um you are here to talk about continuous authorization monitoring Cam and we've had some amazing enhancements in this last release and I am very happy to be joined by my colleague DAV DAV you want to introduce yourself hey everyone D here from the product management team nice to be here and walk you through the new enhancements awesome he's going to do an amazing live demo so nobody go away but before we get started we got a few housekeeping tips here you are on mute if you've joined us before that's pretty standard but we do have that Q&A button at the bottom so please use the Q&A we want to make this interactive we want to make sure that you get your questions answered um we are recording it so if you've got colleagues that W able to join you you'll be able to share it with them later on our GRC playlist YouTube playlist I will put the links to that in the chat a little bit later in the session and the very end if you can stick around for a minute we do have a short survey and we very much appreciate it if you could fill it out because it gives us ideas about what we should be doing next for our webinars so with that said we are very excited to have released some new updates on the service now store for our risk and compliance products all four actually of the products in our GRC portfolio and we're going through a series of webinars so let's last week with the week before and we talked about business continuity management we also talked about risk management that one was really big you guys need to see that if you didn't actually tune in again check it out on the the YouTube playlist our third party risk management had some amazing new enhancements to that also today we are talking about continuous authorization monitoring but we're not done so join us later this week but we'll be talking about compli ience management and audit management we're again we have some great Integrations um the crr accelerator is something that's really really really interesting and really valuable that you all will make make sure you don't want to miss that one so that's that's very interesting and then we continue the following week with our compliance case management and our regulatory change management application enhancements and we finally finally finished with a privacy management which has a again a huge enhancement to it in personal data rights so please do not miss any of those um but if you do again they're on demand on our playlist so without any further Ado I am going to turn it over to D Rob who's going to walk you through a few slides and then he's going to jump into that live demo and show you it all in action D take it away super thank you for that Teresa welcome everyone again and happy to walk you through amazing changes that we did this time with the cam application so at high level what you see on your screen is exactly how the new look and feel would be for the cam workspace so that's the very first introductory page that you're looking at but what we've done in this sanadu release is not just a new workspace but we started supporting oscal yay nist has been promoting oscal for a long time and um we are happy to partner into it we did the adoption Workshop even on the nest site so oscal export is what we have this year we also have at artifacts which are more than SSP so we will talk about that and there are some new landing page 360 view some small miscellaneous enhancements that we are bringing up this year so with that let's see what's exactly coming with the workspace so in the workspace we start with homepage you get a new overview for your boundary your package you get a unified task page as well where you could manage your task similar to how it works in other workspaces the widgets are all configurable that you see you have a contextual pan Which is a side panel for different areas and even the dashboards are migrated so the dashboards that you've been using in the classic they are also migrated in workspace and you would have it integrated within the workspace itself with that uh oscal export I'm just giving preview of how it would look like we going to Prof support SSP profile catalog overlays these are different different files which get generated you have a UI action which we'll look at in details we have a new poem landing page this is a sneak peek to that before we get into the tool again you also have at artifacts so till now it was only SSP Now we move on to S om which are also generated out of the box and the best part is it's not a PDF output it is a word output that means you can edit them you can modify the way you want it and then present it to your high level Executives so that's been something which was asked for a long time so that's coming up we have some screenshots of how it looked like we also added related objectives so n content is very rich and it gives us good data so if control objective is related to some other objectives we also enable that and again the content comes out of the box so we'll talk more when we see the demo we also have related controls so because the control objectives are related when the controls are generated you also have the controls which are related to it control family again I'll just move on with the slides because we'll actually see all of this in action in The Tool but I'm just highlighting what else came so control family is something that we've also introduced where you have the family name the family ID which again comes out of boxr nist this will help everyone for better reporting and see how the controls are performing at each family level so that's where it comes into picture we have a new control allocation based on the family so all the 20 families of it you can see if it's system specific a control is hybrid and how many controls are there for each family that you have chosen in the package with that moving on to the assessment part so in here we did enhancement to your procedures now procedures so far we heard it's getting good feedback that yes we have that granular level details but what we also added is hey what if a procedure is not effective what if I want to give additional