipboard on the User Profile
  • Replaced Bootstrap Modals with Angular Material
  • Multiple minor enhancements to reporting
  • Fixed bug with strange characters sometimes showing in Kendo UI
  • Added CISA KEV as a Threat Type
  • Bug Fix: Project builder now properly links to profiles
  • Bug Fix: CMMC fields now properly show/hide
  • Bug Fix: Fixed periodic errors fetching a user ID

[4.6.1] - 2022-08-12

Added

  • Ability to delete Custom Reports on List Views
  • Added multiple new reports for Issues/POAMs
  • Added support for Red Hat Universal Base Image (UBI) containers for RegScale
  • Added support for publishing RegScale containers to Amazon Container Registry
  • Redesigned Look Ahead system on the main dashboard
  • Added Azure Sentinel SIEM/SOAR monitoring for managed service customers

Changed

  • Issue Report by Date Range - can now show/hide details
  • Refactored list views to remove unnecessary services
  • Bug Fix: Drilldown for assessments, issues, and risks on the Status Boards now pulls all data regardless of what level it is stored
  • Bug Fix: Categorizations can now be properly exported
  • Refactored reports based on customer feedback, added minor new features

[4.6.0] - 2022-08-02

Added

  • Categorization Engine MVP
  • News Feed Redesign for the Main Dashboard
  • eMASS Exports

Changed

  • Added custom icons for the modules in the navigation menu
  • Added missing module toggles for Components and Catalogues
  • License check now trims whitespace to avoid copy/paste errors
  • Bug Fix: Fixed issue with non-OSCAL naming convention not showing objectives
  • Bug Fix: Made "Name" a database required field for Security Profiles
  • Bug Fix: Icons now load correctly without a 3rd party pre-loading NPM package
  • Bug Fix: Assessment charts now render correctly on list views
  • Bug Fix: Supply Chain Status Board - chart rendering issue
  • Bug Fix: Replatformed icons to remove NPM package and work with Angular 14
  • Bug Fix: Fixed search on Requirements Navigation Bar

[4.5.1] - 2022-07-07

Added

  • Improved Control Status visualization across Status Boards and Scorecard
  • Ability to describe the mitigation type for a control for a risk (Key Control or Compensating Control)
  • Master Assessment now allows the user to select specific controls to assess in support of continuous monitoring programs
  • Status Boards now pull deep-linked issues and risks for a more complete compliance picture (matching the Scorecards)
  • Optimized startup file configuration
  • MVP of Risk Status Board

Changed

  • Fixed coloring on Status Board aggregate view for control status
  • Bug Fix: Security controls can now be edited
  • Bug Fix: Wrapped Serilog in try/catch to ensure it doesn't block new installation startup
  • Renamed Master Assessments to Continuous Monitoring
  • Refactored status board logic to be more efficiently rendered, multiple minor bug fixes
  • Consolidated SSP and Component status boards into one
  • Consolidated compliance scoring for status boards and score cards
  • Master Assessments now can be scheduled for components
  • Added Draft as a Risk status
  • Added Validation to do NULL checks on strings

[4.4.4] - 2022-06-22

Added

  • Now supports dynamic OSCAL content authoriing for objectives and parameters
  • Parameters now inherit from their parent catalog
  • Added advanced logging support via Serilog
  • Added support for parsing and dynamically updating OSCAL parameters in the control implementation module
  • Added SignalR for real-time communications on notifications (removed polling)
  • Added Route Titles in Angular
  • Addded Logs tab to the Admin panel to improve Customer Support experience
  • Added notification toast when classification options are saved/removed
  • Added a new "toast" system for notifications using Angular Material
  • Deep linking to Jira tickets for Issues/POAMs
  • Component name now shows on control implementation list view
  • Database rearchitecture in Entity Framework to allow multiple database support
  • ServiceNow integration
  • "Inherited" option for a Control Implementation status

Changed

  • Bug Fix: Page now refreshes after editing license key
  • Username and password are now trimmed of whitespace to avoid paste errors
  • System service-account no longer shows in the user list
  • Fixed CSS on user role tables
  • Bug Fix: can now create a component from a SSP
  • Implemented AsNoTracking on all read queries to improve query performance against the database
  • Removed legacy logging system
  • Removed blank status option for Requirements
  • Bug Fix: Controls can no longer be added as children to Assets (only to their parent Components)
  • Suppressed false errors on Angular build
  • Removed legacy Jira code (now bulk processes in CLI)
  • Refactored to fix FirstOrDefault inconsistency bug
  • Assessment buttons now intelligently show/hide based on the state of the form (isDirty)
  • Fixed critical alerts from Sonarqube
  • Security Plan Status Board now properly reflects all status options for a Control
  • Bug Fix: Progress calculation on control navigation strip now excludes NA and Inherited from total

[4.3.0] - 2022-06-05

Added

  • Deep linking for Wiz.io issues in RegScale
  • Enhanced container error logging for LDAP issues
  • Control navigation bar in the Control Implementation and Requirements forms
  • New Assessment and Naviations System UX for Controls/Requirements
  • Added support for AWS Simple Email Service (SES)
  • Added mouse hover effect for Status Board links
  • Angular 14 upgrade
  • Ugraded CI/CD deployment process - removed legacy pipeline files
  • ServiceNow Integration for Incidents

Changed

  • Improved signaling for Volpe integration (better handles errors on Volpe side)
  • Improved threat data validation
  • Security Plan Print - now shows additional parent control fields
  • Security hardening, patching, and remediation from penetration tests
  • Added a spinner to the Password Reset to visualize progress
  • Bug Fix: Multiple drilldown issues fixed on Status Boards
  • Bug Fix: Component to Asset mapping is now fully bi-directional
  • Security: All Nuget .NET packages patched and updated
  • Removed legacy/inefficient AI code
  • Security: NPM upgrades/patching of packages
  • Caching bug fixes on tenant form
  • Bug Fix: Data Call - fixed missing toasts
  • Bug Fix: Security Controls - Control ID is now sortable

[4.2.0] - 2022-05-30

Added

  • Deep linking URLs to support SSO use cases
  • eMASS fields added to the risk form
  • Risks and Issues can now be tightly related for improved risk modeling
  • Risks and Incidents can now be tightly related for improved risk modeling
  • Risks and Threats can now be tightly related for improved risk modeling
  • Modules now have a label tag in the Compliance Cockpit for ease of module identification
  • Threats - now have a "Date Resolved" field
  • Compliance cockpit now has a tooltip showing the full title for longer length titles

Changed

  • Bug Fix: Interconnects modules now display correctly
  • Interconnect form - conditionally shows red asterisks for date fields
  • Security Plan form - conditionally shows red asterisks for date fields
  • Risk from - conditionally shows red asterisks for date fields
  • Security - Password reset token can now be used only once (formerly were good for 24 hours - now will expire in 24 hours or upon first use)
  • Enhanced formatting of Compliance Cockpit
  • Added a tooltip to Transformer to explain "Master" catalog
  • Incidents module now has a new Forensic tab
  • Threat module has a new Analysis and Mitigations tab
  • Risks - "Mitigation Effectiveness" is now a required field

[4.1.2] - 2022-05-26

Added

  • N/A

Changed

  • Bug Fix: Objective options now save and refresh correctly
  • Bug Fix: Avatars now can be changed without refreshing the page

