Release Notes

Added

• Added support for Microsoft Defender via CLI/APIs
• Software Inventory Tracking
• Many additional fields for asset tracking
• Added support Azure blob/object storage
• Added Datadog Application Performance Monitoring (APM) for SaaS
• API for filtering issues by integration type
• Added support for Software Bill of Materials (SBOM)
• PrettyJSON print functionality with dark mode
• Security.txt record for security researchers to contact RegScale for vulnerabilities (https://securitytxt.org/)

Changed

• Patched Kendo libraries, Angular, TypeScript, and other libraries
• Bug Fix: Fixed catalog spinner not disappearing when import is completed
• Security: restricted sensitive API calls
• Security: Enabled Content-Security-Policy
• Tech Debt: Stored CSS files locally to prevent need for internet access
• Removed Google Maps feature – now supported via external Business Intelligence reporting
• Refactored System Configuration UI
• Bug Fix: corrected issue where Tenant ID may not be properly set for a new user in a tenant
• Security: added server side checking for User Profile edits to prevent account spoofing
• Security: comment metadata is now set server side
• Security: Limited LDAP logging to avoid exposing sensitive information
• Performance: Improved indexing for returning logs in the admin panel

Added

• Increased logic, cascading, and logging for deleting security plans
• New APIs to support the Reminder CLI
• OSCAL: SSP Export upgraded to support 1.0.4 version
• OSCAL: Added support for exporting inventory
• OSCAL: Now exports all SSP properties
• OSCAL: Comments are now exported as remarks
• OSCAL: Attachments and links are now exported as links
• OSCAL: Objectives are now exported as statements
• OSCAL: Added generic method to export all properties of an object in OSCAL format, enriched data in the export
• OSCAL: Added specific validators to prevent errors in the export

Changed

• License check is now performed pre-login
• Bug Fix: Fixed legacy Atlasity tag on email notifications
• Improved performance of bulk deletes on subsystem records
• Bug Fix: Security profile importer now has the correct label
• Bug Fix: Categorization no longer shows the toolbar options (print, email, etc.)
• Security Patching: Nuget and NPM

Added

• Risk Assessment Wizard
• Reminder APIs to support the CLI
• OSCAL Version 1.0.4 enriched for SSP model

Changed

• Patched Telerik libraries with latest upgrades and bug fixes.
• Added timer and progress spinner to catalog upload (useful for long uploads (i.e. for 800-53))
• Bug Fix: properly redirects after login
• Security: Password reset must always be done server side now.

Added

• Billing/Utilization system
• Improved error handling for file uploads
• Task reporting

Changed

• Added way to revert inherited controls back to a default status if done by mistake
• Archived controls can now be found when looking up a control implementation’s parent security control
• Time Travel system now removes HTML tags and properly formats text for display to the user
• Bug Fix: Kanban now properly resets status when moving from “Closed” to “In Progress”
• Group list is now sorted alphabetically and permissions were relaxed for READ operations
• Workflow: Selecting a workflow now auto-closes the modal in the subsystem

Added

• New assessment reporting

Changed

• Bug Fix: Password buttons are now hidden for AD/LDAP users
• Bug Fix: Filter tasks now works properly on the list view

Added

• Access Logs added to User Admin Panel
• AD/LDAP Distinguished Name is now inferred v/s explicitly set on login (supporting a wider variety of configurations)
• Centralized Avatar component used throughout the application
• Security Plan Mega API to pull all details and pre-format for processing
• Additional details now print on the Security Plan:
  • Objectives
  • Parameters
  • Attachments
  • Comments
  • Links

Changed

• Added ID tags to all home page elements to support automated E2E testing
• Added default alert if a user logs in without any roles assigned
• Bug Fix: Tweaked alerts for creating System Admininstrator in the Admin Panel

Added

• Password complexity component to centralize business logic
• New multi-tenant management experience
• Distinguished Name field for customizing AD/LDAP sync functionality

Changed

• Bug Fix: Tenant manager now redirects properly to the Admin form for new tenant setup
• Improved formatting/spacing for license info

Added

• Now able to enable/disable the email feature in RegScale
• Copy component – for easily copying and pasting info to the clipboard

Changed

• Improved error handling for detecting invalid or malformed JSON uploads for a catalog or profile
• Bug Fix: Now prevent Chrome autofills on Email form
• Security Enhancement: All email now requires authorization to send
• Bug Fix: Catalogs now correctly set the UUID
• Enhancement: Added fallback to try and find a control by ID when importing a profile (more resilient)

Added

• Ports and Protocols tab to Interconnects
• Increased SQL Timeout for Long Running Jobs
• Ability to edit links
• Refactored security plan print to pull more data

Changed

• Bug Fix: Fixed minor formatting issues on Look Ahead and New Form Cockpit
• Minor color and styling tweaks throughout the application for issues
• Enhancements: Inheritance now only displays security plans for selection with one or more inheritable controls
• Mnor improvements to fonts/styling throughout the application
• Bug Fix: Continuous Monitoring now logs properly to history
• Bug Fix: Login “admin” check is no longer case sensitive
• Tenant form now defaults to the User view in the IAM panel

Added

• Support for Exporting/Importing Profiles via OSCAL in RegScale
• Redesigned Master Assessment/Continuous Monitoring System
• Improved UX for managing Users
• Gantt Chart – now supports toggling for a List View
• Added new risk fields – Title/Unique ID and Risk Tier
• API for retrieving license info (used by RegScale-CLI)
• Login now captures history of logins by users
• Added a guided/interactive walkthrough for Admins to setup RegScale
• Added a Setup panel for Admins to guide progress for initial system setup
• Refactored catalog upload to be more performant and resilient for large catalogs (i.e. 800-53)
• Spinner added to Logs page when looking through large amounts of data
• AD/LDAP Sync now shows directory attributes to assist in mapping, refactored and improved UX
• Added ability to deactive/delete all AD/LDAP users for the Global Admin account
• Lightning assessments now prompt you to create tests if none exist

Changed

• Bug Fix: RMF mapping features are now properly locked to enterprise
• Bug Fix: Service accounts no longer show in the User Role assignment list
• Bug Fix: Bulk editing security controls now works properly
• Bug Fix: Inherited controls now properly show in the wizard for security plans
• Bug Fix: Added try/loopback logic on catalogs (avoids intermittent network errors on very large catalog uploads)
• Bug Fix: Master catalogs are now locked to Enterprise Edition
• Bug Fix: Mapping conversion panel now dismisses the modal
• Bug Fix: Notifications can now be properly disabled in the Admin panel
• Bug Fix: Modal for AD/LDAP sync now renders properly
• Bug Fix: Tested and fixed all catalog import/exports
• Bug Fix: OSCAL Profile exports now work properly
• Consolidated all export functionality to simplify code
• Added Excel export option to tables in reports
• Improved design of headers within the Admin panels
• Components can now use the Continuous Monitoring feature

Added

• Admins now have the ability to manually change a user’s password

Changed

• Bug Fix: AD/LDAP sync now properly shows/hides based on enabling/disabling the feature
• Bug Fix: Administrators can no longer change other user’s profile pictures
• Bug Fix: Several options for configuration now properly disabled for the Global Admin account
• Bug Fix: Categorization header on the modal now formats properly

Added

• N/A

Changed

• Inheritance engine now only allows inheritance of Security Plan controls that are flagged as inheritable
• Bug Fix: Navigation panel now properly pulls the correct controls in all situations