information so you have notes available as well you now have a way to attach Fields so if you have any proofs you want to attach to it you can have that as attachments you can also do it on the list View and this is how it looks like so you don't have to drill down into each of them and open it one by one but you could do all of them here effective not effective and write your notes right here finally the 360 view which is helping you move across your package your boundary what things are related to it if you have overlays supplied poems and you could all go through it so these were most of the high Lev changes that we did with the new release I hope you guys are as excited as I am and we going to deal with into the instance right away with that so with that let me get into the other screen which is my instance any questions feedback any thoughts early thoughts that you have based on what you've seen just let me know where Q&A or put it in your chat and we will address them okay so I'll now move on to the workspace the navigation is the same way go to workspaces you click on cam workspace and that it's going to load up my instance now while this loads up today the workspace is very much specific uh it's very much chric for all the cam personas that we have but we are going to make it very specific to each Persona going in the future iterations so today any person that goes in with Cam roll would see the same view however they would see filtered data based on their roles so based on my access if I only have access to 14 boundaries and 15 packages that's what I see but if someone has higher level access they would see more data so that's been taken care with that the first thing is boundaries everything is interactive you can drill down on them you can select and Report how you want it and you can even go ahead and refresh them so if you know there's some real-time changes happening with your team you want to look at the dashboard as an executive as a member you would be able to do it next we see all the packages so these seven steps are listed here and you see them by package you have your mission critical boundaries which helps you understand all right out of 14 which of those are mission critical and under what state are there so it's a subset of what you see on the top similarly for the packages that you have what is the impact level for each of them so you see it as a bation below I hope this will give a good high level view for your instance across your boundaries across your package so you know where different things are and you can take the right action again if it's a person who's been working on it on a regular basis on the right hand side you would see if there any open task if there's anything for approval or if there's anything overdue similarly if you have groups created if you have your configuration done and that way you could see your group tasks and things on the right hand panel moving down you would be able to track all your controls that are active in the system bated where what's compliant what is not compliant again what you see there is interactive and you can drill down on them we also see the control test again everything of this is at your instance level so you know oh there are certain things which are overdue you can immediately take actions by drilling down on them looking at the list and you know whom to reach out for it further we also have poems there has been a few enhancement to poems uh poems are basically issues which is similar to issues tag Das poem with is plan of action and Milestones in cam world so what we've done is any issue which is related to your package then we make it and bring it up as a poem it could be a control attach station failure it could be a control test failure it could be a issue on your engagement for the package then it would get populated here so that's how we are pulling it out separately and we see them what's overdue so you can again take action on them that is the homepage to start with next we have the tasks page in this case because I'm logged in as an admin I would not have but let me impersonate as a system owner so Susan Orwell is the system owner in this case and I'll go to the workspace and here we go so again here is my attestation if I have PTA Pia I could directly see it here anything that I have requested I would see it here the issues I created on authorization packages I could track all of them here so that's the task page how it looks like for a specified user I'll end my impersonation and I'll walk through most of this as a admin just in the interest of time because we got to create a package end to end and we're going to see the new functionalities as well coming back to the cam workpace so you saw the task page and now let's look at the poems page now this page is a bit different than your issues Landing paas that you might have seen in Appliance workspace or your risk workspace majorly it's because you don't see entity anymore you see your packages so now the entire piece you could see that the page gets filtered based on the package that you select here and that means you could report better on it you could have your monthly reports for specific views with specific packages on it so it allows you to do more things again the widgets are all configurable Milestone acceptance task evidence request on the right hand side R issues if you also have better together like if you also have compliance and you're using some issue with the same Persona being assigned to roles then you can still see all of these things in one screen so that's my poems page it also gives us the new poems which were in last 30 days and allows you to bogate By Priority or rating and things like that similarly for each of them we have given the drop downs for different filtering options and now comes the main part which is the new list view so here we vated your menu items into different categories so RMF basically deals with boundaries package and the library of information types so we've clubbed them together let's look at a boundary maybe demo common provider boundary so the moment I go into