- HIPAA Security Awareness Training for PHI is now available at no additional cost to HIPAA customers. Vanta admins can enable HIPAA SAT in the Onboarding Settings. Vanta now automatically tracks and records the completion of HIPAA SAT by employees, in additional to general SAT.
The following Tests have been rolled out to further automate your security and compliance:
- Check that HIPAA security awareness training is enabled
- Document HIPAA security awareness training completion
- Check that MFA is enabled for Microsoft 365 IDP
- Check that AWS S3 buckets are closed to public ports
- Check that NoSQL databases are encrypted
- Check that NoSQL databases have backups
The following Integration has been introduced to validate that your organization is using a task tracking system for software development:
- Raw data exports now include SLA requirements for security, vulnerability, and onboarding tests
- Drag and drop now available when uploading policy documents
- Vanta Standard reports can now be searched by keyword or status for improved usability
- The Tasks Page is now the Tests Dashboard. We’ve revamped this highly used page to make it even more informative and actionable. Learn more.
- Vanta offers free Security Awareness Training developed in partnership with Living Security. Vanta’s SAT is now housed within the Vanta onboarding client.
The following Tests have been rolled out to further automate security and compliance:
- Check for MFA enabled for Bitbucket, Clubhouse, Github, Heroku, and Slack
- Check for screen lock enabled for Windows Agent and Intune
- Check that AWS EC2 Instances, GCP Compute Instances, and DigitalOcean Droplets are closed to public ports
The following Integrations have been rolled out to make onboarding and offboarding employees easier:
- ADP Workforce Now
- Paychex Flex
Plus, a historical record of onboarding checklists for offboarded employees is now accessible within Vanta.
- The Documents Tab now supports restricted evidence so that only admins and auditors may upload or download these sensitive documents. This restriction is automatically placed on uploaded background checks, employee exit interviews, org charts, and board notes.
- Documents tab to help customers manage manual evidence. Learn more in our help article.
- Standards reports to track progress and status for certifications
- ISO 27001 - now available to all customers
- HIPAA - now available to all customers
- Kandji MDM. Activate on the connections page
- Digital Ocean cloud integration. Activate on the connections page and learn more in our help article
- Launched 40 new tests to automate additional security and compliance workflows
- Improved employee off-boarding tests to ensure accounts are properly de-provisioned
- Added tests to ensure MFA is enabled for services monitored by Vanta
- Added tests to ensure that a code review is required before committing to the main branch
- Enhanced test functionality and instructions for over 100 tests
- HRIS integrations with BambooHR, Gusto, Justworks, Paycor, Paylocity, Quickbooks Payroll, Rippling, Run Powered by ADP, Square Payroll, Trinet, Zenefits. Connect your HRIS integration to power Vanta's onboarding, offboarding. Learn more from our blog.
- Improved account linking logic to automatically connect more user accounts on the Access page
- Added new tests to automate more evidence collection
- Added CSV exports to the Computers and People pages
- Policy templates are available as Google docs
- Updated UI/UX for the Computers and Policy pages
Vanta Agent 1.8.5
- Released universal binaries on MacOS, adding official support for new M1 macs with Apple Silicon
- Automatically detect invalid GCP cloud provider IDs to improve agent reliability
- Azure Devops Boards
- Azure Government
- Datadog EU
- Vetty background check
- Improved Slack integration account linking. Re-connect your Slack integration receive the update
- Snyk vulnerability scanning
- Azure DevOps Repos
- ISO 27001 (Beta)
- HIPAA (Beta)
- Refreshed the people page with an updated interface
- Added search to the vulnerabilities tab
- Added search to inventory tab
- Employee laptop descriptions are now updated automatically
- Vanta users can remove and update security awareness training evidence from employee records
- Jamf device management
- MongoDB Atlas
- GitLab task tracker
- Azure container scanning
- PDF exports for Vanta reports
- Improved search experience for tasks
- Container scanning for Google Cloud Platform and Amazon Web Services
- Improvements to the policy creation flow and templates
- Updated risk assessment flows
- Bug fixes and general enhancements
- New personnel onboarding flow
- Revamped People page (formerly called Personnel)
- HIPAA support beta pack
- Azure infrastructure monitoring
- Update to Company Information fields to accept wider range of upload types
- Small update to Inventory page to sort resources by age
- Computer SSH key access now visible for each user on Access page
- New Risk Register format and questions!