[4.1.1] - 2022-05-25

Added

  • Enhancements to Issue Reporting

Changed

  • Bug Fix: Report page renders properly
  • Bug Fix: SPRS drilldown on View link

[4.1.0] - 2022-05-23

Added

  • Enhancements to Toast System
  • Enhanced Custom Field validation
  • Assets can now be mapped to many components
  • Components can now be created stand-alone (not required to be a child of a security plan)
  • Components can now be mapped to many security plans
  • Can now load default tests from the catalog into control implementation tests (templates from the catalog to feed Lightning Assessments)
  • Added spinners when building artifacts using the Builder Wizards to show progress
  • Objectives tab on control implementations now shows/hides based on parent catalog
  • New top navigation system to better organize modules
  • Unit testing framework to support automated testing
  • Wiz integration for Assets
  • Report - Issues by Time Range - query and see status of closing issues/POAMs due in a given time range, grouped by issue owner
  • Explorer now shows the Level flag for better visual indication of the tiering
  • Added logging and spinners to better show progress when importing and deleting catalogs

Changed

  • Bug Fix: Can now add Assets to Components
  • Bug Fix: Asset mapping APIs are no longer hidden
  • Profile mapping engine now shows IDs of the parent catalogue
  • Bug Fix: Fixed intermittent bugs on Component and Project Builder Wizards
  • Refactored assessment services for performance optimization
  • Bug Fix: Fixed naming convention on Excel download files
  • Trivy was added to the container build as a second vulnerability scanner for defense in depth
  • Startup file was refactored to be more efficient on launching the application
  • Improved logging to detect intermittent upload errors with catalogs
  • Bug Fix: Avatars render properly on user admin forms
  • Bug Fix: Added null check for custom fields on security control form
  • Bug Fix: Subsystems now show properly on security control forms
  • Bug Fix: Catalog export now excludes archived controls

[4.0.3] - 2022-05-11

Added

  • N/A

Changed

  • Bug Fix: Removed Avatars on Excel downloads
  • Bug Fix: Improved error handling for catalog uploads
  • Bug Fix: Corrected intermittent issues with custom fields

[4.0.2] - 2022-05-10

Added

  • N/A

Changed

  • Fixed POAM tab not showing
  • Improved RBAC logging for access control issues

[4.0.1] - 2022-05-09

Added

  • N/A

Changed

  • Improved hide/close button on builders (always shows)
  • Questionnaires now have a BETA tag
  • Cleaned up legacy Print, Email, and Export code
  • Bug Fix: Errors on Project Builder
  • Build optimizations on backend
  • Supply Chain tables now sort correctly by Title
  • Create New stakeholder button now shows/hides when displaying the data entry form
  • Updated SPRS Report CMMC Links
  • Password confirmation now supports additional special characters
  • OSCAL download now working correctly
  • Bug Fix: Fixed error where numbers were sometimes converted to dates by the Time Travel system

[4.0.0] - 2022-05-08

Added

  • Redesign of the Compliance Cockpit and RegScale form system
  • NGRX for client side caching and extreme front-end performance improvements
  • Updated Support Links to the new RegScale Hubspot system
  • Component Builder

Changed

  • Refactored all Builder code
  • QA: Added validation to Supply Chain cost fields (contract value, funded amount, and actual costs)
  • Reordered case management form to be more logical for data entry
  • Fixed user button label
  • Various minor bug fixes from Sonarqube
  • Section 508 improvements
  • Minor bug fixes and enhancements throughout the application
  • Updated and improved icons and styling
  • Date check bug fixes throughout the forms

[3.13.0] - 2022-04-25

Added

  • Catalog import/export now include child tables
  • API to retrieve a specific service account
  • API to rename a system security plan
  • Integrations for Security Plans with Wiz Projects, ServiceNow Assignment Groups, Jira Projects, and Tenable Asset Groups

Changed

  • Bug Fix: Printable version of control implementation now works
  • Updated verbiage in the Time Travel system
  • Control tests can now be batch created
  • Scorecards are now properly locked to Enterprise Edition customers
  • CSS: Explorer now shows link cursor for child items
  • Rebased to master to pickup CI/CD changes
  • Bug Fix: Transformer mappings now work properly on the security plan print form

[3.12.0] - 2022-04-20

Added

  • Added ability to exclude components from SPRS report
  • Added account lockout features (5 bad passwords disables the account)
  • Added a Close button for the Explorer modal

Changed

  • Bug Fix: Subsystems now show correctly on control implementation form
  • Bug Fix: Prevented API calls that were throwing errors when unauthenticated
  • Bug Fix: Can now delete tasks from the Kanban board
  • Bug Fix: Control Implementations now render properly for emails
  • Bug Fix: Added validation for Draft issue status
  • Bug Fix: Security Plan Print now works properly

[3.11.1] - 2022-04-19

Added

  • N/A

Changed

  • Hot Fix: License count now calculates correctly on login

[3.11.0] - 2022-04-18

Added

  • SPRS Rollup Report available for NIST 800-171 (rolls up score for SSP and all child components)
  • Control Implementation - Navigation buttons now check for changes before allowing navigation away from the page (Next and Previous buttons)
  • Added Mediatr pattern for improved testability of C# code
  • Catalog Import/Export now processes child records of the security control (objectives, parameters, tests, CCIs)

Changed

  • Bug Fix: Fixed View Model for Control Implementations - dramatically reduced data query size
  • Controller optimization for improved API performance at scale
  • Bug Fix: Gantt chart queries now execute exponentially faster
  • Bug Fix: Gantt chart hidden for new records
  • Bug Fix: License key generator fixed after Node.js patch
  • Bug Fix: System configuration now listens for license key changes and updates after saving

[3.10.0] - 2022-04-13

Added

  • Added support for DISA CCIs to support STIG scanners
  • Added support for classification banners in the header/footer of the application

Changed

  • Bug Fix: Licensed user count no longer counts deactivated users
  • Exceeding licensed user count no longer prevents login, just throws a warning

[3.9.0] - 2022-04-10

Added

  • Added Cancel button when editing RegScale system configuration
  • Added Parts to Objectives to support OSCAL modeling
  • Added Parameter Types to Security Controls (extension to OSCAL for improved automation)
  • Added Parent Parameter to Control Implementation parameters (allowing inheritance from a catalog's parameters to better align with OSCAL)
  • Added API to retrieve all Objectives for a given catalog

Changed

  • Bug Fix: Corrected issue with generating new license keys after patching CryptoES
  • Bug Fix: "Other ID" on Control Objective is no longer required
  • Bug Fix: Removed datetime checks on required fields in C#, removed compiler warnings
  • Bug Fix: Fixed loop logic in ApplyProfile C# API
  • Bug Fix: Security Control subsystems now listen for changes when navigating
  • Improved formatting and labeling of security control objectives

[3.8.0] - 2022-04-06

Added

  • API for applying Security Profiles via API
  • Extended Issues/POAMs module to support all FedRAMP fields
  • Added support for the CISO Known Vulnerability Exploits feed

Changed

  • Bug Fix: Inheritance of objectives on the SPRS report is fixed

[3.7.4] - 2022-04-04

Added

  • N/A

Changed

  • Security Plans now hide Gantt Chart and Ports/Protocol tabs until the record is saved
  • Refactored security plan builder to work more efficiently and consistently, removed redundant code
  • Builders: View profile links now work properly and open in a new tab
  • Builders: Now close consistently after clicking finish
  • Added server side validation for Case management status/date resolved