a boundary it gives me how many packages do I have in here and in what state so if I had m multiple packages it would show me multiple rows with multiple data and what comes from filter versus what is manually added the flow is similar to what you have in your classic but the ux is now different it's much more friendly so you define your boundary you have your diagrams attached I've already attached it here so I can go to view image and it will show me all right this is my data flow diagram in the case so for each of them I've made the attachments but you could see this icon if you want to delete it if you want to modify it so you could attach them here you can set your boundary filters I've added a demo filter let me also walk through that so demo filter with what is the table name that I want to search for and what are my conditions I want to put so again this is the workspace experience where you have your filter conditions defined I'm saying classes and anything then show me all of them so I wanted the most results and I see all right there 2,000 plus records which are matching my assets again I have this spread crumbs to easily navigate back and my system elements were populated but if I want I could have gone as a new and I could have selected again a table maybe Windows server or Windows cluster okay in this case it's Windows server and I could select a specific asset that I know of so in this case let's say load balancer one is what I want and I would have added it so what happens is my system gets updated with it and it gets added over here as 2818 so if I save from Filter the first one which is false is the one which got manually added as Windows balance and finally I would have created my package so this flow has been very common across so I just wanted to walk through on how the boundary is created rest everything is now on the package coming to the package side you first get welcome with the overview screen again you would see Tiny details like record type is shown on the top your number what state is it because although you see this stepper component which tells you you are here but if if you were on some other screen you wouldn't know what step it is in so we've added that here you know the system owner you know what version are you working on is it rare four or rare five and what was the impact level of your package in the side panel you would also see the CIA values of it and different personal that are assigned to this package it also tells you if it was a privacy sensitive system and what is the boundary it came from so this are all the basic details that you would start seeing once you are in this view what I'm going to do for today is I'll create a net new package again with a new boundary so I'll say today's boundary for this example test description I'm going to keep it in under development and I'm going to save this okay how many um how many attachments can you have would would you have multiple data flow diagrams or boundary diagrams or would you just have one of those today today we just have one because what we see is uh when they have a boundary for the entire boundary they generally have a common one but for each boundary you could have separate one so they are Interlink in some way and hence the network diagram boundary diagram is all one out of the box but would be happy or interested to learn if there are some other use cases where they need multiple attachments we are happy to hear that yep wonderful if there's any more more questions please put them in the Q&A super so the moment I save my boundary I start seeing my overview and that gives me my boundary filter system elements so in this case I'm just going to add one system element without any filter I'll just pick up the same Windows server to be on a faster way and I'm going to select some other asset so what we've done is the previous one that we saw um the previous package that I've created as a provider package where you also have a common control where you're also providing certain things and in this we will be consuming certain controls as inheritance how the hybrid functionality works we would like to Showcase those so now that I have one system element I'm going to go to my package and I'll create a new package generally what you do is is if you have a bunch of systems which are going to go live into your production or into a network you have all of them in your system elements and then you create one package this way you avoid your control explosion and you just create one control per package rather than 15 controls of same type for 15 elements so that's how it helps I'm going to call this cam demo package you can have a acronym for for it if needed or you can skip it totally I can choose the revision four or five my boundary got autop populated I'm not going to select the mission business process in this case but I'll just assign a user for each of them so I have certain users with set roles again for each of them you can only select the roles where it is applicable so for isso it will only show me a filtered list of users who have that role so that they don't have to worry that they were named in the instance or in the record but they are not able to access it so we've done it that way again below going down icpta apia if there is any Privacy Information I'm just going to say no for all of them however if I would have said yes for any of them it would shoot a Pia and it will ask me whom it should go to but in this case for the sake of demo I'm just going to say no if I have any additional notes I could write them over here there's nothing for this case and I'm just going to save this now you notice the moment I save it it gives me overview but it's limited so because it's a fresh package it's still in prepare State I don't have any controls or any details about it so we are hiding everything until it moves into the relevant State going back to the details I can see everything is populated fine and all right right now I'm in prepare step I'm good to move to the next step which is categorize so today we going to go through all these seven steps and we'll