Added

• Inheritance Engine
• Lineage Tab now shows inheritance info

Changed

• User ID is now copyable to the clipboard on the User Profile
• Replaced Bootstrap Modals with Angular Material
• Multiple minor enhancements to reporting
• Fixed bug with strange characters sometimes showing in Kendo UI
• Added CISA KEV as a Threat Type
• Bug Fix: Project builder now properly links to profiles
• Bug Fix: CMMC fields now properly show/hide
• Bug Fix: Fixed periodic errors fetching a user ID

Added

• Ability to delete Custom Reports on List Views
• Added multiple new reports for Issues/POAMs
• Added support for Red Hat Universal Base Image (UBI) containers for RegScale
• Added support for publishing RegScale containers to Amazon Container Registry
• Redesigned Look Ahead system on the main dashboard
• Added Azure Sentinel SIEM/SOAR monitoring for managed service customers

Changed

• Issue Report by Date Range – can now show/hide details
• Refactored list views to remove unnecessary services
• Bug Fix: Drilldown for assessments, issues, and risks on the Status Boards now pulls all data regardless of what level it is stored
• Bug Fix: Categorizations can now be properly exported
• Refactored reports based on customer feedback, added minor new features

Added

• Categorization Engine MVP
• News Feed Redesign for the Main Dashboard
• eMASS Exports

Changed

• Added custom icons for the modules in the navigation menu
• Added missing module toggles for Components and Catalogues
• License check now trims whitespace to avoid copy/paste errors
• Bug Fix: Fixed issue with non-OSCAL naming convention not showing objectives
• Bug Fix: Made “Name” a database required field for Security Profiles
• Bug Fix: Icons now load correctly without a 3rd party pre-loading NPM package
• Bug Fix: Assessment charts now render correctly on list views
• Bug Fix: Supply Chain Status Board – chart rendering issue
• Bug Fix: Replatformed icons to remove NPM package and work with Angular 14
• Bug Fix: Fixed search on Requirements Navigation Bar

Added

• Improved Control Status visualization across Status Boards and Scorecard
• Ability to describe the mitigation type for a control for a risk (Key Control or Compensating Control)
• Master Assessment now allows the user to select specific controls to assess in support of continuous monitoring programs
• Status Boards now pull deep-linked issues and risks for a more complete compliance picture (matching the Scorecards)
• Optimized startup file configuration
• MVP of Risk Status Board

Changed

• Fixed coloring on Status Board aggregate view for control status
• Bug Fix: Security controls can now be edited
• Bug Fix: Wrapped Serilog in try/catch to ensure it doesn’t block new installation startup
• Renamed Master Assessments to Continuous Monitoring
• Refactored status board logic to be more efficiently rendered, multiple minor bug fixes
• Consolidated SSP and Component status boards into one
• Consolidated compliance scoring for status boards and score cards
• Master Assessments now can be scheduled for components
• Added Draft as a Risk status
• Added Validation to do NULL checks on strings

Added

• Now supports dynamic OSCAL content authoriing for objectives and parameters
• Parameters now inherit from their parent catalog
• Added advanced logging support via Serilog
• Added support for parsing and dynamically updating OSCAL parameters in the control implementation module
• Added SignalR for real-time communications on notifications (removed polling)
• Added Route Titles in Angular
• Addded Logs tab to the Admin panel to improve Customer Support experience
• Added notification toast when classification options are saved/removed
• Added a new “toast” system for notifications using Angular Material
• Deep linking to Jira tickets for Issues/POAMs
• Component name now shows on control implementation list view
• Database rearchitecture in Entity Framework to allow multiple database support
• ServiceNow integration
• “Inherited” option for a Control Implementation status

Changed

• Bug Fix: Page now refreshes after editing license key
• Username and password are now trimmed of whitespace to avoid paste errors
• System service-account no longer shows in the user list
• Fixed CSS on user role tables
• Bug Fix: can now create a component from a SSP
• Implemented AsNoTracking on all read queries to improve query performance against the database
• Removed legacy logging system
• Removed blank status option for Requirements
• Bug Fix: Controls can no longer be added as children to Assets (only to their parent Components)
• Suppressed false errors on Angular build
• Removed legacy Jira code (now bulk processes in CLI)
• Refactored to fix FirstOrDefault inconsistency bug
• Assessment buttons now intelligently show/hide based on the state of the form (isDirty)
• Fixed critical alerts from Sonarqube
• Security Plan Status Board now properly reflects all status options for a Control
• Bug Fix: Progress calculation on control navigation strip now excludes NA and Inherited from total

Added

• Deep linking for Wiz.io issues in RegScale
• Enhanced container error logging for LDAP issues
• Control navigation bar in the Control Implementation and Requirements forms
• New Assessment and Naviations System UX for Controls/Requirements
• Added support for AWS Simple Email Service (SES)
• Added mouse hover effect for Status Board links
• Angular 14 upgrade
• Ugraded CI/CD deployment process – removed legacy pipeline files

Changed

• Improved signaling for Volpe integration (better handles errors on Volpe side)
• Improved threat data validation
• Security Plan Print – now shows additional parent control fields
• Security hardening, patching, and remediation from penetration tests
• Added a spinner to the Password Reset to visualize progress
• Bug Fix: Multiple drilldown issues fixed on Status Boards
• Bug Fix: Component to Asset mapping is now fully bi-directional
• Security: All Nuget .NET packages patched and updated
• Removed legacy/inefficient AI code
• Security: NPM upgrades/patching of packages
• Caching bug fixes on tenant form
• Bug Fix: Data Call – fixed missing toasts
• Bug Fix: Security Controls – Control ID is now sortable

Added

• Deep linking URLs to support SSO use cases
• eMASS fields added to the risk form
• Risks and Issues can now be tightly related for improved risk modeling
• Risks and Incidents can now be tightly related for improved risk modeling
• Risks and Threats can now be tightly related for improved risk modeling
• Modules now have a label tag in the Compliance Cockpit for ease of module identification
• Threats – now have a “Date Resolved” field
• Compliance cockpit now has a tooltip showing the full title for longer length titles

Changed

• Bug Fix: Interconnects modules now display correctly
• Interconnect form – conditionally shows red asterisks for date fields
• Security Plan form – conditionally shows red asterisks for date fields
• Risk from – conditionally shows red asterisks for date fields
• Security – Password reset token can now be used only once (formerly were good for 24 hours – now will expire in 24 hours or upon first use)
• Enhanced formatting of Compliance Cockpit
• Added a tooltip to Transformer to explain “Master” catalog
• Incidents module now has a new Forensic tab
• Threat module has a new Analysis and Mitigations tab
• Risks – “Mitigation Effectiveness” is now a required field

Added

• N/A

Changed

• Bug Fix: Objective options now save and refresh correctly
• Bug Fix: Avatars now can be changed without refreshing the page

Added

• Enhancements to Issue Reporting

Changed

• Bug Fix: Report page renders properly
• Bug Fix: SPRS drilldown on View link

Added

• Enhancements to Toast System
• Enhanced Custom Field validation
• Assets can now be mapped to many components
• Components can now be created stand-alone (not required to be a child of a security plan)
• Components can now be mapped to many security plans
• Can now load default tests from the catalog into control implementation tests (templates from the catalog to feed Lightning Assessments)
• Added spinners when building artifacts using the Builder Wizards to show progress
• Objectives tab on control implementations now shows/hides based on parent catalog
• New top navigation system to better organize modules
• Unit testing framework to support automated testing
• Wiz integration for Assets
• Report – Issues by Time Range – query and see status of closing issues/POAMs due in a given time range, grouped by issue owner
• Explorer now shows the Level flag for better visual indication of the tiering
• Added logging and spinners to better show progress when importing and deleting catalogs