[3.7.3] - 2022-04-02

Added

  • N/A

Changed

  • Bug Fix: Control implementations now search properly in the Relationship module
  • Bug Fix: Multiple enhancements to the SPRS report

[3.7.2] - 2022-03-30

Added

  • Security - forced patching of the base image prior to initial build

Changed

  • Minor bug fixes to builders
  • Changing an Implementation Option now changes the status of all related Objective option selections
  • Bug Fix: Component Statusboard now pulls issues from all levels
  • Tweaked CI/CD build and release files
  • Minor Sonarqube bug fixes

[3.7.0] - 2022-03-28

Added

  • New UX for builders for:
    • Policies
    • Security Plans
    • Supply Chain
    • Projects
  • Added Sonarqube Cloud source code scanning
  • Added additional fields to the user object:
    • ExternalId - for syncing with external accounts (i.e. Active Directory)
    • DateCreated
    • LastLoginDate
    • Read-Only Flag
  • Improved User Experience for Scorecard

Changed

  • Cleaned up CI/CD pipeline files
  • Added API to pull a simple list of user accounts (with no sensitive data)
  • Removed legacy Cypress testing to reduce file size of the build
  • Added API to support bulk syncing of Azure AD groups

[3.6.2] - 2022-03-16

Added

  • Views can now be toggled between SSP and Component on the SPRS Report for NIST 800-171

Changed

  • Toggle now available to show objectives in a printable form for each control on the SPRS Report for NIST 800-171

[3.6.1] - 2022-03-14

Added

  • SPRS Report - bug fixes and added logging to show missing objectives

Changed

  • Created View/Create models to simplify the APIs for creating and updating Profile Mappings
  • Bug Fixes: Minor tweaks to Component Dashboards and Gantt charts
  • Bug Fixes: Profile mapping not showing in the API list

[3.6.0] - 2022-03-10

Added

  • Subsystem redesign of the UX
  • New SPRS scoring report for NIST 800-171
  • Categorization functionality to RegScale to better support control selection for overlays
  • Issue Gantt chart functionality for visualizing issues/corrective actions
  • Component Dashboard

Changed

  • Bug Fix: Fixed security plan builder issue where some controls improperly showed redundant
  • Bug Fix: Comment alerts on delete are more intuitive.
  • Bug Fix: Link alerts on delete are more intuitive.
  • Bug Fix: Comment alerts now work on creating a new comment.
  • Bug Fix: File system deletion alerts are now green v/s red on success.
  • Bug Fix: Subsystem now hides until loaded.
  • Bug Fix: Classified records now wrap properly in the subsystem.
  • Fixed rebasing issues across branches

[3.5.0] - 2022-02-24

Added

  • Aggregate APIs for pulling bulk data visualizations in external data visualization tools
  • Explorer now auto-expands the current record and shows/hides the sneak peek if you are already on the record
  • Requirement form now shows the parent control if it exists in the Regulations tab
  • Component Status Board
  • Lineage and deep linking added for Assessments and Risks (previously just on issues)
  • Aggregate queries added for external data visualization

Changed

  • Bug Fix: Main dashboard for security plans now loads with no data (checks for null first)
  • Bug Fix: LGPL license now points to RegScale
  • Bug Fix: Form labels now display correctly for change password, password reset, and confirmation pages
  • Bug Fix: Added validation to prevent the maximum length of a Requirement title from being exceeded
  • Requirement form reorganized to show/hide fields based on whether it has a parent control
  • Bug Fix: Child issues and assessments now showing correctly on the Policy Status Board

[3.4.2] - 2022-02-17

Added

  • Added UUID info for the user on the workbench
  • Reformatted user profile page

Changed

  • Hotfix: Issue External ID queries refactored for non-null set
  • Bug Fix: Spinner updated for OSCAL export for security plans
  • Bug Fix: CSS styling on Workbench

[3.4.1] - 2022-02-16

Added

  • N/A

Changed

  • Hotfix: Issue External ID queries refactored for null set

[3.4.0] - 2022-02-15

Added

  • Improved user caching to make more consistent
  • New dashboards/home page design
  • Ability to link issues to multiple records/tiers for ease for querying and reporting
  • Issues can now be related at multiple layers for ease of querying/reporting, to include:
    • Control Implementations
    • Assessments
    • Requirements
    • Security Plans
    • Projects
    • Supply Chain
    • Policies
    • Components
    • Incidents
  • Added a bulk processor API to issues to allow the RegScale CLI to do bulk conversions for customers with legacy data
  • Project, Security Plan, Supply Chain, and Policy Status Boards redesigned and improved UX

Changed

  • Subsystems - close button made smaller and moved to the top to avoid visual confusion with Save button
  • Time Travel UX refactored to work better in a modal view
  • All Find by "External ID" APIs on issues now return multiple records instead of a single (Prisma, Wiz, ServiceNow, and Jira)
  • Added method to show plural name of modules in the Module Service
  • Improved Login styling
  • Bug Fix: Fixed issue where spinner would sometimes not dismiss on session timeout from the login page
  • Bug Fix: Parent ID and Module now passes correctly to the new record creator
  • Bug Fix: Editing security controls now works properly
  • Bug Fix: Catalogs now corectly display metadata
  • NPM package updates for vulnerabilities
  • Fixed footer links to point to RegScale.com and updated EULAs and Privacy Policy

[3.3.1] - 2022-01-25

Added

  • Kanban view optimized to be in a modal view

Changed

  • Added configuration to slow down monitoring endpoints
  • Removed legacy Cucumber testing tags on the List Views
  • Bug Fix: Lightning Assessment sliders now work again
  • Bug Fix: Kanban drag and drop now works correctly/consistently

[3.3.0] - 2022-01-23

Added

  • Copy token button added to user profile
  • Health monitoring system added for RegScale
  • Add multiple new layers to the Security Control model for OSCAL to improve the UX:
    • Implementation Options
    • Test Plans
    • Control Objectives/Enhancements
    • Parameters
  • Added spinner to Transformer to show that it is still processing for larger data loads
  • Objectives can now be assessed at the control implementation level
  • Added the ability to categorize risk through various lenses
  • Added support for Risk Trending
  • Added level of effort for Tasks and Issues to help with resource loading
  • Added CMMC Asset category to components and assets

Changed

  • Bug Fix: errors with date filters pulling on the dashboards
  • All dashboards are now driven by a year selection
  • Added more options for Security Plan and Control Implementation Status
  • Bug Fix: Requirements and Security Controls now parsed correctly in Explorer
  • Bug Fix: Subsystem Reload after Save
  • Bug Fix: Health check stylesheet now served properly within a container deployment
  • Classification levels can now be archived from the List View
  • Ports and Protocols: default end port to be the same as the start port
  • Changes to ports and protocols now are logged in history
  • SSP OSCAL export now provides more control implementation metadata

[3.2.0] - 2022-01-04

Added

  • TreeView visualization to Explorer - accordion expansion
  • Volpe Threat Modeling Integration - MVP 1

Changed

  • Bug Fix: Formatting on system configuration
  • Changed favicon to new RegScale logo
  • Optimized all images for faster browser loading

[3.1.1] - 2021-12-23

Changed

  • Bug Fix: Fixed .NET Core bug with IIS 6

[3.1.0] - 2021-12-19

Added

  • Added support for Volpe Risk Modeling integration
  • History table is now sortable and filterable
  • Drilldown is now available on all charts