see how the workspace experience works like so the moment I say categorize it needs a approval and I'm going to see request and approval I think I've already clicked that let me go ahead and reload this so now that my package is in categorize step I will have an option to add information types this is a new related list that got populated so I'm going to click add and it allows me to create or add different information types I can filter by different categories or I can simply select the ones which I feel are applicable in this case and say add now it comes prepopulated with CIA values again all of this is coming from nich so the library that you saw it comes from Nest but you can always go ahead and add more things to the library just for the context you can go to list and there this on the list here and that's where you would also find the information types library now that I've added information types I can go ahead and request approval before moving to the next step so out of box from categorize to select and from select to implement there is an approval in PR place so that is out of the box and again there'll be an approval in the final step step of authorize so right now for moving it to categorize I need to go ahead and approve it in real life scenario this would be your authorizing official in this case or it could be aodr was listed there so in this case I see approvals it was sent to two of them Alan and Ian Morgan they have both of them have the roles so anyone can go ahead and approve it I'm going ahead and saying approved for one of them the moment I say it approved by one it will automatically Mark the other as not required so if you see in approvals it says no longer required and one of them has approved this because this was approved within information types and with the information type what it also does is it creates an impact the impact was moderate so my Baseline controls got Auto pegged up any control which had impact as modate were pulled up automatically for you again all this content comes directly from n for revision five now that I have all my control objectives I can go ahead and say hey 286 objectives I understand but this particular objective is maybe not applicable for me I'll write my justification here and I'll say confirm so what happens is there's a new tab which comes up with say is not applicable I can say hey device lock is nice but I don't implement it I need to inherit it from another provider so there's already another common control provider in place and when I go ahead and click here it will by default give me all the providers in this case common provider package and device lock because that's the name of my control objective so I can see yes I want to go ahead and inherit from here had I had more providers I would see them in the list here I'm going to click confirm and it will move it to inherited controls let me just refresh it once more so you would see okay one of them got inherited you can also do a hybrid in the same scenario so let's say remote exess I'm going to say it's a hybrid control meaning I'm am not entirely inheriting but some of the requirements is what I want to inherit so I'll say only one requirement in this case which I want to inherit and it will be my hybrid control so the very first time it would need a refresh and you would see it in the list but any more classification that you do as inherit or hybrid it will continue populating here so now that I'm I have at least one of each types for this demo I think it's good enough I'm going to go ahead and also Mark some of the controls as common provider when I say Mark as common what happens is whenever this package is in monitor State these controls which I marked as common which you see it as true here will be available for other package to inherit so the inheritance Works in that way someone has to be a provider and then you can inherit it having said that I feel that's the selection the tailoring of all my controls which is done I'm going to request an approval that hey this is what I feel is right for my system before requesting that I just wanted to highlight we could have also selected and control overlay which I didn't do in this case but it's just a choose and select there's no enhancement to it it's the same as what it was in classic what it is in the new experience as well but you could select a policy and those controls gets added as your Baseline control now that I have requested approval let me go ahead and refresh this I see it's already here I'm going to go ahead and say approved for that one again in real life I would have logged in as alen Offerman I would have gone to my task and it would have shown up right there but just for the interest of time we are approving it right here and I'm going to reload this page with this what happens is based on my selection here my controls start generating so if you see it will keep on auto refreshing until all my controls are generated also it will show me the poems list if there are any poems and if there are any other changes I would see that so in this case what I'm going to do is I'll just refresh my package and while it generates them I'm going to show you the library so in library list is where I had my information type Library which I said is a out of box from n but you could always go ahead and add new to it you can even export it out in different formats further in the list view we have control objectives your requirements so all this libraries are on the left and side the control overlay you can even go and create a new overlay right from here and then use it for your packages your indicators poems engagements and similar to what you had in your classic menu is what comes here let's go back to our package and I think it should have done all of these control Generation by now it's still happening there we go I'll just give it a minute in the meantime are there any other questions that we have so far any comments I have not seen any but this is an amazing amount of of information you've really just just the the work that was done on the the workspace has has been really