Changed

• Bug Fix: Can now add Assets to Components
• Bug Fix: Asset mapping APIs are no longer hidden
• Profile mapping engine now shows IDs of the parent catalogue
• Bug Fix: Fixed intermittent bugs on Component and Project Builder Wizards
• Refactored assessment services for performance optimization
• Bug Fix: Fixed naming convention on Excel download files
• Trivy was added to the container build as a second vulnerability scanner for defense in depth
• Startup file was refactored to be more efficient on launching the application
• Improved logging to detect intermittent upload errors with catalogs
• Bug Fix: Avatars render properly on user admin forms
• Bug Fix: Added null check for custom fields on security control form
• Bug Fix: Subsystems now show properly on security control forms
• Bug Fix: Catalog export now excludes archived controls

Added

• N/A

Changed

• Bug Fix: Removed Avatars on Excel downloads
• Bug Fix: Improved error handling for catalog uploads
• Bug Fix: Corrected intermittent issues with custom fields

Added

• N/A

Changed

• Fixed POAM tab not showing
• Improved RBAC logging for access control issues

Added

• N/A

Changed

• Improved hide/close button on builders (always shows)
• Questionnaires now have a BETA tag
• Cleaned up legacy Print, Email, and Export code
• Bug Fix: Errors on Project Builder
• Build optimizations on backend
• Supply Chain tables now sort correctly by Title
• Create New stakeholder button now shows/hides when displaying the data entry form
• Updated SPRS Report CMMC Links
• Password confirmation now supports additional special characters
• OSCAL download now working correctly
• Bug Fix: Fixed error where numbers were sometimes converted to dates by the Time Travel system

Added

• Redesign of the Compliance Cockpit and RegScale form system
• NGRX for client side caching and extreme front-end performance improvements
• Updated Support Links to the new RegScale Hubspot system
• Component Builder

Changed

• Refactored all Builder code
• QA: Added validation to Supply Chain cost fields (contract value, funded amount, and actual costs)
• Reordered case management form to be more logical for data entry
• Fixed user button label
• Various minor bug fixes from Sonarqube
• Section 508 improvements
• Minor bug fixes and enhancements throughout the application
• Updated and improved icons and styling
• Date check bug fixes throughout the forms

Added

• Catalog import/export now include child tables
• API to retrieve a specific service account
• API to rename a system security plan
• Integrations for Security Plans with Wiz Projects, ServiceNow Assignment Groups, Jira Projects, and Tenable Asset Groups

Changed

• Bug Fix: Printable version of control implementation now works
• Updated verbiage in the Time Travel system
• Control tests can now be batch created
• Scorecards are now properly locked to Enterprise Edition customers
• CSS: Explorer now shows link cursor for child items
• Rebased to master to pickup CI/CD changes
• Bug Fix: Transformer mappings now work properly on the security plan print form

Added

• Added ability to exclude components from SPRS report
• Added account lockout features (5 bad passwords disables the account)
• Added a Close button for the Explorer modal

Changed

• Bug Fix: Subsystems now show correctly on control implementation form
• Bug Fix: Prevented API calls that were throwing errors when unauthenticated
• Bug Fix: Can now delete tasks from the Kanban board
• Bug Fix: Control Implementations now render properly for emails
• Bug Fix: Added validation for Draft issue status
• Bug Fix: Security Plan Print now works properly

Added

• N/A

Changed

• Hot Fix: License count now calculates correctly on login

Added

• SPRS Rollup Report available for NIST 800-171 (rolls up score for SSP and all child components)
• Control Implementation – Navigation buttons now check for changes before allowing navigation away from the page (Next and Previous buttons)
• Added Mediatr pattern for improved testability of C# code
• Catalog Import/Export now processes child records of the security control (objectives, parameters, tests, CCIs)

Changed

• Bug Fix: Fixed View Model for Control Implementations – dramatically reduced data query size
• Controller optimization for improved API performance at scale
• Bug Fix: Gantt chart queries now execute exponentially faster
• Bug Fix: Gantt chart hidden for new records
• Bug Fix: License key generator fixed after Node.js patch
• Bug Fix: System configuration now listens for license key changes and updates after saving

Added

• Added support for DISA CCIs to support STIG scanners
• Added support for classification banners in the header/footer of the application

Changed

• Bug Fix: Licensed user count no longer counts deactivated users
• Exceeding licensed user count no longer prevents login, just throws a warning

Added

• Added Cancel button when editing RegScale system configuration
• Added Parts to Objectives to support OSCAL modeling
• Added Parameter Types to Security Controls (extension to OSCAL for improved automation)
• Added Parent Parameter to Control Implementation parameters (allowing inheritance from a catalog’s parameters to better align with OSCAL)
• Added API to retrieve all Objectives for a given catalog

Changed

• Bug Fix: Corrected issue with generating new license keys after patching CryptoES
• Bug Fix: “Other ID” on Control Objective is no longer required
• Bug Fix: Removed datetime checks on required fields in C#, removed compiler warnings
• Bug Fix: Fixed loop logic in ApplyProfile C# API
• Bug Fix: Security Control subsystems now listen for changes when navigating
• Improved formatting and labeling of security control objectives

Added

• API for applying Security Profiles via API
• Extended Issues/POAMs module to support all FedRAMP fields
• Added support for the CISO Known Vulnerability Exploits feed

Changed

• Bug Fix: Inheritance of objectives on the SPRS report is fixed

Added

• N/A

Changed

• Security Plans now hide Gantt Chart and Ports/Protocol tabs until the record is saved
• Refactored security plan builder to work more efficiently and consistently, removed redundant code
• Builders: View profile links now work properly and open in a new tab
• Builders: Now close consistently after clicking finish
• Added server side validation for Case management status/date resolved

Added

• N/A

Changed

• Bug Fix: Control implementations now search properly in the Relationship module
• Bug Fix: Multiple enhancements to the SPRS report

Added

• Security – forced patching of the base image prior to initial build

Changed

• Minor bug fixes to builders
• Changing an Implementation Option now changes the status of all related Objective option selections
• Bug Fix: Component Statusboard now pulls issues from all levels
• Tweaked CI/CD build and release files
• Minor Sonarqube bug fixes

Added

• New UX for builders for:
  • Policies
  • Security Plans
  • Supply Chain
  • Projects
• Added Sonarqube Cloud source code scanning
• Added additional fields to the user object:
  • ExternalId – for syncing with external accounts (i.e. Active Directory)
  • DateCreated
  • LastLoginDate
  • Read-Only Flag
• Improved User Experience for Scorecard

Changed

• Cleaned up CI/CD pipeline files
• Added API to pull a simple list of user accounts (with no sensitive data)
• Removed legacy Cypress testing to reduce file size of the build
• Added API to support bulk syncing of Azure AD groups

Added

• Views can now be toggled between SSP and Component on the SPRS Report for NIST 800-171

Changed

• Toggle now available to show objectives in a printable form for each control on the SPRS Report for NIST 800-171

Added

• SPRS Report – bug fixes and added logging to show missing objectives

Changed

• Created View/Create models to simplify the APIs for creating and updating Profile Mappings
• Bug Fixes: Minor tweaks to Component Dashboards and Gantt charts
• Bug Fixes: Profile mapping not showing in the API list

Added

• Subsystem redesign of the UX
• New SPRS scoring report for NIST 800-171
• Categorization functionality to RegScale to better support control selection for overlays
• Issue Gantt chart functionality for visualizing issues/corrective actions
• Component Dashboard