Changed

  • Bug Fix: Fixed formatting on Lightning Assessment Header
  • Bug Fix: Eliminated security risk on password reset
  • Improved visualization, sorting, and filtering on My Activity and the News Feed
  • Improved button layout for user management
  • Email service improved with better logging/validation

[3.0.6] - 2021-12-13

Changed

  • Bug Fix: .NET Core Optimizations

[3.0.5] - 2021-12-10

Changed

  • Bug Fix: Removed legacy wait-for-it script, made SQL startup more resilient

[3.0.4] - 2021-12-10

Changed

  • Bug Fix: Bash optimization for multi-stage build

[3.0.3] - 2021-12-10

Changed

  • Bug Fix: Added bash back to the Linux container

[3.0.2] - 2021-12-10

Changed

  • Bug Fix: Permission error on wait for it.sh file

[3.0.1] - 2021-12-08

Changed

  • .NET Core Version 6 upgrade including all Nuget packages
  • Container hardening and upgrades

[3.0.0] - 2021-12-05

Added

  • Rebranded from Atlasity -> RegScale
  • New form system design with three columns and floating toolbar
  • Tenable.sc integration
  • Jira integration
  • Ability to model control implementations by responsibility (i.e. provider, customer, shared)
  • New Overall/Master dashboard for home page
  • Requirements now support Lightning Assessments
  • Scorecard now implemented for Projects, Supply Chain, Components, and Policies
  • Angular 13 upgrade
  • Loading spinnners added for sending emails
  • Security Controls can now be exported
  • Add labels to drill down charts on the List Views
  • Added links to online documentation
  • Header to dashboard

Changed

  • Improved the loading spinner implementation when fetching data
  • Dashboard filters can now be toggled on/off
  • Security Plan status board now has tabs to toggle between individual and aggregate views
  • Bug Fix: Fixed issue with incorrect lookup of catalog title on Transformer
  • Bug Fix: Copying a requirement no longer copies last assessment result
  • Bug Fix: Policy Status Board now calculates 'Not Assessed' status correctly
  • Bug Fix: Service Accounts are now properly locked as an Enterprise feature
  • Supply chain module can now track actual costs
  • Project module can now track actual finish date
  • All spinners are now consistently styled
  • Removed legacy PWA code
  • Refactored to remove a large amount of redundant code
  • Profile mapping moved into a tab v/s subsystem
  • History visualization now shows by default and has labels
  • Cause Code Tree is now in its own tab
  • Upgraded Kendo UI for Angular packages to the latest
  • Security patching of NPM packages
  • Bug fix on Requirement controller
  • Updated routing to allow for more efficient copying
  • Profile Mapping User Experience enhanced
  • Fixed periodic rendering issues on history visualization
  • Swagger API cutover to RegScale branding - no impact to customer integrations/routes
  • Bug Fix: Fixed RBAC errors on default settings (parent inheritance working again)
  • All Builders/Wizards have the UI/UX refactored
  • Scorecard now defaults to showing open issues v/s total
  • Bug Fix: eliminated double API calls to the subsystem
  • Bug Fix: requirement module now correctly pulls control tests

[2.4.0] - 2021-10-11

Added

  • Enriched data model for Catalog OSCAL export
  • Supports namespaces for OSCAL
  • Ports and protocol support added for Assets, Components, and Security Plans
  • Azure Active Directory (AD) Single Sign On (SSO) Support
  • Integration dashboard for improved ease in managing integrations
  • Added ability to generate Personal Access Tokens (PATs) to support Service Accounts that can be leveraged for API automation
  • Added integration with MITRE Security Automation Framework (SAF) via Inspec/STIG profiles using OSCAL
  • Indicators to grids to better indicate sorting functionality
  • Master assessments now allow you to visualize the individual assessments that make up the overall score
  • Added support to generate OSCAL SAP/SAR documents from Atlasity assessments
  • Improved dashboard visualizations including stacked bar charts
  • Profiles now display info for Control Ids and and Catalogs

Changed

  • Bug Fix: Check for null on Login Banner
  • Bug Fix: OSCAL Security Plan export handles null dates
  • Bug Fix: OSCAL Catalog export handles null dates
  • Lightened N/A CSS on the Security Plan Scorecard
  • Bug Fix: Fixed memory leak to unsubscribe on notifications
  • Replaced Chart.js with Telerik Charts - improved UI
  • Replaced eCharts pie charts with Telerik Charts - improved UI
  • Improved UI for Security Plan Print - added Catalog data
  • Improved UI for Security Scorecard - added Catalog data
  • Added "Automation" fields to assessments to support OSCAL and integrations
  • Improved labeling around risks
  • Bug Fix: Control Id is now sortable
  • Default styling changed for form focus
  • Workbench impersonation renamed
  • Custom fields now show a default view when no fields
  • Bug Fix: Some fields were not sorting correctly and have been fixed
  • Bug Fix: Copy security control did not copy control type
  • Bug Fix: Deactivated users can no longer log in
  • Moved custom fields to a tab on the component form
  • Custom fields all moved into the tabbed interface
  • Bug Fix: Copy security control did not copy control type
  • Bug Fix: Catalog print now correctly displays all controls
  • Back button only prompts warning if data has changed (form is dirty)
  • Login now redirects to the dashboard as the Home page
  • Bug Fix: Control implementation sorting now works in the grids
  • Security: Added a flag to allow the warning banner to be bypassed for security scans

[2.3.0] - 2021-09-12

Added

  • Validation to .NET controllers and simplified Create/Update APIs
  • Security profiles can now be printed and emailed
  • Added Login Banner capability that can be customized by tenant
  • Added Privacy Police notice to the footer of the application

Changed

  • Removed ElasticSearch integration
  • Added ability to toggle on Sentry.io monitoring with an environment variable for .NET Core
  • Removed Angular Sentry.io monitoring (not useful)
  • Bug Fix: Workflow enabled for cases
  • Bug Fix: Notification link now works for questionnaires
  • Bug Fix: Pivot table visualization works for cases
  • Bug Fix: Toasts now correct when creating a new organization
  • Bug Fix: Component print and email now works

[2.2.3] - 2021-08-31

Added

  • Integration fields for issues (JIRA, ServiceNow, Wiz, Prisma)
  • Classification subsystem
  • New tenant auto-seeds picklist metadata
  • Indexing for Relationships module to improve performance
  • Indexing for Classified Records to improve performance
  • Indexing for Events/Timeline to improve performance
  • Indexing for Workflow to improve performance
  • Indexing for Cases to improve performance
  • Additional features and functionality for OSCAL exports of Security Plans and Components

Changed

  • Patched JWT Nuget package to address security vulnerability
  • Updated Telerik PROD License Key
  • Fixed legacy CSS issues with / and moved to math.div
  • Upgraded to Angular 12.2
  • Added Step indicator to recurrence wizards
  • Added server side data validation and API simplification for assessments and issues
  • Custom fields now print
  • Added warning when creating a custom field that data type cannot be changed
  • Added properties to parameters for OSCAL

[2.2.2] - 2021-08-24

Added

  • Scorecard now shows modal for open issues

Changed

  • Added Control ID to show on the control implementation form
  • JWT tokens now expire in 24 hours instead of 2
  • ControlId added to Transform Mapper
  • Transformer now refreshes controls when the base control changes
  • Fixed duplicate IDs on the catalog form
  • Fixed bug where child issues were not always pulling correctly on the Scorecard
  • Fixed bug to default printable if security control type is undefined
  • Security groups are now sorted for RBAC
  • Lightning assessment always refreshes when closing the page now
  • Fixed CSS styling on date picker controls
  • Added CSS styling to show N/A controls are excluded from Scorecard calculations
  • Fixed bug where control type was not being set properly when loading a new catalog