impressive the poems in particular so you're saying that if there's an issue ISO that's created will automatically get converted into a poem so no one has to do anything that is right if it's linked as a to a package it will be in a poem and then they can have a tracking task for it a milestone for it a acceptance task for it which are very specific in the next way how you have to manage it so the plan of actions and mil stones are right there for us we can even use the history over here to go through your package so I don't even have to go always to my package and search for what I was working on so history works as well I can directly go from here to my package and I see all right there we go most of my controls are created so I see there are 284 controls which includes my 283 self-implemented ones and one hybrid control so that's how it makes 284 so what we've also added is you have have controller location so in my controller location I see system specific or if I sort it the other way it will start with hybrid so 1 + 283 and that's all my controls here if I go into my hybrid control for example again I would see details about it what state it is in and I'll see it has two control requirements one was inherited while the other was self-implemented now here is one of the other enhancements we talked about about the related controls ac7 although this is the control which was freshly created I see there are 30 related controls to it and these are with the reference number and these are the control numbers again all these controls are within the same package and they are related how did this work through or how did this come up is if I go to my control objective which is remote access on my control objectives I I have related control objectives now if you see there are 33 of them but because the package only generated 30 controls out of it then those are the ones which shows up so if you have a control which is having a parent which are related then it will show up in your related control maybe if I would have selected a low control low package which would have all my controls then it would have generated all the 33 ones and this Redrum I really like it makes it easy to navigate through the system so that's going to be really helpful for many of them as well now that we are in the stage where you have your controls let's go back to your details and have a quick look what's happening there so now it tells me my system is an Implement step which means I'm ready to implement my controls and it also still gives me all the other details if I ever want to look at I can even collapse all of these sections and it gives me a smaller view so that whenever I need I can expand what I need and collapse it so again all this is good in the workspace experience that we have now that the controls are created I would actually go ahead and move each control through its life cycle so for example I would go into each of them and I see all right this control is for fire protection it has a frequency annual and I can go ahead and have have attestation for it by default it's a classic attestation which is there which would go to Susan orell or I could choose to go ahead and change it so again all of this is already taken care in this case you would notice there's no control requirements so in last release what we also did was if I had on a control which had requirements let's say for example ac2 so if I open ac2 which is account management widely used in this case if we come down to my attestations I see there are control requirements which are 12 if you have control requirements it allows you to do a testation at requirement level as well the moment I do it you would have observed it changed the attestation to CR attestation which is control requirement attestation and now if I go ahead and click on ATT test what this would do is okay I need to fill the implementation state and how the control was implemented so I'm just going to put in test for now and I'm going to click test so what this would do is instead of sending out one single attestation for the control it would rather send out individual attestations for each of these requirements again I could have opted that hey this should go to individual users by just double clicking on it and changing them and editing it right now I've already sent out the attestation and it went to s norval so if I go ahead and impersonate as Susan again and if I come to workspace what's going to happen is it will directly show me hey there are open task again not all 96 are from there but some of these would be from the attestation that we recently created so you can go ahead and filter by entity over here you could go head and filter by due date again entity is actually your boundary so today's boundary is what we had right now so if I go ahead and say show matching these are the ones that are there from that attestation so you see it's all about ac2 now I can go ahead and take my attestations from here individually and say take assessments or as Susan orbel I can also go to all and here I can see my my attestations I can go ahead and say hey all of this are for me I know how they work and I know which one I have to take right now so I could actually choose them for example and I can even group them and take the attestation so you don't have to individually take it if it's assigned to the same person they can even grop it I'm going to skip the attestation step for now and let's go back to our admin persona now here if I come back I am going back to my package I'll go to the package which was from my fire protection I can navigate from there to my package as well so cam demo package package is the one where we wear it now it's an Implement step I'm going to skip the control movement into each of them but while I'm here you would have seen that I see more things in my overview I start seeing my compliance summary I see all right there are 284 controls one was inherited one is not applicable it also gives me a split view of each of my family that in this family you had 36 system specific control and one was hybrid a total of 37 out of these