Changed

• Bug Fix: Fixed security plan builder issue where some controls improperly showed redundant
• Bug Fix: Comment alerts on delete are more intuitive.
• Bug Fix: Link alerts on delete are more intuitive.
• Bug Fix: Comment alerts now work on creating a new comment.
• Bug Fix: File system deletion alerts are now green v/s red on success.
• Bug Fix: Subsystem now hides until loaded.
• Bug Fix: Classified records now wrap properly in the subsystem.
• Fixed rebasing issues across branches

Added

• Aggregate APIs for pulling bulk data visualizations in external data visualization tools
• Explorer now auto-expands the current record and shows/hides the sneak peek if you are already on the record
• Requirement form now shows the parent control if it exists in the Regulations tab
• Component Status Board
• Lineage and deep linking added for Assessments and Risks (previously just on issues)
• Aggregate queries added for external data visualization

Changed

• Bug Fix: Main dashboard for security plans now loads with no data (checks for null first)
• Bug Fix: LGPL license now points to RegScale
• Bug Fix: Form labels now display correctly for change password, password reset, and confirmation pages
• Bug Fix: Added validation to prevent the maximum length of a Requirement title from being exceeded
• Requirement form reorganized to show/hide fields based on whether it has a parent control
• Bug Fix: Child issues and assessments now showing correctly on the Policy Status Board

Added

• Added UUID info for the user on the workbench
• Reformatted user profile page

Changed

• Hotfix: Issue External ID queries refactored for non-null set
• Bug Fix: Spinner updated for OSCAL export for security plans
• Bug Fix: CSS styling on Workbench

Added

• N/A

Changed

• Hotfix: Issue External ID queries refactored for null set

Added

• Improved user caching to make more consistent
• New dashboards/home page design
• Ability to link issues to multiple records/tiers for ease for querying and reporting
• Issues can now be related at multiple layers for ease of querying/reporting, to include:
  • Control Implementations
  • Assessments
  • Requirements
  • Security Plans
  • Projects
  • Supply Chain
  • Policies
  • Components
  • Incidents
• Added a bulk processor API to issues to allow the RegScale CLI to do bulk conversions for customers with legacy data
• Project, Security Plan, Supply Chain, and Policy Status Boards redesigned and improved UX

Changed

• Subsystems – close button made smaller and moved to the top to avoid visual confusion with Save button
• Time Travel UX refactored to work better in a modal view
• All Find by “External ID” APIs on issues now return multiple records instead of a single (Prisma, Wiz, ServiceNow, and Jira)
• Added method to show plural name of modules in the Module Service
• Improved Login styling
• Bug Fix: Fixed issue where spinner would sometimes not dismiss on session timeout from the login page
• Bug Fix: Parent ID and Module now passes correctly to the new record creator
• Bug Fix: Editing security controls now works properly
• Bug Fix: Catalogs now corectly display metadata
• NPM package updates for vulnerabilities
• Fixed footer links to point to RegScale.com and updated EULAs and Privacy Policy

Added

• Kanban view optimized to be in a modal view

Changed

• Added configuration to slow down monitoring endpoints
• Removed legacy Cucumber testing tags on the List Views
• Bug Fix: Lightning Assessment sliders now work again
• Bug Fix: Kanban drag and drop now works correctly/consistently

Added

• Copy token button added to user profile
• Health monitoring system added for RegScale
• Add multiple new layers to the Security Control model for OSCAL to improve the UX:
  • Implementation Options
  • Test Plans
  • Control Objectives/Enhancements
  • Parameters
• Added spinner to Transformer to show that it is still processing for larger data loads
• Objectives can now be assessed at the control implementation level
• Added the ability to categorize risk through various lenses
• Added support for Risk Trending
• Added level of effort for Tasks and Issues to help with resource loading
• Added CMMC Asset category to components and assets

Changed

• Bug Fix: errors with date filters pulling on the dashboards
• All dashboards are now driven by a year selection
• Added more options for Security Plan and Control Implementation Status
• Bug Fix: Requirements and Security Controls now parsed correctly in Explorer
• Bug Fix: Subsystem Reload after Save
• Bug Fix: Health check stylesheet now served properly within a container deployment
• Classification levels can now be archived from the List View
• Ports and Protocols: default end port to be the same as the start port
• Changes to ports and protocols now are logged in history
• SSP OSCAL export now provides more control implementation metadata

Added

• TreeView visualization to Explorer – accordion expansion
• Volpe Threat Modeling Integration – MVP 1

Changed

• Bug Fix: Formatting on system configuration
• Changed favicon to new RegScale logo
• Optimized all images for faster browser loading

Changed

• Bug Fix: Fixed .NET Core bug with IIS 6

Added

• Added support for Volpe Risk Modeling integration
• History table is now sortable and filterable
• Drilldown is now available on all charts

Changed

• Bug Fix: Fixed formatting on Lightning Assessment Header
• Bug Fix: Eliminated security risk on password reset
• Improved visualization, sorting, and filtering on My Activity and the News Feed
• Improved button layout for user management
• Email service improved with better logging/validation

Changed

• Bug Fix: .NET Core Optimizations

Changed

• Bug Fix: Removed legacy wait-for-it script, made SQL startup more resilient

Changed

• Bug Fix: Bash optimization for multi-stage build

Changed

• Bug Fix: Added bash back to the Linux container

Changed

• Bug Fix: Permission error on wait for it.sh file

Changed

• .NET Core Version 6 upgrade including all Nuget packages
• Container hardening and upgrades

Added

• Rebranded from Atlasity -> RegScale
• New form system design with three columns and floating toolbar
• Tenable.sc integration
• Jira integration
• Ability to model control implementations by responsibility (i.e. provider, customer, shared)
• New Overall/Master dashboard for home page
• Requirements now support Lightning Assessments
• Scorecard now implemented for Projects, Supply Chain, Components, and Policies
• Angular 13 upgrade
• Loading spinnners added for sending emails
• Security Controls can now be exported
• Add labels to drill down charts on the List Views
• Added links to online documentation
• Header to dashboard

Changed

• Improved the loading spinner implementation when fetching data
• Dashboard filters can now be toggled on/off
• Security Plan status board now has tabs to toggle between individual and aggregate views
• Bug Fix: Fixed issue with incorrect lookup of catalog title on Transformer
• Bug Fix: Copying a requirement no longer copies last assessment result
• Bug Fix: Policy Status Board now calculates ‘Not Assessed’ status correctly
• Bug Fix: Service Accounts are now properly locked as an Enterprise feature
• Supply chain module can now track actual costs
• Project module can now track actual finish date
• All spinners are now consistently styled
• Removed legacy PWA code
• Refactored to remove a large amount of redundant code
• Profile mapping moved into a tab v/s subsystem
• History visualization now shows by default and has labels
• Cause Code Tree is now in its own tab
• Upgraded Kendo UI for Angular packages to the latest
• Security patching of NPM packages
• Bug fix on Requirement controller
• Updated routing to allow for more efficient copying
• Profile Mapping User Experience enhanced
• Fixed periodic rendering issues on history visualization
• Swagger API cutover to RegScale branding – no impact to customer integrations/routes
• Bug Fix: Fixed RBAC errors on default settings (parent inheritance working again)
• All Builders/Wizards have the UI/UX refactored
• Scorecard now defaults to showing open issues v/s total
• Bug Fix: eliminated double API calls to the subsystem
• Bug Fix: requirement module now correctly pulls control tests

