Dash continues to release new versions of the Dash Compliance Automation Platform with new features, improvements, and bug fixes. Below is a list of application changes and compatibility notices related to Dash application versions. To update to the latest application version, please see our guide to updating Dash.
(New Feature) AWS Security Hub Integration
*Please Note: This Feature is newly released and currently in Beta.
Organizations can now integrate AWS Security Hub findings into Dash ComplyOps in order to view security findings from AWS cloud native security and 3rd party security services. You can read the initial documentation for this service here.
This integration enables users to:
- Pull in AWS Security Hub findings into Dash
- Connect multiple instances of Security Hub across regions/accounts
- Edit issue metadata/control mappings
- View Security Hub findings across Dash and the Compliance Center
(New Feature) Added Options for Filtering Compliance Issues
Organizations can now exclude sections of the AWS environment from the Compliance Center. Under Settings > Monitoring Settings > Monitoring and filtering, Dash enables your team to:
- Hide ComplyScans findings for specific Regions, VPCs, or Tags in the Compliance Center.
(Enhancement) Added Cloud Overview Page
A Cloud Overview Page has been added to the Compliance Center. Security Teams can utilize this page to visualize security findings across their AWS environment and better manage cloud security findings. This Cloud Overview page replaces the previous Compliance Overview page and can be found under Compliance Center > Cloud Overview.
(Enhancement) Improved Mappings & Styling for HIPAA and SOC 2 Framework Reports
HIPAA and SOC 2 Framework Reports have been improved in the Report Center. Additional mappings have been added for AWS provided safeguards and visuals have been improved to make it easier to see set controls.
(Patches) Fixes to JIRA Integration
Several improvements and bug fixes have been made for the JIRA integration. We will be further improving this JIRA connection with upcoming patches/updates.
(Patches) Resolved Issue With Vendor Report
Fixed an issue that did not allow clients to download the Vendor Analysis Report in the Dash Report Center.
Please Note: Users upgrading from a previous version of Dash will need to go through their policies and determine where to set new Policy Activities.
(New Feature) AWS Config Custom Scanning
Organizations can now take advantage of the AWS Config Service. Teams can implement custom scans. For example, an organization may choose to enable the ‘access-keys-rotated’ Config rule to ensure that access keys are rotated on a regular basis.
- We have now made it very simple to integrate Config Service rules across regions through the Dash application.
- Dash users can define how Config rules map to compliance standards or policies within the Policy Center. Dash will auto-populate these mappings for standard AWS Config rules. For all Config rules, Dash users can modify mappings to fit their needs.
(Enhancement) Policy Activities and Tracking
Dash has enhanced Policy Activity tracking and reminders to make it easier to track administrative tasks and stay in compliance.
- Custom Policy Activities – Any question in a policy can now have a policy activity tied to it. In a few cases, Dash will pre-populate the suggested activity. If there is no policy activity by default, the user can create their own policy activity.
- Policy Activity Timelines – The user can now decide how many days before and/or how many days after the activity an email should be sent out to Dash users to remind them about the activity.
- Policy Activity Logging – Each time a policy activity is performed, there are outcomes and documentation that must be included. Therefore, we have included a way for users to log any notations that must be made as well as documentation.
(Enhancement) Improved loading performance of Dashboard and other pages.
(Enhancement) New SOC 2 Control Mappings according to the 2017 Revision
(Enhancement) Added Dash recommended guidance for Policy Activities
(Enhancement) Added to Action Center Solutions
All Users Please Note: Due to the added policy reminder features, policy frequencies entered in individual policies must be re-entered in the new version of this application.
(Enhancement) Policy Activities and Reminders
When filling out policies, there are questions related to tasks that need to be done on a regular basis to remain HIPAA compliant. Here is an example:
- How often will all compliance policies be reviewed? The user will typically answer yearly.
- Users will now also set a due date for this action.
- The user will be reminded, via email, of upcoming policy activities to ensure compliance.
- If a reminder goes past due, it will automatically generate a compliance issue until the activity is completed.
(New Feature) Compliance Activities
Organizations can now keep track of important compliance activities via the Compliance Activities feature. Compliance activities, generated during policy set up, will show up in the policy activities page. Using this page, organizations can verify that they are accomplishing important compliance activities on time.
This page will allow users to:
- See Compliance Activities
- Verify Activity Completion
- View Policy Activity Compliance Issues
(New Feature) Policy Documents
Organizations can now compile policy related documents in one place. Store BAA Agreements, Policy Incident Documents, and Other Policy Related documents in a central repository. Also, get quick access to important policy documents and templates provided by AWS, Dash, and other organizations.
(Patches) Stabilization Improvements
There were a handful of fixes to policy document generation, the login process, and the compliance center to ensure a seamless experience. We appreciate any assistance and patience in finding these bugs.
As always, we welcome your feedback into what can help your team better manage and maintain a robust security and compliance program.
*Important Notice to Version 1.5.1 Users: There was a bug that caused fully licensed Dash applications to revert to a “Policy Only” permissions and disable Compliance Center pages. This was caused by an AWS validation issue. This has been resolved and we encourage Version 1.5.1 to update to 1.6.0 to avoid having to constantly refresh your AWS environment.
(New Feature) Webhook Integrations
Users can now configure web hooks that will receive data as it occurred in the Dash system. This data includes scan results, events within the application, and other digestible data for external applications. Users can configure more than one web hook for different purposes. Future enhancements will include data type filtering and greater visibility into compliance events as they occur.
(New Feature) CloudWatch Integration
Users can leverage the flexibility of CloudWatch in AWS to process application data as it occurs. Examples of integrations in CloudWatch include SNS, Lambda functions, as well as CloudWatch Events. Using CloudWatch can help your organization process and transmit Dash Compliance Automation data exactly where it needs to go in real time.
(Enhancement) Dashboard Improvements
Users have more visibility into Dash Scoring System Evaluation.
(Enhancement) Scanned AWS Services Increased
Significant increase in number of AWS Services being scanned in the Dash Compliance Automation system. Recent additions include more detailed scans for CloudFormation, SES, SNS, and SQS.
(Patches) Bug Fixes
Bugs were identified and resolved during this version. They include enhancements to session management, VPC filtering at application initialization, and improving the SSL configuration process.