family so this is a cool report which I feel because I've seen this done by customers as a customization or they do the reporting in Excel with the report by family so now this comes out of the box going further it also tells me the status of them currently it's empty because have not taken the attestation but otherwise it would split into compliant non- compliant then no poems for now and if I go to details it talks about the requirements what is the status of each requirement from here I could move it to assess before moving to assess I would like to Showcase that we have the new UI action for Generate SSP earlier in the classic what we had was you were able to generate only the generate reports which generated only SSP but now it allows you that as well as poem reports let's quickly see how generate SSP works so the moment I click on it it talks to me about hey if there's something existing it will be overridden because you can only have one system security plan per package so that's my sess P I'm going to say okay and this time it's going to generate the word file so had I been in the authorization State I would also see one more layer here which we'll see going further which would be authorization but for now it will attach it on my side panel and I can see it as an attachments let's download and see how it looks like there we go it's downloaded to opening up so it again comes in the exact same format that you had in PDF and you can actually edit more things if you need and you can update the things which are based on the reporting standards and it still functions well you can even add more details and then convert it to PDF and report it so just wanted to highlight the new word format output that we have started with this release let's move the package into the assess State now the moment I go ahead and move it to assess State what happens is it automatically creates an engagement and within the engagement it will also automatically create my control test my test plans and everything will start working up so right now it says 284 controls it will keep on refreshing my test plans 284 now it will start generating my control test again all of this is automated today you might have seen in compliance space where it takes time and I did see one of the questions in the chat that hey why is the refresh manual so yes it is automated in some case where we are able to or the other place we will be enhancing them as well so you have this experience where it keeps updating but while it updates you can even do other things and you can take a moment to see what else do we have so we have also migrated the dashboards which were there the three kinds of Dash dashboards so you had cam overview you have AO overview and SE overview again because I'm admin right now it shows me blank but let's quickly jump over to Susan Orwell now Susan Orwell being a system owner would not see all the three reports that were there meaning migration wise as well what we do is the dashboard which was visible to a specific Persona is what comes up so this case okay I can see there are boundaries if I had any poems it would pull up my Baseline controls where are they my authorization packages and all but if I try to drop down this I don't see any other dashboard ver as as edmin you could see all of them but if I log in as Allan who is an authorizing official he would see his own dashboard as well so these are the ones which were in classic which got migrated let's go back to our admin person please feel free to let me know your comments if you feel any feature is relatable to you if you feel this is the right direction we moving in something else that you were expecting that we should add to this we are happy to hear your thoughts coming back to my history let's go back to my package so again we are in the cam demo package and if we go into the engagement we should see we have all of the control tests which are generated now for each control test again when we go inside them you would see they would have assessment procedures so this is the other enhancement that assessment procedures you could go ahead and basically mark them effective or you could select multiple and mark them as effective or not effective or I could go ahead and say hey it's ineffective but why was it ineffective is something I can go ahead and type my notes here and add it if I feel that hey it also needs some more details I can actually go in here read through the actual details add more notes and also attach any file attachments that I need so again uh you can have one attachment for each assessment procedure in your control test and eventually these details will update your control Effectiveness meaning any of your Effectiveness is ineffective for your assessment procedure it will impact the overall effectiveness of your control test which will further when I go ahead and close this it will also go ahead and impact my control status which is related to it in this case it's the training records control I can click on this and I can see more details about that control coming back to my package now that we are in let's go back to over overview now we know we are in the asss state and we have an engagement over here we can see more details like you now see risk summary so for the system Elements which were part of this if you have any change request race for it that is what starts populating if there were any security incidents that would also populate here if there were any vulnerabilities so if you have our SEC Ops module and if you have vrm module installed so any vulnerabilities on the same elements we have better together that that would also populate let me take you quickly through one more package wherein we would be able to see more data about the same so I'm going to go to the package which is Ending 28 and here if we see you could see in this case I had some incidents I had some vulnerable items and one change request so for each system element how is it also performing in other areas is what is the data that we can bring it over here you can even see those change request as a related list you could