[2.2.1] - 2021-08-17

Added

  • Security Plan Scorecard
  • Added Wizard interface for Assessments, Data Calls, and Tasks Recurrence

Changed

  • Bug Fix: All events on the status board are now processed correctly when hovering over the heat maps
  • Uploading files now generates a toast to confirm the upload
  • Softened colors on the Security Plan Status Board
  • Bug Fix: Bulk edit of control implementations now works properly
  • Bug Fix: Last Assessment hover fix
  • Improved tooltips on the Status Boards
  • Bug Fix: Updated date formatter based on NPM library update

[2.1.3] - 2021-08-06

Added

  • Case Management Module
  • Added mapping flag to catalogs as a visual indicator
  • Enhanced date picker added throughout all modules
  • Improved data validation prompts
  • OSCAL: Inheritable flag added to control implementations (used for leveraged authorizations)
  • Transformer feature now shows mappings in the UI
  • Builders now track linkages between profiles and the records they create (OSCAL)
  • Dashboards now have pageable/filterable grids
  • Catalogs now have links to the source OSCAL file that generated them
  • All modules have an API to be queried by custom fields

Changed

  • Bug Fix: Catalog title is now a required field via the API
  • Performance - rewrote the export JSON functionality
  • Bug Fix: Logic was broken on show/hide mapping wizard
  • Bug Fix: Confirmation email link now works
  • Bug Fix: Registration link now works
  • Bug Fix: Removed deprecated Service Account API
  • Bug Fix: Can now delete catalogs and security controls with mapped controls
  • Added warning when trying to map a catalog with no controls
  • Risk matrix removed hard coded thresholds
  • Bug Fix: Date picker popups now work in modal windows
  • Catalog and security controls are now archived versus deleted
  • Bug Fix: Setup now shows for Global Admin on Community Edition
  • Bug Fix: Menu options now hidden from the Global Admin account
  • Angular 12.1.4 minor upgrade and various npm package upgrades
  • Bug Fix: Get all controls by security plan query was not always accurate, fixed lookup
  • Bug Fix: Fixed sporadic bug where lightning assessments sometimes would not create for general users
  • Bug Fix: Kanban not showing tasks on workbench
  • Kanban button colors are now white
  • Bug Fix: Tasks on workbench now reset correctly with impersonation
  • Bug Fix: Kanban now shows profile pictures again
  • OSCAL validation no longer prevents downloads - just throws warnings

[2.0.2] - 2021-07-19

Added

  • Added Record Level access control to all modules
  • OSCAL export functionality for Security Plans, Catalogs, Profiles, and Components with AJV schema validation
  • Each Atlasity instance now has a unique GUID tied to its license for improved Software Assurance
  • License is now checked on login and access is enforced based on license validity
  • Upgraded WYSIWYG Editor
  • Recurrence Engine - now allows preview and group assignments
  • Performance - major improvements to query performance on list views

Changed

  • License key management - Community Edition locks after 30 days and requires a license registration
  • License now managed only at the Global Admin account, removed on Setup page
  • Added support for Stored Procedures for SQL performance optimization on the backend
  • Bug Fix: Org list not shown when creating users using the Global Admin account
  • Added password validation when creating a new user
  • Bug Fix: Domain now set properly on login
  • Multiple backend performance improvements (query optimizations)
  • Minor bug fixes and improvements
  • AI for issues now driven by a button click instead of defaulted for performance reasons
  • Bug Fix: All licensing now set from Admin panel versus environment variables
  • Bug Fix: Catalog export now working
  • Added Control ID to security control list view

[1.6.1] - 2021-06-06

Added

  • Added Risk Mitigation module to map controls to risks they mitigate
  • Added Control Mapping matrix visualization
  • Component module with OSCAL export functionality
  • Added builders to components and flowed down to assets (with visualizations)
  • Date graphing throughout the application
  • Kanban Task Board feature enabled for all modules

Changed

  • Assets can now be mapped to many components
  • Assets now have tabs to organize the form
  • Provided a GUI for adding/managing control parameters
  • Angular 12 upgrade
  • Swapped crypto-js library for crypto-es (TypeScript friendly)
  • Cleaned up NPM vulnerabilities
  • Updated NPM dependencies, removed unneeded packages
  • Bug Fix: Domain lookup now functions properly under all circumstances

[1.5.0] - 2021-05-07

Added

  • Added Project Status Board
  • Added Supply Chain Builder
  • Added Project Builder
  • Added Policy Builder

Changed

  • BUG FIX: Security plan delete now works and removes control tests and results

[1.4.1] - 2021-04-30

Added

  • Master Assessment feature (schedule many assessments at once)
  • Relationship Manager for many to many linking of records
  • Lightning assessments now support links, comments, and attachments

Changed

  • Reformatted Quality system on control implementations
  • Lightning Assessment feature now hidden when there are no tests created
  • BUG FIX: Lightning Assessments works properly again for a single assessment
  • BUG FIX: Delete button works again for assessments
  • BUG FIX: Toggle off for Supply Chain and Policy now works

[1.3.0] - 2021-04-17

Added

  • Questionnaire Module
  • Added metadata fields to Control Implementations
  • Added tabs to Control Implementations UX
  • Added quality management to Control Implementations
  • Added Risk Maturity Tier to Security Plans
  • Added filters to the Calendar for user (default), facility, and org
  • Google style search bar added to all modules
  • Added Control Tests to each Control Implementation for Enterprise Customers
  • Added Lightning Assessment Functionality
  • Added a new API to pull all child records for a given security plan in a single call

Changed

  • Controls now show in the preview box for the security plan builder
  • Bug Fix: Search bar formatting improved for CSS
  • Added reset to search on Security Plan Status Board

[1.2.0] - 2021-03-30

Added

  • MD5 checks and enhancements for Time Travel
  • AI Engine built for issue recurrence analysis
  • Refactored reporting engine page
  • Added summary info to the Security Plan module
  • Enhanced pagination support for large data sets
  • Added export functionality for all modules (JSON format)

Changed

  • Bug Fix: Handled null records on Time Travel and improved formatting
  • Bug Fix: Org pivot tables now work when visuallizing records in lists
  • Fixed width of user table in the Admin panel
  • API key merged into the User Profile versus a separate page
  • Bug Fix: Corrected calculation error on the DOD 171 self-assessment scoring
  • Added divider between catalog controls on printable form
  • Re-organized catalog print page
  • Bug Fix: Hide control implementations until save on security control form
  • Enhancement: Moved action buttons on user form to the left to prevent scrolling off page
  • Security Control weight now accepts decimals; not just integers

[1.1.1] - 2021-03-21

Added

  • Persists login username in localStorage, uses it to remember username and to check LDAP status

Changed

  • Bug Fix: AD/LDAP bug fixed
  • Bug Fix: Creating new users

[1.1.0] - 2021-03-15

Added

  • License key is now driven by the Admin panel versus an environmental variable
  • Additional fields for risk modeling
  • Added Organization module
  • Added Questionnaire backend
  • Added Reporting module with DoD 800-171 Self-Assessment Scoring
  • Risk visualization to the risk form
  • Greater visualization and interactivity to the Security Plan Status Board
  • Added visualization for all control implemenations of a given security control

