Product Updates
We’re constantly working to make compliance even easier. See what we’ve launched recently.
Use trust to accelerate growth
Request a demoOctober 2024
New features & updates
Custom Automated Tests
Create tailored automated tests against integration data and automate more of your security and compliance processes. Companies with unique systems, processes, or compliance requirements can now create custom automated tests against cloud resources for AWS, Azure, Google Cloud Platform, and DigitalOcean integrations.
- Search resources: Search for any cloud resource in your environment.
- Set test scope: Specify exactly which resources or subset of resources should be included or excluded from tests, ensuring more accurate results.
- Set evaluation criteria: Specify the conditions in which resources returned by the query should pass or fail
- Publish new tests: Leverage the data already integrated into Secureframe to build custom tests that address your unique compliance requirements.
- Edit tests: At any time, you can tweak the logic of published CAT tests as your compliance and security needs evolve.
Support for CMMC Level 1
Our CMMC offering is now split into separate frameworks for CMMC 2.0 Level 1 and CMMC 2.0 Level 2, making it faster and easier for companies to view and comply with Level 1 requirements.
Integration connection form improvements
Connection forms for the AWS, Azure, GCP, Azure DevOps, and GitLab integrations now include step by step instructions, with guided walkthrough videos available in-app, making it easier than ever for users to successfully connect these integrations.
SecurityScorecard Integration
Introducing a new widget that displays your company’s SecurityScorecard rating for free. Users can also click into the widget to view additional details.
Vendor risk assessment and vendor portal bulk upload support
Users can upload multiple documents simultaneously when conducting a vendor risk assessment, or while uploading docs to the portal.
NDA acceptance UI improvements
Users can now see a pdf preview of non-disclosure agreements prior to acceptance. Document downloads are disabled when the Trust Center is in the unpublished state.
Risk level tab now accessible in vendor reviews
Users can now see the risk level tab during a vendor review.
Task support available for standard VRM
Customers using Standard VRM can now use the task functionality.
Bulk assign categories and departments to vendors
Now, in addition to bulk assigning tags, users can bulk assign categories and departments to vendors.
Ability to view excluded child connections
Customers on AWS, Azure, and Google Cloud Platform can now view which child connections were excluded during the initial connection setup after-the-fact.
Reset policy acceptances
Admins can now reset policy acceptances for personnel directly from the Secureframe app.
Error messaging improvements
New alert banners will direct users from the Tests page to the Integrations page for disconnect and sync errors for our AWS, Azure, and Google Cloud Platform integrations, and an alert banner will be displayed on the home dashboard for disconnect errors. New information will also be available in the integrations table, including last sync status and error description, making it easier for users to understand and fix any integration issues.
September 2024
New features & updates
Vendor Portal
Effortlessly manage your third-party security assessments with the new Vendor Portal. Easily send out security questionnaires to vendors, request updated compliance documentation, and track responses in one place. This feature simplifies vendor reviews, helping you stay compliant and reduce risks with less manual effort. For more details, check out our Help Center article here.
AWS, Azure, and Google Cloud Platform integration enhancements
When refreshing an individual test, only resources specific to that test will sync, drastically reducing integration sync times to just minutes and speeding up workflows for faster results.
Linear integration now supports bi-directional syncing
With improved bi-directional syncing, tasks completed in Linear or Secureframe now automatically update in both systems. Sync Linear tasks to Secureframe and easily track compliance across incidents, nonconformities, vulnerabilities, system changes, and user access based on SLAs.
Faster framework provisioning
New frameworks can now be added to your Secureframe instance up to 5x faster, with provisioning running in the background, allowing users to multitask without disruption.
Additional Trust Center customization
Users can now add document-specific rejection reasons to add context on a per document basis, as well as customize a generic, non-document specific message, making communications clearer and more tailored to their needs.
Improved access permissions for Auditor role
Previously, the default auditor role limited access to Policies and the Data Room. We’ve extended Auditor role permissions to provide view-only access to additional data, including tests, controls, policies, and asset inventories, allowing auditors to more efficiently perform customer audits within the platform. The Auditor role does not include the Company Onboarding permission.
August 2024
New features & updates
Support for TISAX Framework
TISAX (Trusted Information Security Assessment Exchange) is a European standard specifically designed for the automotive industry. It is essential for companies, including suppliers and service providers, that handle sensitive automotive information. TISAX ensures that these companies meet rigorous data protection and information security standards, thereby maintaining the security of critical automotive data throughout the supply chain.
Security Questionnaires Generative Model Upgrade
A new model version introduces significant scaling and speed enhancements, allowing questionnaires with more than a thousand questions and hundreds of rephrased answers to be processed quickly.
Control Overrides
Users can now manually set the health status of controls. This functionality is designed to offer more flexibility in evaluating the status of controls and setting them in the platform. Whether you need to designate a control that is partially implemented as failing or need to manually pass a control, this puts the power in the hands of the user doing the control reviews.
Trust Center Enhancements
- Customize your logo and URL: Users can now link their Trust Center logo to their website. A new section in the site designer called “App bar” allows you to edit your logo, the URL it points to, and customize the logo image description.