Added

• Enriched data model for Catalog OSCAL export
• Supports namespaces for OSCAL
• Ports and protocol support added for Assets, Components, and Security Plans
• Azure Active Directory (AD) Single Sign On (SSO) Support
• Integration dashboard for improved ease in managing integrations
• Added ability to generate Personal Access Tokens (PATs) to support Service Accounts that can be leveraged for API automation
• Added integration with MITRE Security Automation Framework (SAF) via Inspec/STIG profiles using OSCAL
• Indicators to grids to better indicate sorting functionality
• Master assessments now allow you to visualize the individual assessments that make up the overall score
• Added support to generate OSCAL SAP/SAR documents from Atlasity assessments
• Improved dashboard visualizations including stacked bar charts
• Profiles now display info for Control Ids and and Catalogs

Changed

• Bug Fix: Check for null on Login Banner
• Bug Fix: OSCAL Security Plan export handles null dates
• Bug Fix: OSCAL Catalog export handles null dates
• Lightened N/A CSS on the Security Plan Scorecard
• Bug Fix: Fixed memory leak to unsubscribe on notifications
• Replaced Chart.js with Telerik Charts – improved UI
• Replaced eCharts pie charts with Telerik Charts – improved UI
• Improved UI for Security Plan Print – added Catalog data
• Improved UI for Security Scorecard – added Catalog data
• Added “Automation” fields to assessments to support OSCAL and integrations
• Improved labeling around risks
• Bug Fix: Control Id is now sortable
• Default styling changed for form focus
• Workbench impersonation renamed
• Custom fields now show a default view when no fields
• Bug Fix: Some fields were not sorting correctly and have been fixed
• Bug Fix: Copy security control did not copy control type
• Bug Fix: Deactivated users can no longer log in
• Moved custom fields to a tab on the component form
• Custom fields all moved into the tabbed interface
• Bug Fix: Copy security control did not copy control type
• Bug Fix: Catalog print now correctly displays all controls
• Back button only prompts warning if data has changed (form is dirty)
• Login now redirects to the dashboard as the Home page
• Bug Fix: Control implementation sorting now works in the grids
• Security: Added a flag to allow the warning banner to be bypassed for security scans

Added

• Validation to .NET controllers and simplified Create/Update APIs
• Security profiles can now be printed and emailed
• Added Login Banner capability that can be customized by tenant
• Added Privacy Police notice to the footer of the application

Changed

• Removed ElasticSearch integration
• Added ability to toggle on Sentry.io monitoring with an environment variable for .NET Core
• Removed Angular Sentry.io monitoring (not useful)
• Bug Fix: Workflow enabled for cases
• Bug Fix: Notification link now works for questionnaires
• Bug Fix: Pivot table visualization works for cases
• Bug Fix: Toasts now correct when creating a new organization
• Bug Fix: Component print and email now works

Added

• Integration fields for issues (JIRA, ServiceNow, Wiz, Prisma)
• Classification subsystem
• New tenant auto-seeds picklist metadata
• Indexing for Relationships module to improve performance
• Indexing for Classified Records to improve performance
• Indexing for Events/Timeline to improve performance
• Indexing for Workflow to improve performance
• Indexing for Cases to improve performance
• Additional features and functionality for OSCAL exports of Security Plans and Components

Changed

• Patched JWT Nuget package to address security vulnerability
• Updated Telerik PROD License Key
• Fixed legacy CSS issues with / and moved to math.div
• Upgraded to Angular 12.2
• Added Step indicator to recurrence wizards
• Added server side data validation and API simplification for assessments and issues
• Custom fields now print
• Added warning when creating a custom field that data type cannot be changed
• Added properties to parameters for OSCAL

Added

• Scorecard now shows modal for open issues

Changed

• Added Control ID to show on the control implementation form
• JWT tokens now expire in 24 hours instead of 2
• ControlId added to Transform Mapper
• Transformer now refreshes controls when the base control changes
• Fixed duplicate IDs on the catalog form
• Fixed bug where child issues were not always pulling correctly on the Scorecard
• Fixed bug to default printable if security control type is undefined
• Security groups are now sorted for RBAC
• Lightning assessment always refreshes when closing the page now
• Fixed CSS styling on date picker controls
• Added CSS styling to show N/A controls are excluded from Scorecard calculations
• Fixed bug where control type was not being set properly when loading a new catalog

Added

• Security Plan Scorecard
• Added Wizard interface for Assessments, Data Calls, and Tasks Recurrence

Changed

• Bug Fix: All events on the status board are now processed correctly when hovering over the heat maps
• Uploading files now generates a toast to confirm the upload
• Softened colors on the Security Plan Status Board
• Bug Fix: Bulk edit of control implementations now works properly
• Bug Fix: Last Assessment hover fix
• Improved tooltips on the Status Boards
• Bug Fix: Updated date formatter based on NPM library update

Added

• Case Management Module
• Added mapping flag to catalogs as a visual indicator
• Enhanced date picker added throughout all modules
• Improved data validation prompts
• OSCAL: Inheritable flag added to control implementations (used for leveraged authorizations)
• Transformer feature now shows mappings in the UI
• Builders now track linkages between profiles and the records they create (OSCAL)
• Dashboards now have pageable/filterable grids
• Catalogs now have links to the source OSCAL file that generated them
• All modules have an API to be queried by custom fields

Changed

• Bug Fix: Catalog title is now a required field via the API
• Performance – rewrote the export JSON functionality
• Bug Fix: Logic was broken on show/hide mapping wizard
• Bug Fix: Confirmation email link now works
• Bug Fix: Registration link now works
• Bug Fix: Removed deprecated Service Account API
• Bug Fix: Can now delete catalogs and security controls with mapped controls
• Added warning when trying to map a catalog with no controls
• Risk matrix removed hard coded thresholds
• Bug Fix: Date picker popups now work in modal windows
• Catalog and security controls are now archived versus deleted
• Bug Fix: Setup now shows for Global Admin on Community Edition
• Bug Fix: Menu options now hidden from the Global Admin account
• Angular 12.1.4 minor upgrade and various npm package upgrades
• Bug Fix: Get all controls by security plan query was not always accurate, fixed lookup
• Bug Fix: Fixed sporadic bug where lightning assessments sometimes would not create for general users
• Bug Fix: Kanban not showing tasks on workbench
• Kanban button colors are now white
• Bug Fix: Tasks on workbench now reset correctly with impersonation
• Bug Fix: Kanban now shows profile pictures again
• OSCAL validation no longer prevents downloads – just throws warnings

Added

• Added Record Level access control to all modules
• OSCAL export functionality for Security Plans, Catalogs, Profiles, and Components with AJV schema validation
• Each Atlasity instance now has a unique GUID tied to its license for improved Software Assurance
• License is now checked on login and access is enforced based on license validity
• Upgraded WYSIWYG Editor
• Recurrence Engine – now allows preview and group assignments
• Performance – major improvements to query performance on list views

Changed

• License key management – Community Edition locks after 30 days and requires a license registration
• License now managed only at the Global Admin account, removed on Setup page
• Added support for Stored Procedures for SQL performance optimization on the backend
• Bug Fix: Org list not shown when creating users using the Global Admin account
• Added password validation when creating a new user
• Bug Fix: Domain now set properly on login
• Multiple backend performance improvements (query optimizations)
• Minor bug fixes and improvements
• AI for issues now driven by a button click instead of defaulted for performance reasons
• Bug Fix: All licensing now set from Admin panel versus environment variables
• Bug Fix: Catalog export now working
• Added Control ID to security control list view

Added

• Added Risk Mitigation module to map controls to risks they mitigate
• Added Control Mapping matrix visualization
• Component module with OSCAL export functionality
• Added builders to components and flowed down to assets (with visualizations)
• Date graphing throughout the application
• Kanban Task Board feature enabled for all modules