Changed

  • Bug Fix: Security plan status board can now handle nulls when parsing data
  • Bug Fix: Google Maps API now allows connections from any domain
  • Updated licensing agreement
  • Updated copyright date
  • Bug Fix: Reset on search now resets the data
  • Bug Fix: Login now resets the license type without a refresh
  • Bug Fix: Can now add multiple users without refreshing, enhanced validation and logging

[1.0.2] - 2021-02-07

Added

  • More options for risk categorization
  • CMMC options to the policy module
  • Added ability to handle multiple mapping options via the wizard

Changed

  • Bug Fix: Controller fixed for Status Board
  • Bug Fix: CMMC data was not printing on security plans or control implementations
  • Bug Fix: Search bug fixes for .NET 5 (IndexOf -> Contains)

[1.0.1] - 2021-02-04

Added

  • Mapping functionality now locked to Enterprise customers

Changed

  • Bug Fix: Controller fixed for Status Board

[1.0.0] - 2021-02-02

Added

  • Added catalogs and support for all baselines of NIST 800-53 Rev4
  • Added catalogs and support for all FedRAMP baselines
  • API for interacting with unique ControlIds for security controls
  • Licensing info now shows on the tenant Admin panel
  • Added ability to delete a workflow template step from the designer
  • Added ability to delete workflow instances
  • Added workflow ID to the workflow instance form
  • Major dashboard refactoring and improvements
  • Added Parent Slider to the Workflow Instance system
  • Added Component module to support the OSCAL standard
  • Added Parameter to the data model to support the OSCAL standard
  • Added ability to print the full Catalog with all child controls
  • Added NIST 800-171 Self-Assessment Report for DoD

Changed

  • Bug Fix: Hot fix for DB migration issue
  • Bug Fix: Workflow now passes ID properly to the instance page after creation
  • Bug Fix: Worfklow system now auto-creates the "System" group if it doesn't exist
  • Bug Fix: Supply chain system now handles null stock data
  • Bug Fix: Catalog search now works properly
  • Bug Fix: Security controls search now works properly
  • Bug Fix: Security Plan status board explanation no longer interferes with My Activity slider
  • Bug Fix: Time Travel "Revert" button now works
  • Bug Fix: Sort order on custom fields now works properly under all circumstances
  • Enhancement: Workflow notifications give a better indication of what is happening (Approval v/s Notification)
  • Enhancement: Colors are now consistent on graphs relative to status
  • Enhancement: Added advanced visualizations to the security plan status board
  • Enhancment: Minor UX tweaks throughout the application
  • Enhancement: Added a prompt before reverting Time Travel to a previous state

[0.9.8] - 2020-1-14

Added

  • Added Control Mapping system to map controls from multiple catalogs into a single control mapping
  • Added a unique Control ID to the security control module to allow a "business friendly" control name for easier searching and lookups
  • Added AD/LDAP auto-sync job with the ability to map attributes for a deeper sync process with Atlasity
  • Custom Fields can now be ordered with drag and drop on the Admin panel. Display consistently on the form.
  • Can now view the related module on the workflow template designer

Changed

  • Bug Fix: Now hides password related features if AD/LDAP sync is turned on
  • Bug Fix: Broken icon on delete toasts fixed across the application
  • Bug Fix: Navigation system now shows child security plans for a profile
  • Improved data validation on the front and back end; better visual indicators and API protections
  • Additional status options for interconnects added
  • Bug Fix: Links in Sliders now close modals
  • Bug Fix: Notifications now loads properly on login/logout
  • Bug Fix: My Activity now loads properly on login/logout

[0.9.7] - 2020-1-07

Added

  • Time Travel feature implemented
  • Bulk editing of security control implementations
  • Supply Chain Risk Status Board
  • Supply Chain - configuration panel added for analyzing 3rd party risk
  • Security Plan - now has form data for Authorization Boundary, Network Architecture, and Data Flow
  • Security Plan Form - now implements tabs to make the form more compact with less scrolling
  • Security Plan Print - UX improved to add dynamic charting and visualizations
  • At a Glance Tags added to security plan for quick visual indication of key data
  • User Groups - can now be viewed on the user profile
  • Workflow - now tracks start and end times for the overall workflow and each step
  • Upgrade to Angular 11 and .NET Core 5.0.1
  • Performance Optimization - Supply Chain, Policy, and Security Plan Status Board refactor

Changed

  • Bug Fix: Removed domain check since it is config driven.
  • Bug Fix: News posts links for Supply Chain and Causal Analysis are now formatted correctly.
  • Performance: Index optimization for frequently executed queries
  • Packaging: Optimized build to decrease container size
  • Security: Hardened the base image to eliminate vulnerabilities and reduce the attack surface
  • Refactored News Posts to be more efficient
  • Removed Catalog field from security control form (could cause data integrity issues)
  • Added new status for Security Plans (Retired/Decommissioned)
  • Bug Fix: Removed register new user link on the Forgot Password page
  • Bug Fix: Fixed bug that would not allow adding Interconnects to a security plan
  • Bug Fix: fixed broken breadcrumb links on the workflow modules
  • Group Management - now disabled for Global Admin (god-mode account), must login with regular Administrator role to access group management
  • Group Management - UI refactored to improve the user experience
  • Workflow Designer - UX refactored to improve the user experience
  • Bug Fix: Worflow notifications now go to all users in the group, not just to the first user
  • Bug Fix: Added history events for workflow
  • Added ability to toggle on/off bulk editing of security controls and added alerts for saves
  • Bug Fix: fixed issue with Javascript changing numbers to dates under some circumstances
  • Bug Fix: Removed index on control implementations to allow for large field sizes
  • Bug Fix: Fixed back button when deleting a security plan
  • Bug Fix: Fixed hidden elements from a bad DIV tag on the security plan print report
  • Bug Fix: Supply Chain Risk parent ID is no longer nullable
  • Bug Fix: If same parent type (i.e. nested security plans), child controls now render correctly
  • Validation: Refactored for Security Plans

[0.9.6] - 2020-11-18

Added

  • Base image changed to Linux Alpine for smaller size and improved security
  • UUIDs added to all modules to improve machine to machine data interchange
  • Added navigation to app menu to view My Activity in a slide out panel
  • Added user "baseball cards" to display contact info for any user selected
  • Added validation for all environmental variables on startup. Now throws errors in the container logs when validation fails.

