Changelog
This is Axio's What's New information (Release Notes) in reverse chronological order.
Refer to the list below to review changes deployed with the current release. The previous feature deployment happened on August 2nd, 2023.
Note: The Canadian instance was updated to this production deployment on August 24th, 2023.
The August 23rd deployment was maintenance release with bug fixes and customer specific updates only.
During an integration handshake, two authorization headers have been passed, causing the authorization to fail. Going forward only lowercase headers will be used.
On the C2M2 v2.1 Workforce Management controls the order of steps to take was out of sequence.
The graphic export for the C2M@ v2.1 model was generating empty export files. This issue has been resolved.
Customer was experiencing inconsistent scores in the "assessment summary" widget on the aggregate dashboard. The current and target scores would change between refreshes with no identifiable pattern. A solution has been provided with this deployment.
Added topics:
Edited topics:
- Admin View | Global Company Information: Edits pertaining to third-party integration options, including links to new setup topics.
Refer to the list below to review changes deployed with the current release.
This deployment is a maintenance release and provides customer specific updates only.
Edited topic:
Refer to the list below to review changes deployed with the June 28th release. The previous feature deployment happened on May 8th, 2023. The Canadian instance was updated to the June 28th production deployment on July 3rd, 2023.
There are similarities in different security models that lend themselves to assessment mapping options. For example, a completed NIST assessment, which required input of all organizational controls, can be applied where applicable to the CFS assessment template. Providing mapping options between matching data collected for different security models, saves organizations from redundant work and improves consistency of control entries across various assessments. For a detailed feature description refer to the Assessment to Assessment Mapping topic on Axio's public doc portal.
The data ex-/import feature now supports roundtrip data movement without the need of edits after an export.
When importing or exporting assessment data from or to a spreadsheet, more data columns are supported:
- Practice Name (on all sheets)
- Assigned user for Action Items, uses the full name and defaults to email if no name is specified (Action Items Sheet).
- Tags for Notes, this is provided as a comma delimited list.
- Owner Rationale on Links sheet (aka Evidence).
- Company evidence help text on Links sheet (aka Evidence).
- Company help text on Responses sheet.
When an assessment exercise has actions items, the completion of those action items now positively improves the score for that specific exercise. Adding new action items will impact the completion percentage. Action items only impact calculation and visualization of current scores and do not have any impact on target values. If the completion of action items puts a specific exercise above the completion score, the exercise will be marked as complete.
Note: No updates are done to the score to included action items in a board report. Action Items do not influence milestone scores (milestone scores are just scores for an assessment at a given date). No updates are done to the "mode" score on the aggregate dashboard.
Cookie handling caused issues for instance administrators preventing admins to access multiple environments concurrently.
Dimensioned Practice EVs were not correctly using assessment response data.
The assessment scores were visualized with different values in graphs inside the assessment and quantification modules.
Refer to the list below to review changes deployed with the current release. The previous feature deployment happened on April 27th.
The Canadian instance was updated to this production deployment version on May 22nd, 2023.
With this deployment various backend environment improvements are rolling out.
Refer to the list below to review changes deployed with the current release. The previous feature deployment happened on March 13th.
Axio is rolling out a C2M2 v2.1 foundations MIL report. The report is available to be generated, once the assessment questionnaire has been completed.
Please note:
- The order of questions in the report is not the same as the order of questions in the actual assessment model.
- Completion percentages for partially implemented domains indicate zero completion. Only Largely or Fully Implemented practices are tracked to determine completion percentages by domain.
- Decimals on percentage completion rates are always rounded down.
- MIL reports are not available on Full C2M2 v2.1 assessments.
The report implementations has the following knows issues:
- The page numbers on the generated
.pdffile are not sequential. - Under Report Specifications, the assessment title is pulled in with text provided for The scope defined for this assessment is.
- Punctuation marks might be cut off from practice, response, and other text assetts pulled into the report.
- It is possible to hit an error condition during the first time a report is generated. This usually resolves on retry.
A rank based recommendation widget has been added to the C2M2 V2.1 Foundations Assessment. This implementation brings functional model parity between the v1.1 and v2.1 user experience in Axio360.
The Control Implementation Widget tooltip has been updated to clarify how different dimensions are visualized.
This week's release provides the following fixes to issues users might have experienced while using Axio360.
With this release after clicking Finish to exit a new C2M2 v2.1 Foundations Assessment wizard, user session navigation opens the assessment dashboard. Previously, navigation placed users in the active assessment view.
Resolved spelling errors in category 14, answers C and D.
Deployment to rollout new SSL Certificates.
Axio's April 3rd deployment was a maintenance deployment addressing back-end updates only. The deployment does not include any user interface or user impacting changes to product features and functionality. Updates are related to moving to the LTS April 2022 version of node.js.