Changed

• Assets can now be mapped to many components
• Assets now have tabs to organize the form
• Provided a GUI for adding/managing control parameters
• Angular 12 upgrade
• Swapped crypto-js library for crypto-es (TypeScript friendly)
• Cleaned up NPM vulnerabilities
• Updated NPM dependencies, removed unneeded packages
• Bug Fix: Domain lookup now functions properly under all circumstances

Added

• Added Project Status Board
• Added Supply Chain Builder
• Added Project Builder
• Added Policy Builder

Changed

• BUG FIX: Security plan delete now works and removes control tests and results

Added

• Master Assessment feature (schedule many assessments at once)
• Relationship Manager for many to many linking of records
• Lightning assessments now support links, comments, and attachments

Changed

• Reformatted Quality system on control implementations
• Lightning Assessment feature now hidden when there are no tests created
• BUG FIX: Lightning Assessments works properly again for a single assessment
• BUG FIX: Delete button works again for assessments
• BUG FIX: Toggle off for Supply Chain and Policy now works

Added

• Questionnaire Module
• Added metadata fields to Control Implementations
• Added tabs to Control Implementations UX
• Added quality management to Control Implementations
• Added Risk Maturity Tier to Security Plans
• Added filters to the Calendar for user (default), facility, and org
• Google style search bar added to all modules
• Added Control Tests to each Control Implementation for Enterprise Customers
• Added Lightning Assessment Functionality
• Added a new API to pull all child records for a given security plan in a single call

Changed

• Controls now show in the preview box for the security plan builder
• Bug Fix: Search bar formatting improved for CSS
• Added reset to search on Security Plan Status Board

Added

• MD5 checks and enhancements for Time Travel
• AI Engine built for issue recurrence analysis
• Refactored reporting engine page
• Added summary info to the Security Plan module
• Enhanced pagination support for large data sets
• Added export functionality for all modules (JSON format)

Changed

• Bug Fix: Handled null records on Time Travel and improved formatting
• Bug Fix: Org pivot tables now work when visuallizing records in lists
• Fixed width of user table in the Admin panel
• API key merged into the User Profile versus a separate page
• Bug Fix: Corrected calculation error on the DOD 171 self-assessment scoring
• Added divider between catalog controls on printable form
• Re-organized catalog print page
• Bug Fix: Hide control implementations until save on security control form
• Enhancement: Moved action buttons on user form to the left to prevent scrolling off page
• Security Control weight now accepts decimals; not just integers

Added

• Persists login username in localStorage, uses it to remember username and to check LDAP status

Changed

• Bug Fix: AD/LDAP bug fixed
• Bug Fix: Creating new users

Added

• License key is now driven by the Admin panel versus an environmental variable
• Additional fields for risk modeling
• Added Organization module
• Added Questionnaire backend
• Added Reporting module with DoD 800-171 Self-Assessment Scoring
• Risk visualization to the risk form
• Greater visualization and interactivity to the Security Plan Status Board
• Added visualization for all control implemenations of a given security control

Changed

• Bug Fix: Security plan status board can now handle nulls when parsing data
• Bug Fix: Google Maps API now allows connections from any domain
• Updated licensing agreement
• Updated copyright date
• Bug Fix: Reset on search now resets the data
• Bug Fix: Login now resets the license type without a refresh
• Bug Fix: Can now add multiple users without refreshing, enhanced validation and logging

Added

• More options for risk categorization
• CMMC options to the policy module
• Added ability to handle multiple mapping options via the wizard

Changed

• Bug Fix: Controller fixed for Status Board
• Bug Fix: CMMC data was not printing on security plans or control implementations
• Bug Fix: Search bug fixes for .NET 5 (IndexOf -> Contains)

Added

• Mapping functionality now locked to Enterprise customers

Changed

• Bug Fix: Controller fixed for Status Board

Added

• Added catalogs and support for all baselines of NIST 800-53 Rev4
• Added catalogs and support for all FedRAMP baselines
• API for interacting with unique ControlIds for security controls
• Licensing info now shows on the tenant Admin panel
• Added ability to delete a workflow template step from the designer
• Added ability to delete workflow instances
• Added workflow ID to the workflow instance form
• Major dashboard refactoring and improvements
• Added Parent Slider to the Workflow Instance system
• Added Component module to support the OSCAL standard
• Added Parameter to the data model to support the OSCAL standard
• Added ability to print the full Catalog with all child controls
• Added NIST 800-171 Self-Assessment Report for DoD

Changed

• Bug Fix: Hot fix for DB migration issue
• Bug Fix: Workflow now passes ID properly to the instance page after creation
• Bug Fix: Worfklow system now auto-creates the “System” group if it doesn’t exist
• Bug Fix: Supply chain system now handles null stock data
• Bug Fix: Catalog search now works properly
• Bug Fix: Security controls search now works properly
• Bug Fix: Security Plan status board explanation no longer interferes with My Activity slider
• Bug Fix: Time Travel “Revert” button now works
• Bug Fix: Sort order on custom fields now works properly under all circumstances
• Enhancement: Workflow notifications give a better indication of what is happening (Approval v/s Notification)
• Enhancement: Colors are now consistent on graphs relative to status
• Enhancement: Added advanced visualizations to the security plan status board
• Enhancment: Minor UX tweaks throughout the application
• Enhancement: Added a prompt before reverting Time Travel to a previous state

Added

• Added Control Mapping system to map controls from multiple catalogs into a single control mapping
• Added a unique Control ID to the security control module to allow a “business friendly” control name for easier searching and lookups
• Added AD/LDAP auto-sync job with the ability to map attributes for a deeper sync process with Atlasity
• Custom Fields can now be ordered with drag and drop on the Admin panel. Display consistently on the form.
• Can now view the related module on the workflow template designer

Changed

• Bug Fix: Now hides password related features if AD/LDAP sync is turned on
• Bug Fix: Broken icon on delete toasts fixed across the application
• Bug Fix: Navigation system now shows child security plans for a profile
• Improved data validation on the front and back end; better visual indicators and API protections
• Additional status options for interconnects added
• Bug Fix: Links in Sliders now close modals
• Bug Fix: Notifications now loads properly on login/logout
• Bug Fix: My Activity now loads properly on login/logout

Added

• Time Travel feature implemented
• Bulk editing of security control implementations
• Supply Chain Risk Status Board
• Supply Chain – configuration panel added for analyzing 3rd party risk
• Security Plan – now has form data for Authorization Boundary, Network Architecture, and Data Flow
• Security Plan Form – now implements tabs to make the form more compact with less scrolling
• Security Plan Print – UX improved to add dynamic charting and visualizations
• At a Glance Tags added to security plan for quick visual indication of key data
• User Groups – can now be viewed on the user profile
• Workflow – now tracks start and end times for the overall workflow and each step
• Upgrade to Angular 11 and .NET Core 5.0.1
• Performance Optimization – Supply Chain, Policy, and Security Plan Status Board refactor

Changed

• Bug Fix: Removed domain check since it is config driven.
• Bug Fix: News posts links for Supply Chain and Causal Analysis are now formatted correctly.
• Performance: Index optimization for frequently executed queries
• Packaging: Optimized build to decrease container size
• Security: Hardened the base image to eliminate vulnerabilities and reduce the attack surface
• Refactored News Posts to be more efficient
• Removed Catalog field from security control form (could cause data integrity issues)
• Added new status for Security Plans (Retired/Decommissioned)
• Bug Fix: Removed register new user link on the Forgot Password page
• Bug Fix: Fixed bug that would not allow adding Interconnects to a security plan
• Bug Fix: fixed broken breadcrumb links on the workflow modules
• Group Management – now disabled for Global Admin (god-mode account), must login with regular Administrator role to access group management
• Group Management – UI refactored to improve the user experience
• Workflow Designer – UX refactored to improve the user experience
• Bug Fix: Worflow notifications now go to all users in the group, not just to the first user
• Bug Fix: Added history events for workflow
• Added ability to toggle on/off bulk editing of security controls and added alerts for saves
• Bug Fix: fixed issue with Javascript changing numbers to dates under some circumstances
• Bug Fix: Removed index on control implementations to allow for large field sizes
• Bug Fix: Fixed back button when deleting a security plan
• Bug Fix: Fixed hidden elements from a bad DIV tag on the security plan print report
• Bug Fix: Supply Chain Risk parent ID is no longer nullable
• Bug Fix: If same parent type (i.e. nested security plans), child controls now render correctly
• Validation: Refactored for Security Plans

Added

• Base image changed to Linux Alpine for smaller size and improved security
• UUIDs added to all modules to improve machine to machine data interchange
• Added navigation to app menu to view My Activity in a slide out panel
• Added user “baseball cards” to display contact info for any user selected
• Added validation for all environmental variables on startup. Now throws errors in the container logs when validation fails.