- Custom domain fixes: It’s now easier to update and delete a custom domain as well as your secureframetrust.com subdomain
Third-Party Risk Management Improvements
- The review status column on the main vendors page now displays the individual vendor’s review status, rather than the parent review container status
- A new response field for Findings in Third-Party Risk Management reviews allow you to document remediation plans
- A Documents column has been added to the main vendors page and can be toggled on from the table column selector
- Users can now edit schedules and templates in bulk from a single modal
- Users can now directly edit the “Last reviewed at” date for a vendor if they haven’t yet completed a review in Secureframe
- Parent reviews will now automatically complete when all child reviews are completed
July 2024
New features & updates
Support for TX-RAMP
Secureframe now supports TX-RAMP. TX-RAMP (Texas Risk and Authorization Management Program) is a framework that standardizes the risk management and authorization process for cloud services used by Texas state agencies, universities, and other institutions. Organizations need to comply with TX-RAMP to ensure they meet the state’s security and privacy requirements, facilitating secure and efficient cloud service usage within the public sector. There are 2 levels to this framework and we support both levels.
Secureframe Zapier Application for Trust Center
Customers can now streamline their Trust Center document request management with Secureframe’s new Zapier application. This integration allows organizations to create custom rules and automate Trust Center document requests and notifications seamlessly, reducing the time and effort spent on managing these processes.
- Set up custom rules like a check in Salesforce or Hubspot to automatically approve documents for certain contacts (like existing customers)
- Set up Slack notifications so your team is notified on new requests in real-time
Integration with ClickUp
1) Task and Notifications: ClickUp can now be used as a task destination. Tasks closed out in ClickUp will automatically close out in secureframe on next sync. Tasks closed out in Secureframe will automatically close out in ClickUp.
2) Compliance Testing: Sync ClickUp tasks to Secureframe and track compliance for access changes, vulnerabilities, nonconformities, incidents, and system changes based on SLAs
Trust Center Updated View Option
Choose to see compliance, resources, and sub-processors sections in either a list or grid view. The list view is better for scrolling through large amounts of content, while the grid view offers a more visual layout. A "View All" option appears for sections with 10 or more items, leading to a detailed page with a full list of searchable content.
Ability to Bulk-Import Subprocessors
If using the updated third-party risk management experience, you can now import sub-processors directly from your vendor list in Secureframe, saving time by automatically including vendor names, descriptions, and logos. You can also update or swap logos and modify vendor details within the Secureframe app. Adding sub-processors from vendors in Comply saves time during Trust Center setup.
Github Updates
Users can now opt out of syncing public repos. Often times, public repos are not in audit scope and/o customers do not have control over the types of checks that run on these repos. This feature provides customers with enhanced integration setup flexibility.
Updates to Automatic Invites and Manual Invites
Admins can now control specific groups that they send automatic onboarding invitations to. We’ve also updated the styling on the manual invites table to match other tables in our platform. This functionality allows our customers to customize the onboarding to only those that need access to our platform.
June 2024
New features & updates
Support for SOX ITGC
Secureframe now supports SOX ITGC. SOX ITGC refers to the Information Technology General Controls under the Sarbanes-Oxley Act, which are internal controls IT departments must implement to support the integrity of financial reporting. Secureframe helps customers set up policies and procedures required to meet SOX ITGC requirements, collects evidence against SOX ITGC compliance, and maintains continuous compliance with continuous control monitoring. Read more about SOX ITGC in the blog here.
Track custom controls in Trust Center monitoring
Users can now add any control from any framework in the Monitoring section in Trust Center and customize the display language. Learn more in the help article and walkthrough.
May 2024
New features & updates
Framework Scoping
Now customers can link frameworks to segregated environments to tag assets and personnel to specific compliance frameworks like SOC 2, PCI, and HIPAA, so compliance efforts are focused on the relevant areas of business that directly impact the organization’s compliance posture.
Customers can:
- filter out assets that have no compliance relevance or chance of compliance evidence
- assign assets to the right product scope
- exclude assets from reports
Learn more in the Help Center here.
Integration with Bitwarden
We now offer an integration with Bitwarden via tests specific to Bitwarden for organizations that use it as part of their tech stack.
Integration with Figma
We now offer an integration with Figma via tests specific to Figma for organizations that use it as part of their tech stack.
Integration with FactorialHR
We now offer an integration with Factorial whereby we support syncing user information from the FactorialHR system.
Comments on Controls
Users now have the ability to add comments to controls in Secureframe for better communication and collaboration between users in an organization.
Support for ISO 27017
We now offer support for ISO 27017. ISO 27017 is crucial for enhancing cloud security by offering specific controls and guidelines tailored for cloud services. While similar to ISO 27001 in terms of overlap of requirements and controls, ISO 27001 provides a general framework for information security management across any environment, while ISO 27017 focuses specifically on cloud computing environments.
April 2024
New features & updates
Enhancements to Questionnaire Automation and Trust AI
This month we've made huge enhancements to our ML-powered Questionnaire Automation, including:
- an improved answer verification step - you can now verify your answers with suggested answers from Generative AI (Trust AI), control and test information pulled from Secureframe Comply, policies, and your Knowledge Base
- the ability to attach evidence or policies in the answer verification screen as images or files
- the ability to download completed questionnaires or RFPs as a zip file including all documents, attachments, and policies
Read more about the Questionnaire Automation enhancements here, and read more about Trust AI here.
Hard Deleting Evidence from Upload Tests
Users can now hard delete evidence that was accidentally uploaded to upload tests.