Changed

  • Applied phone masks for improved formatting
  • Fixed duplicate IDs on HTML tags on the Catalog
  • Fixed print error on security controls
  • Assessments can now be added to assets
  • Bug Fix: Can no longer view dashboard when module is disabled in setup
  • Bug Fix: Can no longer 'Add Child' records when module is disabled in setup

[0.9.0] - 2020-10-30

Added

  • Improved logging
  • Added functionality to hard reset the admin password with an environment variable and restarting the app
  • OSCAL SSP Import
  • Added Stakeholders subsystem
  • All Home Page Dashboards completed
  • Added System Owner to the Security Plan Module
  • @Mention feature implemented for notifications (Comments Subsystem, Workflow, and News Feed)
  • Added Policy Status Board
  • Added Control Weight to Security Controls (used for risk calculations and DFARS Self-Assessments)
  • Email Viewer
  • Added Export for Security Plans and Control Implementations - used for external integrations
  • Can now "opt in" to receive email notifications
  • Notifications now issued for new record assignments (within Atlasity and via email if "opted in")
  • Added "Slide out" feature to preview the parent record
  • Base image changed to Linux Alpine for smaller size and improved security
  • UUIDs added to all modules to improve machine to machine data interchange
  • Added navigation to app menu to view My Activity in a slide out panel
  • Added user "baseball cards" to display contact info for any user selected

Changed

  • Bug Fix: No longer shows option to add a Control Implementation to the Security Plan using the Add Child button (must use the builder)
  • Refactored Security Plan report to allow for more customization in reporting
  • Can now delete comments
  • Improved signaling on navigation links
  • FIPS and System Type and now configurable as Metadata
  • Refactored notification system UI for performance
  • Group manager now displays a default of 25 records
  • Fixed email viewer bug, now displays all sent emails correctly
  • Fixed bug for 'Create New' on Supply Chain Status Board
  • Date Last Assessed and Last Assessment Result are now labels - must be set via assessment
  • NIST 800-171 now available as a catalog
  • Increased length of security control titles
  • Changed the cursor on the navigation tab
  • Added more discrete validation to the tenant configuration form
  • Fixed blank password bug for email configuration
  • Improved validation for AD/LDAP settings
  • Bug Fix: Exception lookup now working correctly
  • Add Child button now hidden until a module is selected
  • Cleaned up divider lines based on permissions in the Navigation bar
  • All logins now redirect to the workbench as the standard home page
  • Bug Fix: System Owner now displays properly in the list view
  • Added ability to enable/disable email SSL by tenant
  • Applied phone masks for improved formatting

[0.8.0] - 2020-10-2

Added

  • OSCAL Security Plan Export
  • Performance Tuning - Lazy Loading in Angular, Bundle Size Optimization
  • Added Cypress Front End Testing (rebased with testing branch)
  • MITRE Heimdall Integration for Assessment
  • Added Help system for all modules
  • Metadata seeding re-factored for each module
  • Refactored global admin workflow
  • Control owner visualization for security plans
  • Added the Maintainer role
  • Users default to activated
  • Facility Status Board now handles offline gracefully

Changed

  • Added ability to show/hide CMMC fields based on Admin Config
  • Fixed bug where Atlasity would not accept complex email addresses with multiple periods
  • Bug Fix: Fixed route on creating a new user
  • Added "Last Assessment Result" graph to the Security Plan Visualizer
  • Bug Fix: Recurring assessment route fixed
  • Bug Fix: Fixed "Create New" route for projects
  • Bug Fix: Cause codes now load defaults on new installations
  • Bug Fix: Supply Chain picklists now configurable
  • Bug Fix: License now displays properly when not logged in
  • Bug Fix: Fixed date validation errors from the testing harness
  • Bug Fix: User profile system bug fixed, can now upload photos
  • Cache now clears on logout and when adding a user
  • SMTP Email Password is no longer required (for non-authenticated use cases)
  • Bug Fix: Notification count reset to zero on logout
  • Bug Fix: Non-admins can now access their User Profile

[0.7.0] - 2020-08-28

Added

  • Added Supply Chain Module
  • New landing page with dashboards
  • Custom fields can now be ordered via drag and drop
  • Angular 10 upgrade
  • FontAwesome now installed locally v/s CDN include
  • Calendar now supports Angular 10
  • Facility Status Board MVP 1

Changed

  • Added currency formatting to the Project input controls
  • Renamed Atlasity export files
  • Workbench component now properly named
  • Fixed bug on AD sync
  • Added Post-Incident Evaluation field to the Incident Response module
  • Email alerts now indicate that it was sent to you
  • Hides ID field on Security Control Implementations
  • Refactored Facility Status Board for efficiency

[0.6.0] - 2020-07-31

Added

  • Added support for email CC
  • Activew user toggle added for the user list
  • Fixed max filesize setting on Startup
  • Fixed bug on test email, made code more resilient
  • Help/Support now points to Atlasity.io
  • Added the Facilities module to the Admin panel
  • Printable reports now have clickable headers
  • Added causal analysis module
  • Added event module for timeline
  • Custom fields are editable

Changed

  • User search now shows by default
  • File size limit now in MBs
  • Admin email now updates when saving a new email in the Admin panel
  • Cache now refreshes when new user is created or AD is synced
  • Improved security of account creation when doing an AD/LDAP sync
  • Facilities added to all forms/searches
  • ListView buttons are always formatted on the right now
  • Fixed 'Setup' link for non-Enterprise installs
  • Required fields properly marked on the user form
  • Email now saves to the database before sending and throws error prompt when it has issues sending
  • Many multi-tenant user flow bug fixes
  • Fixed routes to profiles and catalogs (no longer have to be an administrator to view)
  • Domain stored locally to reduce API traffic
  • Fixed back icon on Control Implementation form
  • Domain name now adds '/' character to the end if not provided
  • Link to CMMC added throughout security plans
  • Save button now disabled until Save events complete (prevents multiple saves of the same record when clicking quickly)
  • Facility name must now be unique for a given tenant
  • Added test button for Slack/Teams
  • Prevents duplicate cause codes
  • Added cause type to causal analysis
  • Fixed bug when copying security plans
  • Auto-adds controls to plan using Security Plan builder without having to click an add button
  • Added link icon to compliance navigator
  • Removed Apparent Cause and minor UI tweaks
  • Email configuration labels and validation improved

[0.5.0] - 2020-05-29

Added

  • Custom Reporting and Dynamic Searching
  • Expanded test coverage and integrated with CI/CD
  • ELK stack expanded for enterprise monitoring and reporting
  • User-defined fields implemented
  • Added Email GUI
  • Rebranded to ATLASITY
  • App configuration now driven by license key
  • Licensing info now displayed for global admin users
  • FSSC Catalog import functional
  • One step import/export now for a catalog and all child controls
  • Custom fields are now tenant specific
  • Added test button for SMTP email configuration
  • Service Account now displays the current token
  • Tooltips and instructions now provided on the AD/LDAP admin panel
  • Custom fields now allows a choice list
  • AD/LDAP now allows test/sync on the Admin panel, searches nested accounts

Changed

  • IAM flow improved along with UI
  • Fixed various security authorization bugs
  • Fixed email bug in the ATLAS container
  • Fixed various container deployment bugs and improved documentation
  • Fixed bugs in the build process, sped up build times significantly
  • My Activity moved under user profile and user form for Admins
  • Calendar now graphs assessments across days
  • Worked through Sonarqube bug fixes and Angular build bug fixes
  • Removed cyber specific fields where possible (can add via Custom Fields for a customer)
  • Fixed validation errors where form was not resetting
  • Fixed bugs on workbench and adding items, moved config to a service
  • Various multi-tenancy fixes
  • Recurring bug fix - bi-annually now calculates correctly
  • Custom fields now hidden for Community Edition
  • Clearing security controls no longer throws an error toast message (warning instead)
  • Fixed AD/LDAP bug on login
  • Logout now in red and moved to bottom to be easier to find
  • Create security plan now shows a spinner while building the plan with controls
  • Fixed registration bug for users

[0.4.0] - 2020-03-27

Added

  • Tenant and User services now cache results to improve performance
  • Combined IAM modules into one config panel and re-factored
  • Custom monitoring solution for K8s, APM, SQL Server, and Containers built using ELK
  • Refactored user group by queries - improving query performance

