Version 2.13.00

This is a major release to add features as well as fix bugs and update any DISA templates.

Added additional compliance frameworks such as CMMC to the listing by default for system packages
Added a cyber compliance framework structure for any framework to be added and used
Add your own custom controls and control families, custom frameworks, and custom CCIs for tracking cyber compliance
Added a Manage Frameworks area for Administrators
Added a way to load and reload default frameworks
Added Notifications to the Team Subpackage dashboard filtered just for that team subpackage
Added False Positive and Misleading fields to the POAM for internal tracking purposes
Added a Predisposing Conditions field to the bulk POAM screen
Added the Milestone field on the Team Subpackage bulk POAM edit screen
Added a Team Subpackage Hardware report similar to the System Package Hardware Report
Added reports to track frameworks and controls, compare controls, and compare CCIs across cyber compliance frameworks
Added default classification / handling restriction information to be used for all downloads/exports in a system package
Added a setting to mask IP addresses or not use masking at all to hide the first or second octet in the address per system package
Added the Created and Updated dates to the “All Data POAM export”
Added the ability to upload overlays from an XLSX file for ease of use
Added the ability to export / upload tailored controls from an XLSX file for ease of use
Added several areas of external APIs around frameworks, POAM, reports, software, hardware, and more
Updated the bulk POAM editing to allow selecting multiple canned mitigation statements to be set
Updated the ServiceNOW settings for integration to specify the table to use for tasks, default is incident
Updated patch vulnerabilities from Nessus/ACAS, use the report host if the hostname is not filled in
Updated the Security Assessment Report (SAR) to show compliance data status by controls when exported
Updated Custom Checklists to use the new CCI listing from the framework additions
Updated the tracking of checklists coming from Audit Compliance Scans to show what Scan Name they came from when uploaded
Updated the generic patch vulnerability structure to track MAC addresses along with IP addresses
Updated all filter popups to have a Reset button for consistency
Updated the PPTX summary download to show the newer framework structures
Updated system package settings to temporarily disable POAM tracking when desired
Updated the compliance statement import to allow our internal export to import successfully as formatted
Refactored internal components throughout for better speed and memory usage
Fixed a bug in the POAM tracking of checklists after a hostname changes
Fixed a bug in the POAM creation and tracking for a checklist without a hostname
Fixed a bug in the POAM that did not add every security control to each POAM listing, just from the first CCI for that vulnerability
Fixed a bug that was still reaching out to fonts on google.com to download them
Fixed a bug on custom checklist names to only use characters when creating the STIG ID prefixes
Fixed a bug showing valid updates on older license/key but the page refresh shows the license does not work (date validation)
Fixed a bug where the themes were not automatically loaded on installation properly
Fixed a bug where the Manage System Packages page for administrators was not ordering the date field correctly
Fixed a bug where the statements, checklists and CCIs of inherited controls would not show up properly under details
Updated the CCI listing as of September 5, 2025 from DISA public.cyber.mil
DISA Template updates as of September 5, 2025 from DISA public.cyber.mil
Updated the listing of RMF and FedRAMP controls for NIST 800-53 revision 5
Updated the FedRAMP required controls for High, Moderate, Low and LI-SaaS per FedRAMP documentation
Updated various infrastructure components for features and vulnerability fixes