Updates to Evidence
Customers now have the ability to use URLs as evidence instead of just files, for more flexibility and convenience. They also now have the ability to add comments or findings to evidence uploaded. Evidence with findings will not pass the upload test.
Tags on Tests and Controls
Users now have the ability to add tags to tests and controls, and filter for those tests/controls by these tags. Customers benefit from improved organization and visibility, efficient searching and filtering, and easier reporting.
Integration with SimpleMDM
We now offer an integration with SimpleMDM via tests specific to SimpleMDM for organizations that use it as part of their tech stack.
Integration with Salesforce
We now offer an integration with Salesforce via tests specific to Salesforce for organizations that use it as part of their tech stack.
Updates to the Integration Page
Users can now see tests and controls related to an integration, as well as the permissions and data pulled for an integration prior to connecting it for more context on our integrations.
Multiple File Evidence Uploads
Customers can create multiple uploads with one click - this feature reduces time to compliance by simplifying the upload process for multiple files in a single test.
Integration with FusionAuth
We now offer an integration with FusionAuth via tests specific to FusionAuth for organizations that use it as part of their tech stack.
March 2024
New features & updates
New Trust Center Site Designer
Secureframe Trust Center Site Designer has undergone a significant overhaul to enhance user experience and customization capabilities. These enhancements include:
- Default Trust Center Upgrade: Streamlined design and additional customizability features.
- Flexible Editing: Real-time preview and seamless interaction with elements.
- Robust Customization: Easily create custom HTML sections and override any aspect of your layout with a global CSS stylesheet to match your Trust Center to your brand.
- Section Control: Intuitive panel features for easy section management.
- Centralized Monitoring: Consolidated security controls for monitoring in one place.
- Detailed Fields: 'Purpose' and 'Location' fields for comprehensive subprocessor details.
- Seamless Deployment: Configure, preview, and publish effortlessly to a custom domain.
Learn more about the new capabilities in the blog.
Support for NIS2 Framework
Secureframe now supports NIS2, an updated EU directive aimed at enhancing cybersecurity across all member states by improving national capabilities, cooperation, and risk management practices among key sectors and digital service providers. NIS 2 will go into effect in October 2024, and will apply to many European countries across industries and sectors.
Support for Essential Eight
Secureframe now provides support for customers looking to achieve compliance with Essential Eight. The Essential Eight is a set of cybersecurity strategies recommended by the Australian Cyber Security Centre (ACSC) to help organizations mitigate cyber threats and protect their systems against a range of cyber attacks.
Integration with SentinelOne
Secureframe now offers an integration with SentinelOne for orgs that use it as part of their tech stack. SentinelOne provides cybersecurity solutions by using artificial intelligence to automatically prevent, detect, and respond to cyber threats in real time.
Updates to the Controls table for bulk actions
The Controls table has been updated with new styling and a bulk actions bar for ease of use and time-savings.
Updates to the Personnel table for filtering
The personnel table updated with new operators, allowing users to single select vs. multi-select based on operator chosen. This update provides consistency with the table filtering experience in other parts of the app.
February 2024
New features & updates
ISO 9001 Framework Added
Secureframe now supports ISO 9001, a quality management framework. ISO 9001 is an internationally recognized standard that helps organizations provide customers with consistent, good-quality products and/or services.
Organizations can save time obtaining and maintaining ISO 9001 by leveraging Secureframe's Policy Management and Risk Management tools. We created policy templates for ISO 9001, including a QMS manual and a quality policy, and our Risk Management features make it easy for users to manage and monitor internal and external risks that may affect conformity of products and services.
Learn more about ISO 9001 in our blog.
PCI 4.0 Updates
Secureframe now supports the latest version of the Payment Card Industry Data Security Standard, PCI DSS 4.0. PCI DSS version 4.0 goes into effect on March 31, 2024. Any report on compliance (ROC) or self assessment questionnaire (SAQ) must be completed against the PCI DSS 4.0 standard following this date. Changes to PCI DSS include: enhanced testing requirements and control structure, introduction of risk analysis, documentation of roles and responsibilities, and a required scoping exercise.
Tickets Table
Users will now see an Asset Inventory > Tickets table, updated with new styling, that shows Jira tickets synced to Secureframe. This new table will provide better visibility for users to be able to monitor Jira tickets for tests related to access management, change management, vulnerability management, and more.
Integration with Duo
Secureframe now offers tests specific to Duo for orgs that use it as part of their tech stack. Duo is a popular 2FA solution that helps organizations boost security by verifying user identity, establishing device trust, and providing a secure connection to company networks and applications.
Integration with Crowdstrike
Secureframe now offers tests specific to Crowdstrike for orgs that use it as part of their tech stack. Crowdstrike is a popular EDR vendor that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.
Integration with LaunchDarkly
Secureframe now offers tests specific to LaunchDarkly for orgs that use it as part of their tech stack. LaunchDarkly is a SaaS platform for developers to manage feature flags/toggles and test code in production.
January 2024
New features & updates
Enhancements to the Personnel Page
Personnel Status Column: users can go into the Personnel table and now see a new “Status” column which shows which personnel still have any outstanding tasks they need to complete. You can also easily filter the columns in the table to just show the columns relevant to those outstanding tasks.