see those incidents as well and if you want you can also configure your vulnerable items if needed so it depends on what modules you have installed and it works as a better together let's go back to our package cam demo and now what we going to do is just a second there we go and now what we going to do is we are going to move this package into the next step which is authorize step so in authorize again before we move into authorize it needs an approval and while we are there I I would also like to call out that what we talked about different sections it also populates in your details so risk summary although you see it outside you would also see the details here authorization is what comes here and your SSP is already attached to it so in this point I can even generate my system assessment report I can also generate my om report and in this case we would not have much data but I just wanted to Showcase how they look like so you can go ahead and download them and again these are in a specific format now we try to take format by talking to multiple customers and what they feel they put in generally and that's why it's out of box template but you can always go to your templates and you can change the template from your HTML temp type you can even go ahead and point it to another templates that you have so you don't have to touch the out of box ones so this is my s report and I would quickly like to also showcase how my poem report looks like this is very short if you had open poems it would be populated here your closed poems would be populated in this case there are no poems for this so it's just a blank report but that's how it comes as poem in future iterations we we are going to expand to more different options like ATO letter executive summary you will also have your system reports after testing so yeah system sap report is also going to come up let's look at the other interesting part which is our oscal so today it's just a one click if I click on export oscal it says the report is being processed and file will be exported it will be populated in our side view uh in the attachments so it would take a minute or two you could see it's generating certain things and it will have it updated in my attachments so we can see it's generated my SSP and here if I come and if I say download it is going to download a zip file for me let's have a look at how that looks like so MUSC SSP is what it generated I'm just going to bring it from my other screen so it generated my oscal SSP I exported the data extracted it out and it gives me different Json file in this case it is catalog overlay profile and Json profile Json and SSP this is validated by uh across the oscal validator meaning if you want to go and use any external validator to see hey is this really Oscar compliant or not you could go ahead and run this files across it and you would find it is validated so we've done good amount of testing that any reports generated and exported will be oscal compliant you can take them into any other system and it should work properly if you had some more attachments even they would get populated over here one thing I would like to call out is this does require a pro license so if you don't have a pro license this a functionality wouldn't actually directly zip it out but we are working on a new enhancement coming up in our next release in February where you will have zip functionality without additional license as well so if you have it well and good if you don't it's coming up immediately in the next release so don't worry about that with that I'm going to request approval and in the meantime have a quick look if there are any questions queries any other feedback I see a question go ahead I see a question about how to access recording and yeah I see you've already shared the link so yeah it would be in our YouTube community and a specific link is shared for this particular demo while the approval is getting in place I see there is one more requested for authorizing this where I would go ahead and approve it and this moves it into monitor state so this was my seven step cycle which happened for the entire package let's have a quick reload about it and see how it looks like so right now it's in monitor State I see a entire summary of my package I see my risk summary I also can go to details for it and we have a overview one thing missing is my 360 view let's see how that looks like here so in the 360 view again you can go to your boundary package inherited controls everywhere let's start with the package my Center piece is packaged right now and I have Baseline controls I can go ahead and filter data or click on it to go into any one of these controls and see more relationships or I can come back I can see what boundary it came from what control was inherited so if I say all right this control is inherited what are the different policies test template that applies which controls are inheriting it so I can see all right these are different controls which are inheriting it and again I see it came from which objective entity things like that so it allows you to keep on scrolling through and entirely you can have experience in a graphical user interface like this GUI that we have or you can click back into it and it takes you in the center and it takes you back to the form field that we have so what we've seen so far is different reports getting generated we saw the 360 view we spoke about the related controls the related control objective some enhancement to the engagement where we saw assessment procedures how it works and what else you can do poems we have enhanced so that you now don't only have poems which are controlled test failures but it includes a testation failures it includes manually created issues on the package on the engagement or any other issue which was created and linked to the package so that's the entirety of it we saw the dashboards are migrated now again they are visible based on the roles we also looked at the dedicated page for poems where you could do more tracking for each of them and you now have the task page in our future iteration what we plan