Version 2.13.01

This is a patch release to provide much more secure software images using RapidFort’s software for curated images and tracking. It also includes a few bug fixes, a few features, updated online help, and any DISA templates.

Reduced the total CVEs in images and image scans using RapidFort curated images – see scan results for total numbers in the software repository for this release
Added a new Framework Administrator role for managing frameworks and for use via the external API calls
Added a report for showing all frameworks that share a control or CCI with the reporting framework
Added an XLSX export on the system package checklist history listing
Added a report to compare a system package’s required CCIs to other framework default CCI listings
Added a new API call for system package compliance percent by family
Added the Linked POAM Id to the POAM details listing to show any linked Id to eMASS, XACTA, or other program of record Id
Allow RapidFort image scan JSON files to be imported to track vulnerabilities on images / containers natively
Updated the CCIs across Frameworks report to show the actual controls in the frameworks sharing a CCI
Updated the Template listing to show vulnerabilities similar to the system package checklist listing
Updated the framework control CCI listing to update the table to show what level you are showing (if any)
Updated the patch vulnerability file uploads to allow updating the Operating System field on the hardware record
Updated the Other Technology data views to disable showing Info status by default to lessen data clutter
Reworked the Tailoring and Overlays screens to make it simpler to use across frameworks
Reorganized the Overlay screen to remove confusing buttons and simplify the process of uploading and downloading lists of controls
Fixed spelling mistakes in the online help
Fixed a bug in the POAM bulk edit of not clearing the Tag field and resetting it after use
Fixed an error in the XLSX file for exporting cyber readiness when you are including Other Technology Vulnerabilities
Fixed a bug on the Application Settings page that would not show the current consent text
Fixed a bug on CKLB files not always recognizing the version of the file based on the scanner that created it
Fixed a bug on uploading CKL or CKLB files to the Organization Template for boilerplate checklist templates so it recognizes the base level checklist being used
Fixed a bug on POAM individual edit that did not list the proper controls for the given framework of the POAM
Fixed a bug when marking all notifications as “Read” that was missing system-wide notifications
Fixed showing create buttons on default framework listings that cannot have added controls and CCIs
Fixed spelling of INFORMATION on three NIST 800-53 control titles
Fixed the timeout on the web screens for uploading templates
Fixed a bug on uploading compliance statements listing to use the formatted control number regardless of framework being used
Fixed a parsing error on the CKLB files that the DISA SCC tool creates that have slightly different format than Evaluate-STIG CKLB
Fixed the export of compliance statements to XML to use the new framework format of controls and CCIs
Fixed a problem mapping checklists and SCAP XML files when going back-and-forth uploading the types to keep checklist data updated
Fixed a bug on the popup window when adding a large number of checklists or devices on Team Subpackages where you had to press the Tab key to find the Close button
Fixed a bug on the Host Scan Dashboard to stop the patch by percentage loader if no patch data is present to display
Updated the online help for Tailoring, Overlays, and Team Subpackages to show updates to those features
Updated the CCI listing as of September 22, 2025 from DISA public.cyber.mil
DISA Template updates as of November 4, 2025 from DISA public.cyber.mil