New Editable Personnel Fields: Users can now edit attributes on a personnel directly through the Personnel details page instead of having to upload a csv.
Group Import Support
Secureframe now supports group imports for use in product, in personnel settings. Now, users can import groups from the following integrations: Google Workspace, O365, MS Entra ID (Azure AD), and Okta. This update helps users to achieve faster workflows and easier group management.
Added Support for CPRA
The California Consumer Privacy Act (CCPA) has recently been amended by the California Privacy Rights Act (CPRA), expanding the scope of privacy requirements. To help you meet these new requirements, we launched support for CPRA which includes additional tests and controls to satisfy the new requirements. Anyone looking to leverage Secureframe to maintain CCPA will also get access to the CPRA tests and controls.
Rippling MDM Support
Secureframe now supports group imports for use in product, in personnel settings. Now, users can import groups from the following integrations: Google Workspace, O365, MS Entra ID (Azure AD), and Okta. This update helps users to achieve faster workflows and easier group management.
December 2023
New features & updates
New Frameworks: FTC Safeguards Rule, NYDFS NYCRR 500, and Cyber Essentials
We introduced support for three new frameworks on our platform: FTC Safeguards Rule, NYDFS NYCRR 500, and Cyber Essentials. Each new framework includes control mapping to framework requirements, automated tests that collect compliance evidence from integrated technologies, and built-in Secureframe tasks such as policy management as required by each framework.
Test Details and Asset Details Updates
We are empowering our users with enhanced visibility, allowing you to diagnose the root cause of a failing test with greater precision and efficiency. Seamlessly access and analyze both test evidence details and asset information for cloud resources and devices.
Within the test evidence tab, you'll find advanced filtering options for assets associated with a test, categorized by their status: failing, passing, or ignored. Dive deeper by selecting an individual asset to reveal comprehensive details. Clicking on 'full asset details' seamlessly directs you to the asset inventory, where you can see relevant information, modify asset ownership, and inspect JSON evidence for cloud resources. This is the first step in better enabling you to fix failing controls as efficiently as possible.
Connection Labels for Devices
We now show the device connection source in the device inventory, allowing customers to more easily identify the source of devices when they have multiple connections with the same MDM vendor.
Cloud Resources Table Update with Bulk Bar
The Assets > Cloud Resources table has been updated with new styling and the bulk actions bar for better use of use, time-savings, and consistency. This update makes bulk actions easier than before.
Update to Deel Integration
Secureframe's integration with Deel is now automated via API, so customers no longer have to wait for the connection to occur.
Kolide Enhancements
Secureframe now pulls in HD encryption for Linux devices.
November 2023
New features & updates
Secureframe API
We recently introduced Secureframe API - so customers can use a REST API to programmatically write and read data, to and from Secureframe. Now, users can integrate with and pull evidence from any tool or service – whether it’s your cloud-based applications or your local systems – beyond our 200+ native integrations. Read more about Secureframe API in this blog.
Quantitative Risk Assessment for Enhanced Risk Management
We have expanded our Enhanced Risk Management offering to include quantitative risk assessment using the Annualized Loss Expectancy Methodology. This methodology delivers a more precise understanding of a risk in terms of financial loss.
New Risk Management Capabilities
This month we introduced more features and capabilities to the Risk Management solutions so you can save time, streamline tasks, and improve collaboration. All customers can now benefit from the following:
- Flexible CSV uploads: You can easily upload your risk register to Secureframe without any pre-work. Our flexible CSV uploader provides an intuitive workflow that allows you to import your existing risk register into Secureframe without taking time to format it based on our templates.
- Document attachments: You can now attach documents related to a risk during the risk assessment workflow. For example, you may attach proof of cyber liability insurance for a risk you chose "Transfer" as its treatment.
- Tasks and notifications: You can now create risk management tasks in the Secureframe platform with the option to send notifications via a preferred notification delivery method – email, Jira, or Slack.
- View and delete archived risks: You can now view and track archived risks and hard delete a risk from the archives, such as if a risk was added by accident or is a duplicate. All hard deleted risks cannot be reverted.
Read the blog to learn more.
Organizations & Child Accounts
Customers can now organize cloud resource integrations (AWS, Azure & GCP) using Organization and Child (project/subscription) connections. You can easily set up, see, filter, sync, and exclude child connections to better manage cloud resource integrations in Secureframe.
Add Custom Security Training URLs
We added the ability to link third-party security training vendors within the Secureframe training module. If you select “Other (Third Party)” as your security awareness training vendor, you now have the option to include the URL for that training. Your employees can access the link to the training within the Secureframe platform. This will direct them to the training site where they can complete their security awareness training.
New Policy Editor with AI-powered Text Revisions
We added enhanced functionality to our policy editor with a more comprehensive editing toolset and AI-powered text revisions. The improvements to the policy editor include the ability to comment on a policy to improve collaboration and an advanced editing toolset to make it easier to build, customize, and publish policies. Our new editing tool set includes: advanced tables, find and replace, seamless copy and paste from Google Docs, Word, and Excel, and more
In addition, we added our latest AI-powered capability, Comply AI for Policies, which uses generative AI to help you write and refine your policies. Comply AI for Policies improves productivity by saving you hours of work by delivering clear and polished policies that align with the tone and voice of your organization. To use Comply AI for Policies, highlight the area of text you want to revise and either select from the out-of-the-box prompts or send a custom prompt. Generative AI will provide suggested changes for you to review and choose to insert the changes, ask it to try again, or discard the changes.