Refer to the list below to review changes deployed with the March 15th release.
Plans of Actions and Milestones (POA&Ms) are a critical component of a CMMC compliance strategy. POA&Ms document corrective action plans for tracking and resolving information security and privacy weaknesses against CMMC requirements.
The plans detail the gaps and intended remediations, resources (e.g., personnel, technology, funding) required to accomplish the plan, milestones for correcting the weaknesses, key stakeholders involved in the effort, and scheduled completion dates for the milestones.
A report is part of the CMMC v2.0 license. The report is named "Plan of Action & Milestones (POA&Ms)". It is available in the avatar menu of Axio360.
- 1.With the focus on a CMMC v2.0 assessment in the assessment navigation menu, navigate to the user profile menu.
Drop-down menu - 2.From the drop-down menu select Export POA&M Report.
- 3.From the modal select the report to export.
Report export modal
The export action writes a .xlxs file with the following data columns:
- Assessment Name
- CMMC Level
- Control Name
- Level (including only "not met" and "partially implemented" states)
- Target Date
- Action Items
It is now possible to Edit and Delete assessment mappings.
Edit and delete options on assessment mappings in the Admin module
This week's release provides the following fixes to issues users might have experienced while using Axio360.
The Admin Module contained a typo in the C2M2 v2.1 label under the assessment title.
Refer to the list below to review changes deployed with the February 22nd release.
With this product deployment, Axio360 provides a Download All option during the export of artificats supported for download. For detailed information on the export feature, refer to Export Data.
With this release, Axio is launching the System Security Plan (SSP). This System Security Plan (SSP) provides an overview of the security requirements and describes the practices in place or planned for implementation.
Specific customizations are:
- A Generate SSP Report option in the user profile drop-down menu when the user is in Assessments and has a CMMC v2.0 license.
- Clicking the menu item opens a modal with options to cancel or to Generate SSP Report. Generate SSP Report is disabled, if the user is not in assessments.
- The modal contains a scrollable checkbox list with all of the available CMMC v2.0 assessments (by default all are selected).
- When a user clicks Generate with at least one selected assessment, an .xlsx spreadsheet is generated and made available for download on the client system.
SSP Report - The generated report outputs a row for each practice that has at least one evidence link in one of the selected assessments. The row has columns for Domain, Practice Name Control Name, and Evidence Links, where Domain and Practice Name match the model file fields and Evidence Links contains for each assessment a new line with the assessment name, and a new line for each evidence link at that practice for that assessment.
This week's release provides the following fixes to issues users might have experienced while using Axio360.
When linking a C2M2 v2.1 Assessment to a Quantification Scenario Collection in order to add a practice group to a scenario an error occurred.
The CSF Board Reports contained several mismatches between the visual elements shown in Axio360 and the actual data.
Refer to the list below to review changes deployed with the current release. The previous feature deployment happened on January 12th, 2023 and a hotfix was issued on January 31st.
This deployment does not introduce any new customer facing functionality.
This week's release provides the following fixes to issues users might have experienced while using Axio360.
The Next/Previous buttons in an assessment, for example C2M2, have options to move between top-level sections, like "Domain" and second-level sections "Objective". This issue caused users to navigate from a selected objective to the next domain rather than an objective on the same level. The same behavior was seen with the NIST CSF "Category" and "Functions" levels.
Next/Previous button navigation
On exports of assessment Board Reports, incomplete data was shown in the exported reports. Users experienced this as only the first question on each page being reflected as answered.
The numbering on C2M2 assessment questions was incorrectly shown as 00-x rather than the expected 1-a, 1-b, etc. This issue was resolved and delivered via hotfix deployment on Jan 31st, 2023. The Feb 9th deployment, addresses the correct use of leading zeros in the CMMC v2 and CMMI assessments in relation to the previous hotfix.
The numbering on C2M2 assessment questions was incorrectly shown as 00-x rather than the expected 1-a, 1-b, etc.
Refer to the list below to review changes deployed with the current release. The previous deployment happened on December 2nd, 2022.
With the current deployment Axio360 now provides assessment capabilities based on the versions one and two of the CMMC model.
While creating a new assessment, users now have a mapping option on the New Assessment modal. The mapping option is only available when there is a previous assessment of the same model type in the database.
The assessment import workflow now supports adding Action Items and Notes to the source import file.
When exporting assessment data, users can select the specific type of data to export. Download options in .csv format are Notes, Action Items, Links, Rationale, and Responses.
The 5 minute timeout warning did not display prior to the automated timeout window expiring.
The "Unsubscribe" and "Unsubscribe Preferences" links in the Weekly Summary email from Axio360 did not work. With the problem solution "Unsubscribe Preferences" are renamed to "Manage Subscription".
Last modified 13d ago