Changed

• Applied phone masks for improved formatting
• Fixed duplicate IDs on HTML tags on the Catalog
• Fixed print error on security controls
• Assessments can now be added to assets
• Bug Fix: Can no longer view dashboard when module is disabled in setup
• Bug Fix: Can no longer ‘Add Child’ records when module is disabled in setup

Added

• Improved logging
• Added functionality to hard reset the admin password with an environment variable and restarting the app
• OSCAL SSP Import
• Added Stakeholders subsystem
• All Home Page Dashboards completed
• Added System Owner to the Security Plan Module
• @Mention feature implemented for notifications (Comments Subsystem, Workflow, and News Feed)
• Added Policy Status Board
• Added Control Weight to Security Controls (used for risk calculations and DFARS Self-Assessments)
• Email Viewer
• Added Export for Security Plans and Control Implementations – used for external integrations
• Can now “opt in” to receive email notifications
• Notifications now issued for new record assignments (within Atlasity and via email if “opted in”)
• Added “Slide out” feature to preview the parent record
• Base image changed to Linux Alpine for smaller size and improved security
• UUIDs added to all modules to improve machine to machine data interchange
• Added navigation to app menu to view My Activity in a slide out panel
• Added user “baseball cards” to display contact info for any user selected

Changed

• Bug Fix: No longer shows option to add a Control Implementation to the Security Plan using the Add Child button (must use the builder)
• Refactored Security Plan report to allow for more customization in reporting
• Can now delete comments
• Improved signaling on navigation links
• FIPS and System Type and now configurable as Metadata
• Refactored notification system UI for performance
• Group manager now displays a default of 25 records
• Fixed email viewer bug, now displays all sent emails correctly
• Fixed bug for ‘Create New’ on Supply Chain Status Board
• Date Last Assessed and Last Assessment Result are now labels – must be set via assessment
• NIST 800-171 now available as a catalog
• Increased length of security control titles
• Changed the cursor on the navigation tab
• Added more discrete validation to the tenant configuration form
• Fixed blank password bug for email configuration
• Improved validation for AD/LDAP settings
• Bug Fix: Exception lookup now working correctly
• Add Child button now hidden until a module is selected
• Cleaned up divider lines based on permissions in the Navigation bar
• All logins now redirect to the workbench as the standard home page
• Bug Fix: System Owner now displays properly in the list view
• Added ability to enable/disable email SSL by tenant
• Applied phone masks for improved formatting

Added

• OSCAL Security Plan Export
• Performance Tuning – Lazy Loading in Angular, Bundle Size Optimization
• Added Cypress Front End Testing (rebased with testing branch)
• MITRE Heimdall Integration for Assessment
• Added Help system for all modules
• Metadata seeding re-factored for each module
• Refactored global admin workflow
• Control owner visualization for security plans
• Added the Maintainer role
• Users default to activated
• Facility Status Board now handles offline gracefully

Changed

• Added ability to show/hide CMMC fields based on Admin Config
• Fixed bug where Atlasity would not accept complex email addresses with multiple periods
• Bug Fix: Fixed route on creating a new user
• Added “Last Assessment Result” graph to the Security Plan Visualizer
• Bug Fix: Recurring assessment route fixed
• Bug Fix: Fixed “Create New” route for projects
• Bug Fix: Cause codes now load defaults on new installations
• Bug Fix: Supply Chain picklists now configurable
• Bug Fix: License now displays properly when not logged in
• Bug Fix: Fixed date validation errors from the testing harness
• Bug Fix: User profile system bug fixed, can now upload photos
• Cache now clears on logout and when adding a user
• SMTP Email Password is no longer required (for non-authenticated use cases)
• Bug Fix: Notification count reset to zero on logout
• Bug Fix: Non-admins can now access their User Profile

Added

• Added Supply Chain Module
• New landing page with dashboards
• Custom fields can now be ordered via drag and drop
• Angular 10 upgrade
• FontAwesome now installed locally v/s CDN include
• Calendar now supports Angular 10
• Facility Status Board MVP 1

Changed

• Added currency formatting to the Project input controls
• Renamed Atlasity export files
• Workbench component now properly named
• Fixed bug on AD sync
• Added Post-Incident Evaluation field to the Incident Response module
• Email alerts now indicate that it was sent to you
• Hides ID field on Security Control Implementations
• Refactored Facility Status Board for efficiency

Added

• Added support for email CC
• Activew user toggle added for the user list
• Fixed max filesize setting on Startup
• Fixed bug on test email, made code more resilient
• Help/Support now points to Atlasity.io
• Added the Facilities module to the Admin panel
• Printable reports now have clickable headers
• Added causal analysis module
• Added event module for timeline
• Custom fields are editable

Changed

• User search now shows by default
• File size limit now in MBs
• Admin email now updates when saving a new email in the Admin panel
• Cache now refreshes when new user is created or AD is synced
• Improved security of account creation when doing an AD/LDAP sync
• Facilities added to all forms/searches
• ListView buttons are always formatted on the right now
• Fixed ‘Setup’ link for non-Enterprise installs
• Required fields properly marked on the user form
• Email now saves to the database before sending and throws error prompt when it has issues sending
• Many multi-tenant user flow bug fixes
• Fixed routes to profiles and catalogs (no longer have to be an administrator to view)
• Domain stored locally to reduce API traffic
• Fixed back icon on Control Implementation form
• Domain name now adds ‘/’ character to the end if not provided
• Link to CMMC added throughout security plans
• Save button now disabled until Save events complete (prevents multiple saves of the same record when clicking quickly)
• Facility name must now be unique for a given tenant
• Added test button for Slack/Teams
• Prevents duplicate cause codes
• Added cause type to causal analysis
• Fixed bug when copying security plans
• Auto-adds controls to plan using Security Plan builder without having to click an add button
• Added link icon to compliance navigator
• Removed Apparent Cause and minor UI tweaks
• Email configuration labels and validation improved

Added

• Custom Reporting and Dynamic Searching
• Expanded test coverage and integrated with CI/CD
• ELK stack expanded for enterprise monitoring and reporting
• User-defined fields implemented
• Added Email GUI
• Rebranded to ATLASITY
• App configuration now driven by license key
• Licensing info now displayed for global admin users
• FSSC Catalog import functional
• One step import/export now for a catalog and all child controls
• Custom fields are now tenant specific
• Added test button for SMTP email configuration
• Service Account now displays the current token
• Tooltips and instructions now provided on the AD/LDAP admin panel
• Custom fields now allows a choice list
• AD/LDAP now allows test/sync on the Admin panel, searches nested accounts