Read the blog to learn more.
Device Archiving
Now, customers have the ability to archive devices by archiving the associated vendor.
October 2023
New features & updates
Improved Risk Management module with Comply AI for Risk
We recently launched our new enterprise-grade Risk Management tool that includes an AI-powered risk assessment workflow with Comply AI and an Enhanced Risk Management module tailored to your unique business needs.
The end-to-end Risk Management tool includes:
- Risk register to track and manage risks
- Risk library to easily identify risks
- Risk assessment workflow to determine risk scores and treatment plans
- Risk history to easily track changes
- Control mapping to link mitigating controls to risks
The Enhanced Risk Management module offers more robust and flexible tools, including:
- Dashboards
- Custom scores
- Custom tags
Read the blog to learn more about the improved Risk Management module.
Office365 User Filtering
Companies can now optionally exclude unlicensed accounts and guest accounts from being pulled in on the Office365 integration. Existing connections must be archived and a new connection must be created for this functionality to work.
Read-only Policies
We just added the ability to make policies read-only. For policies that do not require acceptance, you can now mark them as read-only when editing. Personnel reviewing these policies will not have to select ‘Accept’. Learn more about Secureframe policy management here.
Enhancements to Azure Active Directory Integration
Users of Azure AD can now pull fields like:
- MFA status for users
- Start and end date for employees
- Job title for employees
Find more information about Azure AD permissions in this article.
JamfPro Screen Lock Support
The JamfPro integration now syncs screen lock information for Mac and Windows, and each respective test is now automated. Find all of our integrations here, and please reach out if you have additional questions.
September 2023
New features & updates
New Bulk Action Bar
We recently added a new bulk action bar on the following pages:
- Personnel
- Tests
- Asset Inventory
We've consolidated the individual bulk action buttons from the top menu into a dedicated bar that floats on the page as a user scrolls to make bulk actions easier than before.
Additional Trust Services Criteria
We have added two optional trust services criteria (TSC) to your existing SOC 2 report - processing integrity and privacy. It is up to your business to decide if either of them is in scope for your compliance program.
Processing integrity provides assurance that information in the audited system is complete, valid, accurate, timely and authorized to fully satisfy the entity's objectives. Privacy provides assurance that personal identifiable information (PII) is safeguarded beyond the minimally required security requirements.
These will be defaulted to disabled for your existing report and will not impact any passing percentages unless enabled. Please don’t hesitate to contact us if you have any questions.
AWS Inspector Update
An updated Amazon Inspector integration is available for AWS customers. This iteration of Inspector is more scalable, supports container images and multi-account management, and uses AWS Systems Manager Agent, among other improvements. We will continue syncing Inspector Classic in AWS accounts where it is used - no need to switch immediately.
Improvements to Custom Control Creation and Bulk Mapping
We just released a new way for customers to create custom control AND map either existing or new custom controls to framework requirements all in 1 CSV. Now, you can:
- Auto update date fields
- See warnings on invalid inputs
- Find suggestions on typo mistakes
Find more information in this Helpdesk article.
Improvements to Secureframe Questionnaire Automation
We've introduced updates to Secureframe Questionnaire Automation, including:
- Improvements to the Questionnaire model performance that enhances customer automation rates
- Security Questionnaires Starter Pack: we highly recommend that customers fill out this starter pack of the most commonly requested security questionnaires to maximize their success.
August 2023
New features & updates
Comply AI for Remediation is now available for AWS, Azure, and GCP
Comply AI for Remediation is now available for all Secureframe customers. Comply AI for Remediation uses generative AI to provide infrastructure as code remediation guidance to fix misconfigurations in AWS, Microsoft Azure, and Google Cloud Platform (GCP). Remediation methods include:
- Command Line Interface (CLI)
- Terraform
- AWS CloudFormation
- AWS Cloud Development Kit (CDK)
- Azure Resource Manager (ARM)
- GCP Deployment Manager
Custom Frameworks
We now offer the ability to create custom frameworks! Customers can now incorporate into a custom framework things like specific security controls, processes, and policies that align with your organization’s unique requirements, industry standards, and regulatory obligations. Map existing tests and controls (pre-built or custom) to your custom framework for a more comprehensive and personalized approach to compliance management. Find the documentation for custom frameworks and reach out to support@secureframe.com for more information on how to get started.
Test Library
Our new Test Library offers a repository of all Secureframe and user-created custom tests. This provides customers with the ability to leverage the extensive suite of automated tests available in the Test Library for your custom controls and frameworks. Users can access this inventory of tests that may not be directly mapped to specific frameworks, allowing them to incorporate additional tests and take advantage of the hundreds of automated tests that Secureframe has already built. Access the Test Library from the “tests” page in the left side navigation, and find the documentation here for further guidance.
Trust Center Improvements
By popular demand, we recently delivered two improvements to Secureframe’s Trust Center:
- Custom email destinations for document request notifications. You can now set document request notifications to mail to specific people or group inboxes!
- The ability to host FAQs on your Trust Center to reduce the need to fill out a security questionnaire for a prospective customer. You can now add FAQs and answers in the Trust Center Site Designer.
default Version Control Branches
Users can now specify default branch and testing settings for repositories in integration connection settings. Settings are applied to only new repositories synced and do not affect repositories that have already been synced.