Changed

  • Fixed password reset bug
  • Added show/hide fields to all password fields (default hides)
  • Refactored service accounts for multi-tenancy
  • Files are now searchable/sortable and show the MD5 hash
  • Bug Fix - News Feed and My Activity filters now work for over time visualization
  • Bug Fix - URL now updates after saving a record, fixing issues with the Back button

[0.3.0] - 2020-03-13

Added

  • Created Admin panel for configuration
  • Enabled AD/LDAP authentication
  • Added deploy instructions for catalogues
  • Added AES-256 encryption for secrets in the DB
  • Added Group Management functionality for users
  • Added System Integration tests with Cucumber/Selenium
  • Angular now caches lookup fields
  • Added ability to create and manage User Groups

Changed

  • Updated deployment instructions for persistent storage on local installs
  • Bug fixes on redirects after Catalogues and Security Plans are built
  • Sorted/updated regulations on the Splash page
  • Removed workflow trigger from new forms
  • Made max number of file uploads configurable
  • Can now enable/disable Microsoft Teams, Slack, and AD/LDAP authentication
  • Bug Fix: Only activated users show in the user list

[0.2.0] - 2020-02-28

Added

  • CMMC fully implemented
  • Avatars now stored in the DB
  • Workflow now supports drag and drop
  • Added Print/Email capability for Catalogues and Security Controls
  • Added ability to mount storage in K8s for file storage
  • Catalogues now allow for JSON import and export
  • Angular Unit Testing
  • Added LGPL license to ATLAS
  • Added Compliance Status Board for Security Plans
  • Added Slack and Microsoft Teams integration
  • Added multi-tenancy

Changed

  • Minor icon bug fixes on the News Feed
  • Re-factored dashboards to use the list view
  • Add CMMC filters to security plans and control implementations
  • Tuned SonarQube rules to filter out false positives
  • Allows multiple file uploads
  • Shows counter for number of catalogues on the Splash page
  • Added C# unit tests and new folder structure
  • Fixed bugs and legacy alerts
  • Can now tie issues to assets

Changelog

[0.1.10] - 2020-01-31

Added

  • Basic workflow system engine
  • Re-factored News Feed, comments on the news now flow down to the record
  • Update API for Links
  • Replaced all Alerts with Toasts for a modern UI experience
  • Security Plan Builder Wizard implemented
  • Pipelines updated and SendGrid bug fixed
  • Upgrade to .NET Core 3.1
  • Added the DoD CMMC into ATLAS

Changed

  • Deletions via API now remove all child/related objects
  • Improved form validation across all modules
  • Removed version history, moved to the change log
  • Improvements to file upload
  • Replace Feather icons with Font Awesome - reduced build size
  • Metadata manager now hides modules with no fields to customize
  • File upload now throws an error if no file provided
  • Cleaned up instructions for recurring records

[0.1.9] - 2020-01-10

Added

  • Added search capability to all subsystem tabs
  • Added a list view for security control implementations
  • Added Kubernetes configuration files for ease of automated deployments
  • Built Windows DEV environment
  • Added GUI for creating service accounts
  • Added loading spinners
  • Added profile owner to security profiles
  • CI/CD now handles DB changes
  • Added search to history
  • Added logic to "Show/Hide" the Show More button on the News Feed and My Activity
  • Added URL encoding to search
  • Added end of life, status, and purchase date to Assets

Changed

  • New navigation system implemented
  • Performance improvments for the navigation system
  • Removed legacy breadcrumb system
  • Removed sensitive user data from API calls
  • Fixed bug on "add child" wizard in the navigation system
  • Fixed Docker build error with new Angular update

[0.1.8] - 2019-12-06

Added

  • Added error checking on all forms for 'Record Not Found'
  • Added a requirements module
  • Created a wizard interface for building security plans
  • Created a wizard interface for managing compliance requirements
  • Added a view of all implementations for a given control
  • Added event type filter to the News Feed
  • Added Select All and Remove All buttons to the security profile
  • Added toggle to show/hide search filters on the list view

Changed

  • Multiple data validation bug fixes
  • Re-factored assessment API to support automated DevOps testing
  • Re-factored UX for all forms
  • Improved formatting of the Splash page
  • Improved density of the UI on all subsystem tabs

[0.1.7] - 2019-10-30

Added

  • All APIs compliant with Swagger/OpenAPI format
  • Added initial Swagger API documentation page
  • All APIs have Swagger documentation
  • Added recurring assessment feature
  • Added recurring data call feature
  • Added recurring task feature
  • Comments are now integrated with the News Feed and History
  • File upload/download is now integrated with the News Feed and History
  • Links are now integrated with the News Feed and History
  • Added Swagger documentation to the ATLAS models
  • Added High Value Asset toggle to the Security Plan module
  • Required fields are now marked on the forms
  • Added Refresh button to the News Feed
  • Added catalogue to the News Feed and My Activity
  • CSA CCM controls uploaded
  • Assessments auto-update control implementations
  • Added control implementation details to the dashboards

Changed

  • Fixed workflow step bug on the News Feed
  • Fixed bug with blank avatars on the News Feed
  • Fixed issues on the Catalogue Form
  • Updated the Security Controls data model
  • Security profile refactoring
  • My Activity now shows unique records
  • Refactored the Workbench UI
  • Updated Splash page - compliance frameworks + Star Wars

[0.1.6] - 2019-09-30

Added

  • Added click-through license agreement
  • Added printer dialogue button
  • Added validation to the RBAC manager

Changed

  • Fixed checkbox indent
  • Made blob storage private - validated encryption of files and privacy of URLs

[0.1.5] - 2019-09-06

Added

  • Added email notification for new account creation
  • Added a password reset feature
  • Improved validation for login processes
  • Added support for Markdown files in ATLAS
  • Added initial Help system with Markdown support
  • Added progress bar, totals, and legend to the calendar

Changed

  • Upgraded to Angular 8
  • Fixed NPM package vulnerabilities

[0.1.4] - 2019-08-26

Added

  • Tested new navigation menu on mobile, Mac, and Windows
  • Added a warning banner for ALPHA testing
  • Enhanced data validation logic across all modules
  • Improved formatting of date picker controls

Changed

  • Moved all navigation to the top to allow more screen real-estate on small screens
  • Fixed navigation bug on mobile with dropdown menus
  • Fixed login/logout flow
  • Fixed status check logic for tasks
  • Removed max/min controls
  • Fixed a rare show/hide bug in the navigator

[0.1.3] - 2019-08-10

Added

Changed

  • Fixed card height issues on the splash screen
  • Fixed login/logout issues with showing/hiding content

[0.1.2] - 2019-07-27

Added

  • Added data validation to new user account creation
  • Added vanity URL for the ATLAS sandbox: atlas.c2labs.com
  • Added default image

Changed

  • Fixed width issues on mobile platforms for logins
  • Improved password management features on new user creation
  • Fixed data validation when updating the user profile
  • Updated format of the unauthorized access page and footer

[0.1.1] - 2019-07-10

Added

Changed

  • Updated readme.md file to better describe the modules and build process
  • Various fixes to improve support on Windows (IE and Edge)
  • Disabled service worker code (throwing errors and not being used right now)
  • Removed xlsexport, incompatible with latest Angular framework
  • Fixed duplicate tags on the home page
  • Fixed logic on login/logout/user creation