November 6th, 2025
FedRAMP POAM import incorrectly splitting asset identifiers containing spaces (e.g., "10.10.160.200 ( 2049 / TCP )") into multiple assets
November 5th, 2025
Vulnerabilities connector additions:
Logic to only populate the latest version of CVSS scores
CVE ID suffix to the Issue title
Issue Due date calculations and overrideable defaults based on issue severity
Assets being deduped outside the provided SSP ID throughout various commands
Pieces of evidence not being processed and uploaded during AWS Audit Manager
Incorrect operation counts in Scanner Integration logging outputs
AWS Fixes:
Enhanced framework-aware status mapping for control implementations
control implementation status updates on subsequent runs & improved logging
control pass/fail determination for AWS Audit Manager compliance sync
October 31st, 2025
Misaligned parameters for Wiz job in Automation Manager
October 30th, 2025
Jobs for AWS in Automation Manger for CloudTrail, CloudWatch, GuardDuty, IAM, KMS, S3, SSM, Config Compliance and sync_compliance
October 29th, 2025
Filter validation when translating asset filters to vulnerability filters in the Vulnerability connector
Multiple AWS integrations: CloudTrail, CloudWatch, GuardDuty, IAM, KMS, S3, SSM, Config Compliance and sync_compliance
Improved performance in scanner integration during issue lookup indexing
Scanner integration KeyError for NotAssigned severity in due_date_handler (added default 364-day timeline)
October 29th, 2025
SSP Author
Migrated to a job-based processing approach with significant improvements to scalability and performance
Jobs can be saved and retrieved for later review
Responses improved for professionalism and linguistic nuance
Response Automation
Confidence scores now reflect the strength of contextual information used to answer questions
Job list includes real-time status updates
Expanded to use questionnaires and policies as information sources
Job submission details now display sources used
Responses improved for professionalism and linguistic nuance
Context searching made slightly less restrictive for greater flexibility and broader response discovery
Implemented model parameter tuning to better align generated responses with retrieved context information
AI Generator workflow UI clarifies that a questionnaire response instance ID is required as input
Response Automation search fields in job list and sources list work correctly
UI improvements and minor fixes in Response Automation
Policy Templates save correctly when uploaded through the UI
October 28th, 2025
Minimized the amount of logs generated in Automation Manager
Hidden service account expiration no longer causes service disruption
Using the search bar in Automation Manager no longer disrupts integrations
Updating a secret now correctly filters secrets for the selected job
Red outline no longer appears on optional fields after being populated
Fetching names for a security plan no longer changes the selected SSP for subsequent inputs
Integration count now updates correctly when using the search bar
Intermittent “Automation Container Connection Error” pop-up in Automation Manager eliminated
Download button for job logs now functions correctly
Tooltip messages now display properly on fields
Export Builder can now create tables of controls with required data
October 27th, 2025
FedRAMP POAM import validation asset existence check before POAM import to guide users to import inventory first if no assets exist in the Security Plan
Completed Initial CSAM integration
Support for importing Configuration Findings tab from FedRAMP POAM Excel files
Configuration Findings sheets are now detected and processed alongside POA&M Items
Controls field (Column B) from Configuration Findings is mapped to affectedControls in RegScale issues
Improved control matching during fedramp import_cis_crm
Model command to utilize RegScale model methods and handle updates and creations using one workbook
Filtering vulnerability data for the provided asset filter in the Vulnerabilities connector
FedRAMP POAM import:
Asset parsing to handle multiple delimiters and long asset names
Detect and skip header/description rows in various file formats
Skip asset parsing when asset identifier field contains description text
Parent ID errors and validations when processing files with non-standard formatting
Status determination for Configuration Findings sheets (now correctly identified as Open status)
TypeError in and commands when control implementations have missing controlOwner or control fields
Property creation during FedRAMP POAM import
Final output of build-query command in the assets and vulnerabilities connector to match the filter for each connector
Routine dependency updates
October 21st, 2025
Subform redesigned to improve usability and make subform buttons more visible
OSCAL models updated to latest version
OSCAL endpoints moved to dedicated OSCAL controller
Removed IssueScreener Role
Assigned workflows show up in the Workbench
Issue User, Case User, and Threat User can access Questionnaires Module
Workflows assigned to functional roles can be started
CMMC export includes all inherited statements and related policies
CMMC Component export to only retrieve active components
Export for eMASS Hardware/Software to correctly populate the "Critical Information System Asset?" column with Yes or No
PUT updates to /api/assessments and /api/securityplans
Web hook calls for Questionnaire Instances created before 6.20.17.0
Assessment User, Case User, Issue User, Security Plan User, and Threat User can now access tasks
Pie chart detail results displaying correctly
Ability for General Users to search Components, Issues, and Security Plans
Extra ampersand(&) appearance in SSP Appendix A Export
Removed Response Actions option appearing in the Incidents module
Workflow updates go to the correct workflow and not just the first
Data entered in different tabs is retained even after saving forms
Response Automation module search functionality
Control Implementation Summarization not showing completed for planned status
Wayfinder Builder listing page formatting issues
OSCAL Security Profile sort order on export by control ID
Null seeding message on startup for custom fields
October 20th, 2025
Logic to Sicura integration to a RegScale Security Plan's control implementations to build a control profile scan for the assets
Mapping CCI data for control parts for NIST 800-53 rev4 and rev5 catalogs in cci_importer integration
Microsoft entra evidence collection to use .xlsx files to preserve data format
Wiz vulnerability integration handling of findings with missing asset containers or None severity values
Added support for "INFO" and "NONE" severity levels from Wiz findings
Improved error handling to prevent crashes when Wiz returns null values for asset references
Not filtering assets and findings from Tenable IO with the provided tags
Mapping vulnerability severities during Aqua import
Logic when handling region during the AWS integration