July 2023
New features & updates
Personnel Management Updates
We recently revamped the personnel management page to provide a better user experience. The update includes a new personnel table, as well as a notification bar at the top of the page alerting users of unlinked accounts.
Unlinked accounts are accounts Secureframe is unable to link to an existing user. Users can click on the unlinked accounts notification to review the unliked accounts and link them to a respective user. Unlinked accounts can also belong to former employees or service accounts.
Integration with DigitalOcean
We’re excited to announce an integration with DigitalOcean, a cloud hosting provider that offers cloud computing services and Infrastructure as a Service (IaaS). Secureframe automatically pulls relevant data from DigitalOcean and tests access, application, networking, storage, monitoring, and alerting configurations for applicable framework compliance. To get started with DigitalOcean, find and connect from the integrations tab in Secureframe.
June 2023
New features & updates
Comply AI for Remediation
We expanded our AI-powered capabilities with the launch of Comply AI for remediation. Comply AI automatically generates infrastructure as code (IaC) remediation guidance to fix misconfigurations in AWS. The capability also features a chatbot for users to submit requests and get more tailored remediation. Comply AI will soon work with Google Cloud and Microsoft Azure for faster and easier cloud remediation. Learn more about Secureframe AI here.
Custom Controls
We are excited to announce the ability to create custom controls in Secureframe! The Controls tab enables you to view a list of controls mapped to their respective frameworks and the health status of those controls. You now have the ability to add custom controls individually or in bulk, tailoring the platform to meet your organization's unique needs. This customizability enables you to incorporate specific security controls, processes, and policies that align with your requirements.
AWS GovCloud Integration
We are excited to announce that Secureframe now offers an integration with AWS GovCloud, providing users the same Secureframe experience as customers operating in commercial environments. By automating compliance tasks such as monitoring, policies, and evidence collection, Secureframe simplifies the compliance process for organizations navigating the complexities of federal regulatory requirements, while ensuring the security of government-related workloads and data. Secureframe provides visibility around security vulnerabilities and misconfigurations in your GovCloud environment, and monitors compliance against federal compliance frameworks. Read the blog.
New Company Onboarding
We made updates to our company onboarding for a better user experience. With our new onboarding, we’ve reduced the number of onboarding steps, integrated onboarding throughout the rest of the platform to deliver a more seamless experience, and provided more context to help users easily navigate their onboarding.
May 2023
New features & updates
Secureframe Trust
We recently announced the availability of Secureframe Trust – a powerful combination of our Trust Center, Knowledge Base, and ML-powered Questionnaire Automation solutions.
Now, you can proactively showcase the measures your organization is taking around security, compliance, and privacy with a Trust Center that continuously pulls in data from the Secureframe platform. You have the ability to customize this page - show only what you want to show, and adjust the look and feel of your Trust Center with customized logos, colors, and information. You can upload documents, review/approve/deny requests for information, and enforce automated NDAs. If a visitor has additional security questions after perusing your Trust Center, they can submit an RFP or questionnaire, and our Questionnaire Automation and Knowledge Base can help streamline that process.
Learn more about Secureframe Trust here.
Export tests as JSON
We recently added the ability to view and export raw JSON evidence for AWS, Azure, and GCP to aid in remediation for your failed tests. JSON provides more detail so you can easily identify the reason a test failed and quickly remediate the issue. Raw JSON is helpful for your auditors as well because it reduces the amount of time it takes them to review the evidence and provides them with additional details to help minimize follow-up questions.
When downloading a test, you will now see two options: ‘Download Test data (.csv)’ or ‘Download Test data (JSON)’. You can easily navigate the JSON evidence for every resource associated with a test using the arrows in the platform which allows you to review on an individual resource basis so you can focus on a specific area of concern
If you choose to download as JSON, it will contain details for all of the resources associated with the test. This will help you get as much or as little information as you need to remediate issues in your cloud infrastructure and maintain compliance. Learn more about exporting tests as JSON here.
Updated Navigation Experience
We made updates to the navigation in the platform to make it easier for you to find what you're looking for. The update groups pages together so they are more organized for a better user experience. Check it out on the platform today!
Ability to filter on unconfigured repos
We recently added the ability to add "has_production_branches" as a filterable field to the repositories table and search_data. This allows customers to see where they need to apply configurations, which need to be complete for the associated tests to work.
April 2023
New features & updates
Upload PDF Policies
This month, we introduced the ability to upload PDF policies to Secureframe, giving our customers flexibility during the onboarding experience. Policies are governing documents describing what an organization does to ensure security and compliance.
Now users have the ability to directly upload one or multiple PDF policies, in addition to using the inline editor. Find more information on creating and editing policies here.
New Secureframe Training Lessons
Secureframe Training automates training for SOC 2, HIPAA, PCI DSS, GDPR, and more – so organizations can quickly meet security and privacy compliance requirements and save time assigning, tracking, and reporting on required training.
This month we introduced two new lessons to our Security Awareness Training module: Anti-Counterfeiting and Privacy. Find the new lessons in Employee Onboarding > Training, or reach out to learn more about how you can easily deploy and track required employee training with Secureframe.