Changed

• IAM flow improved along with UI
• Fixed various security authorization bugs
• Fixed email bug in the ATLAS container
• Fixed various container deployment bugs and improved documentation
• Fixed bugs in the build process, sped up build times significantly
• My Activity moved under user profile and user form for Admins
• Calendar now graphs assessments across days
• Worked through Sonarqube bug fixes and Angular build bug fixes
• Removed cyber specific fields where possible (can add via Custom Fields for a customer)
• Fixed validation errors where form was not resetting
• Fixed bugs on workbench and adding items, moved config to a service
• Various multi-tenancy fixes
• Recurring bug fix – bi-annually now calculates correctly
• Custom fields now hidden for Community Edition
• Clearing security controls no longer throws an error toast message (warning instead)
• Fixed AD/LDAP bug on login
• Logout now in red and moved to bottom to be easier to find
• Create security plan now shows a spinner while building the plan with controls
• Fixed registration bug for users

Added

• Tenant and User services now cache results to improve performance
• Combined IAM modules into one config panel and re-factored
• Custom monitoring solution for K8s, APM, SQL Server, and Containers built using ELK
• Refactored user group by queries – improving query performance

Changed

• Fixed password reset bug
• Added show/hide fields to all password fields (default hides)
• Refactored service accounts for multi-tenancy
• Files are now searchable/sortable and show the MD5 hash
• Bug Fix – News Feed and My Activity filters now work for over time visualization
• Bug Fix – URL now updates after saving a record, fixing issues with the Back button

Added

• Created Admin panel for configuration
• Enabled AD/LDAP authentication
• Added deploy instructions for catalogues
• Added AES-256 encryption for secrets in the DB
• Added Group Management functionality for users
• Added System Integration tests with Cucumber/Selenium
• Angular now caches lookup fields
• Added ability to create and manage User Groups

Changed

• Updated deployment instructions for persistent storage on local installs
• Bug fixes on redirects after Catalogues and Security Plans are built
• Sorted/updated regulations on the Splash page
• Removed workflow trigger from new forms
• Made max number of file uploads configurable
• Can now enable/disable Microsoft Teams, Slack, and AD/LDAP authentication
• Bug Fix: Only activated users show in the user list

Added

• CMMC fully implemented
• Avatars now stored in the DB
• Workflow now supports drag and drop
• Added Print/Email capability for Catalogues and Security Controls
• Added ability to mount storage in K8s for file storage
• Catalogues now allow for JSON import and export
• Angular Unit Testing
• Added LGPL license to ATLAS
• Added Compliance Status Board for Security Plans
• Added Slack and Microsoft Teams integration
• Added multi-tenancy

Changed

• Minor icon bug fixes on the News Feed
• Re-factored dashboards to use the list view
• Add CMMC filters to security plans and control implementations
• Tuned SonarQube rules to filter out false positives
• Allows multiple file uploads
• Shows counter for number of catalogues on the Splash page
• Added C# unit tests and new folder structure
• Fixed bugs and legacy alerts
• Can now tie issues to assets

Added

• Basic workflow system engine
• Re-factored News Feed, comments on the news now flow down to the record
• Update API for Links
• Replaced all Alerts with Toasts for a modern UI experience
• Security Plan Builder Wizard implemented
• Pipelines updated and SendGrid bug fixed
• Upgrade to .NET Core 3.1
• Added the DoD CMMC into ATLAS

Changed

• Deletions via API now remove all child/related objects
• Improved form validation across all modules
• Removed version history, moved to the change log
• Improvements to file upload
• Replace Feather icons with Font Awesome – reduced build size
• Metadata manager now hides modules with no fields to customize
• File upload now throws an error if no file provided
• Cleaned up instructions for recurring records

Added

• Added search capability to all subsystem tabs
• Added a list view for security control implementations
• Added Kubernetes configuration files for ease of automated deployments
• Built Windows DEV environment
• Added GUI for creating service accounts
• Added loading spinners
• Added profile owner to security profiles
• CI/CD now handles DB changes
• Added search to history
• Added logic to “Show/Hide” the Show More button on the News Feed and My Activity
• Added URL encoding to search
• Added end of life, status, and purchase date to Assets

Changed

• New navigation system implemented
• Performance improvments for the navigation system
• Removed legacy breadcrumb system
• Removed sensitive user data from API calls
• Fixed bug on “add child” wizard in the navigation system
• Fixed Docker build error with new Angular update

Added

• Added error checking on all forms for ‘Record Not Found’
• Added a requirements module
• Created a wizard interface for building security plans
• Created a wizard interface for managing compliance requirements
• Added a view of all implementations for a given control
• Added event type filter to the News Feed
• Added Select All and Remove All buttons to the security profile
• Added toggle to show/hide search filters on the list view

Changed

• Multiple data validation bug fixes
• Re-factored assessment API to support automated DevOps testing
• Re-factored UX for all forms
• Improved formatting of the Splash page
• Improved density of the UI on all subsystem tabs

Added

• All APIs compliant with Swagger/OpenAPI format
• Added initial Swagger API documentation page
• All APIs have Swagger documentation
• Added recurring assessment feature
• Added recurring data call feature
• Added recurring task feature
• Comments are now integrated with the News Feed and History
• File upload/download is now integrated with the News Feed and History
• Links are now integrated with the News Feed and History
• Added Swagger documentation to the ATLAS models
• Added High Value Asset toggle to the Security Plan module
• Required fields are now marked on the forms
• Added Refresh button to the News Feed
• Added catalogue to the News Feed and My Activity
• CSA CCM controls uploaded
• Assessments auto-update control implementations
• Added control implementation details to the dashboards

Changed

• Fixed workflow step bug on the News Feed
• Fixed bug with blank avatars on the News Feed
• Fixed issues on the Catalogue Form
• Updated the Security Controls data model
• Security profile refactoring
• My Activity now shows unique records
• Refactored the Workbench UI
• Updated Splash page – compliance frameworks + Star Wars

Added

• Added click-through license agreement
• Added printer dialogue button
• Added validation to the RBAC manager

Changed

• Fixed checkbox indent
• Made blob storage private – validated encryption of files and privacy of URLs

Added

• Added email notification for new account creation
• Added a password reset feature
• Improved validation for login processes
• Added support for Markdown files in ATLAS
• Added initial Help system with Markdown support
• Added progress bar, totals, and legend to the calendar

Changed

• Upgraded to Angular 8
• Fixed NPM package vulnerabilities

Added

• Tested new navigation menu on mobile, Mac, and Windows
• Added a warning banner for ALPHA testing
• Enhanced data validation logic across all modules
• Improved formatting of date picker controls

Changed

• Moved all navigation to the top to allow more screen real-estate on small screens
• Fixed navigation bug on mobile with dropdown menus
• Fixed login/logout flow
• Fixed status check logic for tasks
• Removed max/min controls
• Fixed a rare show/hide bug in the navigator

Added

Changed

• Fixed card height issues on the splash screen
• Fixed login/logout issues with showing/hiding content

Added

• Added data validation to new user account creation
• Added vanity URL for the RegScale sandbox: sandbox.regscale.com
• Added default image

Changed

• Fixed width issues on mobile platforms for logins
• Improved password management features on new user creation
• Fixed data validation when updating the user profile
• Updated format of the unauthorized access page and footer

Added

Changed

• Updated readme.md file to better describe the modules and build process
• Various fixes to improve support on Windows (IE and Edge)
• Disabled service worker code (throwing errors and not being used right now)
• Removed xlsexport, incompatible with latest Angular framework
• Fixed duplicate tags on the home page
• Fixed logic on login/logout/user creation