to bring is today you are able to do an export of the poem but how do you actually import export of the oscal but how do you import oscal package that you have received so that is what we are working towards and that's coming up in our February release as well let's have a look at the document templates so the reports which got generated sap s and poem report which I showed you the word file if you feel that hey I need to make some changes to it so here are those reports you you can go into each of these and you would be able to make changes to it by editing the HTML so I'll just quickly show you that experience as well so basically the body of it is where we go ahead it will take a minute to update so basically the body part of it is where it allows you to go ahead and edit let me click on now edit I am in the right screen SC there we go it's loading up so here is where I can expand and this is how my poem Report was generated let's say I want to edit some more words I want to add my company logo you could do all these edits right here as well however I still understand for some it's a bit cumbersome that hey it's an HTML it's it's a bit different can we have it better so we also looking at enhancing it so the template itself is in word which makes it easy and we will be consuming it you might have seen the feature already out in our audit reports in last release uh with this we are also going ahead and consuming it for the upcoming release where your templates itself would be in word format so the output can be PDF or worth that you like one other thing I would like to call out is is uh in the next release how we are planning to go ahead and give the experience of uh the oscal export which is automatically it will go ahead and generate the oscal without the need of any further additional requirements so what we spoke about there is just give it a second to open up let's say you will have a UI action of this kind so again this is just a prototype work in progress which we are going to come up in the upcoming release where you say I want to generate my oscal SSP and it allows do you want to download it it will download and you have it directly in your browser so that's the new experience coming up without need of any additional license that you need to buy and you still get the zip output which is exactly same as what we saw previously so again here you would see catalog profile SSP and so just wanted to call that out from the Oscar perspective as to what we are doing too and that's more of it from the demo that we saw today I hope this is something will very useful for you all you start adopting more to it if there is anything else that you feel we are missing happy to hear it any questions queries anything else any comments I I do not see anything in the questions panel but my head is spinning because there is so much that you just showed us today um that was just incredible if you do have questions we've got a minute or two left here you know pop them in the the in the questions panel there we're happy to answer them but you you just reinvented cam I think basically with this release it was just crazy super and and I would love to I would also like to thank all of our customers they've been super interactive so far they've been reaching out to us and for for the information right if you have not interacted with us before and you would like to have some ideas we have a idea portal where you could post your idea or you could email us and we would be happy to hear out your use case how you are using it today what would be enhancement that you would want to see and we can prioritize it accordingly so yeah I'm still here if there are any more questions any thoughts any other things happy to and we got on the community if you wanted to reach out on the community with the question for the idea portal um we can absolutely answer it for you there there is a question about you know what is oscal the term oscal what does that stand for um if you have yeah so oscal so oscal is basically open security control assessment language it is something that Nest promotes you could just search for nest oscal and they have detailed uh pages about it and what they are trying to do is no matter what system you use do you use service now do you use something free out of box do you use other systems each system should be able to communicate in the same language sometimes you extract report in word sometimes in Excel and then you share maybe the other system is not consuming so oscill is a standard they are saying which is adjacent or an XML uh that can be the output but it's a Common Language a common structure where the data can be talked through in the machine readable format so yep fantastic and we're out of time unfortunately um if you do have other questions you can find the um the community post and we're happy to you know answer questions in there I will I I hope you join us um for more Community webinars you can also visit our risk page um I did put it in the chat but you can use the QR code here to scan to to look at our playlist and watch this recording share it with your C colleagues after the fact and then of course register for more webinars as I mentioned we have a whole series we're right in the middle of them for this month of our new functionality in um risk and compliance and all of our GRC products if you're interested in more events or activities that's going on we have a blog post that lists everything really for the whole year it is dynamic it is constantly being updated and changed I encourage you to put the bookmark this so that you're able to reference it going forward and make sure that you stay up on what's going on here and interact with us because as D says we love hearing from you all we love getting your feedback and we very much thank you for your time that you spent with us today and I want to thank DV for an amazing demo that um literally blew me away thank you thanks for the opportunity Teresa and yes if any of you want to get in touch please drop your email on the comments and we will reach out to you or drop an idea on our portal and