Passing with Upload Indicator
We recently added a visual indicator for tests, to show tests that are passing but also adding the ability to show if each test has evidence uploaded against it.
Default Group Assignments
Before, we defaulted policies to be assigned to the "Employees" and "Contractors" groups when publishing them for the first time. The edit policies multi-select only showed up when editing an existing policies. Now, when creating or publishing a new policy, there's an option to group multi-select in the editor view when creating a policy for the first time, pre-populated with "employees" and "contractor" groups if no other groups are present.
Policy Acceptance Date
We made a change to policies to always show the last accepted date for policy acceptance. This ensures accountability and notiication of changes - showing the last accepted date helps users stay informed about changes in policy and reminds both users and admins to review the policies periodically.
March 2023
New features & updates
Manage Test Updates on the Test Activity Dashboard
In March we launched an exciting new feature that improves automation and helps with continuous compliance: Test Activity Dashboard. This new experience allows Secureframe to keep your tests up-to-date with the latest automation enhancements and compliance checks.
New or updated tests appear on the dashboard depending on the frameworks you have signed up for. Keep your tests in their current state if you have an upcoming audit and want to wait to switch to the new/updated test. For any new/updated tests, you have a Required Action Date that is at least 3 weeks after the test is introduced into your account.
If you don’t take any action, the new/updated tests will be automatically introduced into your account on the required action date. Future releases for test changes happen on a periodic basis on the last Friday of each month.
Enhanced Microsoft Intune Automation
We recently enhanced four upload tests for Microsoft Intune with automation:
1) Anti-malware is enabled on user endpoints is enforced via Microsoft Intune
2) Screens lock on production user endpoints after a maximum of 15 minutes of inactivity, enforced via Microsoft Intune
3) Local firewall cannot be disabled by the user and log continuously on production user endpoints, enforced via Microsoft Intune
4) Strong password policy of at least 8 characters and alphanumeric is enforced on user endpoints via Microsoft Intune
Read more about Secureframe's endpoint security here.
Enhanced Jumpcloud Integration
We've made enhancements to our integration with Jumpcloud for centralized identity and access management (IAM), easier user provisioning/deprovisioning, and streamlined compliance monitoring. This integration allows you to sync devices-related information from your JumpCloud account and automates compliance checks and evidence collection (for example, hard drive encryption enforcement) using JumpCloud's REST APIs. Learn more about the integration and how to connect to it here.
February 2023
New features & updates
Real-Time Support Through Live Chat
Now you can chat in real-time with a Secureframe Customer Experience Representative! Just as before, if you need help you can go to “Help & Support > Chat”. Once a chat is initiated, if you want to chat online with a Secureframe representative, you will be offered the option “I still need support”. If you click this button, you will be able to speak to a Secureframe Customer Experience rep. Our representatives are available Monday - Friday from 9AM - 7PM ET.
Announcing Secureframe for MSPs
We are excited to expand the Secureframe Trusted Partner Program to include our world-class MSP Partner Program and launch our multi-tenant portal to make it easy for service providers to bring the power of Secureframe’s compliance automation platform to their clients. Secureframe for MSPs offers:
- Centralized account management: Purpose-built to help service providers manage their customers’ end-to-end compliance journey, Secureframe’s multi-tenant portal centralizes all activities related to each customer’s security and privacy compliance into a single pane of glass.
- Streamlined deal management and support: Secureframe’s partner portal (PRM) enables service providers to register deals and gain access to marketing, sales, technical support, and other resources to close deals, serve clients, and grow revenue.
- Enhanced revenue earning potential: Secureframe’s partner program unlocks new revenue streams through its referral, reseller, security consultants, and MSP/MSSP options where partners can function as any or all partner types depending on their business model and preference
- DattoRMM integration: Secureframe’s integration to DattoRMM, used by MSPs to remotely secure, monitor, and manage endpoints, automates evidence gathering for antivirus software, asset inventory intelligence, and more.
Custom Upload Tests
We recently introduced custom upload tests, which allow you to author your own upload tests in the Secureframe platform. Custom upload tests offer tailored compliance validation for individual business needs, comprehensive coverage, and increase flexiblity and scalability in your security posture. If the existing Secureframe authored tests do not cover your company’s criteria, you can create a new test or set of tests that take uploads as evidence. These can be standalone tests or can be mapped to controls in existing security frameworks activated in your account. On the test page in Secureframe, you can create or delete custom upload tests. Learn more about custom upload tests here.
DattoRMM Integration
To further enable service providers for success and based on partner demand, Secureframe has added a new DattoRMM integration. The integration pulls automated configuration evidence like the presence of antivirus software, asset inventory intelligence, and more into the Secureframe platform to further demonstrate a client’s security and privacy posture.
January 2023
New features & updates
Secureframe Questionnaire Automation
Secureframe’s machine learning-powered automation makes the tedious process of responding to RFPs and security questionnaires fast and easy for organizations of all sizes. Our innovative solution suggests responses to RFP and questionnaire questions using content and context from the Secureframe platform along with approved prior responses to deliver 90%+ accuracy.
You have the ability to edit answers to reflect updates in your security and privacy posture, as well as collaborate with your in-house subject matter experts to ensure answers are kept current in the Secureframe Knowledge Base as your security, privacy, and compliance system of record.
Knowledge Base Chrome Extension
Easily access your Secureframe Knowledge Base from Google Chrome!
You can now look up content and answers to questions easily while on a call, answering emails, or filling out questionnaires. Type keywords, phrases, or whole questions in to the search field to immediately discover related content in the Knowledge Base. The ‘select-to-search’ feature automatically searches any highlighted text on your active tab. Try it today.
Test Comments
Test Comments allow tests to be the nexus of communication for users in Secureframe working toward remediating a test. Now you can take, edit, and delete notes and comments to collaborate on testing.
December 2022
New features & updates
Secureframe Training
Training employees on security and privacy awareness is a key requirement of most compliance frameworks, including SOC 2. Secureframe Training, our in-platform training product with modern and engaging content, now includes Security Awareness Training. This adds to our existing, comprehensive set of training that includes HIPAA, GDPR, CCPA, PCI, and Secure Coding.
Make training your workforce easy and automatic with content that’s kept up-to-date by our compliance experts. You can review the available training modules in the Personnel > Settings > Onboarding section of the app.
Interested in adding privacy and security training? Ask your customer success manager or email contact@secureframe to add Secureframe Training or get a demo.
November 2022
New features & updates
Knowledge Base Scheduled Reviews
Keep your Knowledge Base content fresh by scheduling regular review cycles.
Fully customize these review settings and receive automated email notifications when your content expires. Learn more about this new feature in our Help Center article.
Expanded Trusted Partner Program + Launch Partners for the Secureframe Trust API
You need the flexibility to customize your security and privacy compliance program to the unique needs of your business.
That’s why Secureframe provides 100+ pre-built integrations with the most popular applications across cloud services, identity providers, background checks, HR and people management, device management, developer tools, single sign-on, and more that you’re already using every day. Rootly, Electric, Basis Theory, and Indent are now joining our industry-leading trusted partner ecosystem to help our mutual customers further automate and streamline compliance.
Learn more by reading our blog announcement.
October 2022
New features & updates
New Comments Tab on Tests Page
Collaborate with other users at your company using the new comments section. You can leave shared notes, work through remediation steps, and chat with your fellow team members, making it easier and faster to pass tests.
Click on any test and navigate to the "Comments" tab to get started.
Custom Knowledge Base Tags
Manage your content from uploaded security questionnaires and RFPs with custom tags.
Create and mark records for different teams, topics, or specialty areas. You can then filter on these tags for easy access the next time you are looking for content.
September 2022
New features & updates
Test update notifications
Integration Tests can now have a tolerance window! Sometimes configurations are tricky to figure out. Now you can set a tolerance window so that the test will not fail right away after Secureframe detects an incorrect configuration.
When a tolerance is set, Tests will first show an "at risk" status so that the owners know that something needs to be fixed. Learn how to set a tolerance window for a test in our Help Center.
Due dates for uploaded tests
You can now set due dates for Upload Tests! Every time you go through an audit there is evidence to refresh. Now, you can set due dates to remind you to do these tasks.
When you set a due date, you can also set a test interval so that the Test will auto-increment to the next due date after it has been refreshed with new evidence. See how to set a due date for a Test in our Help Center article.
Automate responding to security questionnaires and RFPs with Secureframe
Responding to security questionnaires and RFPs has long been a manual, tedious process with forms that vary from customer to customer with no standardized format, set, or order of questions. Even if you are SOC 2 or ISO 27001 compliant, many companies will still require a security questionnaire to be filled out.
That’s why we’re excited to introduce Secureframe Questionnaires, a machine-learning-powered solution that makes it fast and easy to respond to customer questionnaires. When you receive an RFP or security questionnaire, simply upload it to Secureframe, tag the questions and answer fields, verify Secureframe’s suggested answers from the Secureframe Knowledge Base, export the completed document to the original format, and send it back to your customer.
Read the blog post to learn more.
Secureframe adds 12 new frameworks, including NIST, ISO 27701, CMMC, and more
We are excited to announce that we’ve added these new frameworks to help you achieve and maintain compliance:
- NIST SP 800-53
- CMMC
- NIST 800-171
- PCI DSS SAQ-A and -D
- NIST Privacy
- ISO 27701
- NIST CSF
- Microsoft SSPA
- MSVP
Read the blog post to learn more.
With these additions, Secureframe’s modern, all-in-one governance, risk, and compliance (GRC) platform can do more to help your organization and compliance teams to quickly understand requirements, manage controls, streamline workflows, and stay up-to-date with the latest security, privacy, and compliance standards.
JIRA integration update
The updated JIRA integration automates compliance checks and evidence collection for five existing requirements. To learn more, read our Help Desk Article.
Vendor page update
We’ve updated our Vendors page so it is easier to filter and sort. Now you can quickly skim your vendors list, identify which ones are high-risk, and review vendors that you own.
July 2022
New features & updates
New tests page
We’ve created a new page to view your compliance journey designed around tests. This page allows you to manage all your company tests in one easy-to-organize place:
- Set custom and saved filter views
- View test details
- View framework mappings
- Remediate tests
For more information on how the Test Page works, take a look at our Help Center article.
June 2022
New features & updates
Custom Upload Tests
We have added the ability to author your own Custom Upload Tests. If existing Secureframe-authored tests do not meet your company’s criteria, you can now create a new test or new set of tests that accept file uploads as evidence.
For more details, read our Help Desk Article on Custom Upload tests.