- Updates to app infrastructure to improve speed and data loading times on Inventory and Vulnerability pages.
- Vanta-agent version 1.5.9 released with hotfixes for MacOS toolbar icon display.
- Vulnerabilities server view will now auto-sort machines to streamline remediation workflows.
- New management tools on package view of Vulnerabilities page to control scope of remediation tasks
- Updated tools on Connections page
- New offboarding checklist to help manage offboarding workflows directly from the Personnel page!
- New access management reports for each connected service now available on Access page!
- New audit scheduling tools available on Audit Schedule homepage to streamline audit planning
- New auditor user access management tools now available on Users page
- Okta SSO provider support now available on the Connections page
- New Vanta agent v1.5.0 released. Includes updates and new commands in vanta cli toolbox, latest updates to osquery, bug and security fixes
- New feature to refresh data on demand on the Tasks page
- New tools to manage (deleted, disconnect) services as needed on the Connections page
- O365 SSO provider support now available on the Connections page
- Linear task tracker support now available on the Connections page
- Clubhouse task tracker support now available on the Connections page
- Launched new Procedures section for management of control behavior in accordance with company policies
- Added malware email alerts for all machines running Vanta agent
- New Vanta agent v1.4.1 released including osquery updates and security upgrades
- Added support for policy deletion on Policies page
Features and improvements
- O365 beta enrollment is now open! Please reach out to our audit-ops team (email@example.com) to learn more about what this integration can support and sign up for the program.
- Checkr background checks integration is now live on the Connections page!
- Certn background checks integration is now live on the Connections page!
- Added ability for admins to link background checks to personnel on the Personnel table.
- Our new navigation style is now live for all customers! In this change we:
- Simplified our navigation by grouping pages with a similar purpose
- Increase space for page content by moving primary nav to the header bar
- Added support for customer-defined policy types on the Policies table
- Added support for custom security awareness training links for use during personnel onboarding on the Roles and onboarding page
- Vanta agent update, v 1.4.0, now available while includes new cli commands, bug fixes and process improvements.
- Updated Vanta agent information across the app including troubleshooting information on Computers and Vulnerability install pages!
- Added Vanta agent support for Windows Defender
- Added ability to modify email settings from the user Notifications page.
- Added labels support for GCP resources to automate inventory management and updates on the Inventory list
- Added ability to reassign personal laptops from the Inventory list
- Added view of background check status for admin users on Personnel table
- Added ability to view and modify resources that have been marked as out of scope ("whitelisted") through the Tasks table
- Added AWS account id to all AWS resources on the Inventory page in support for customers with multiple linked AWS accounts.
- Updated designs on the Vendors page to remove use of alert icons
- Added support for Dashlane AV on Firefox
- Added support for Avast Antivirus
- Fixed an issue with the several tests to prevent test flips and false positives
- Fixed an issue where all fields were required for business information before saving the form
- Fixed an issue with tables to sort by last name instead of first
- Fixed an issue with copy on the Computers page
- Fixed an issue with session to prevent users being logged out after 1 day
- Fixed an issue that prevented mobile users from viewing policies
- Removed a subset of database location checks due to overlapping logic with remaining test set (reach out to firstname.lastname@example.org for more information).
Features and improvements
- **Gitlab integration is now live** for cloud-hosted environments! ****
- Okta integration beta is now open for enrollment! Please reach out to our audit-ops team (email@example.com) to learn more and join the beta program.
- Added support for tagging of GCP resources to better support automation of inventory management workflows.
- Admin level email preferences!
- Added ability to download policy templates in .md or .docx format.
- Added in-product information around Vanta agent as AV solution.
- Added warning to last ping time on Computers table when last ping is older than two weeks.
- Added last update by and at timestamp on risk scenarios in the risk report.
- Updated the inventory page to show count of items in each inventory group.
- Updated task tracker integrations to be case insensitive
- Updated language to be clearer on Heroku only tasks
- Fixed an issue where suggested vulnerability remediation commands were not appearing on the vulnerability page for some customers
- Fixed an issue where access users could not assign computers to owners on the Inventory page
- Fixed an issue with email notifications being sent too frequently in a short space of time
- Fixed an issue with duplication of apps in list of installed apps on mac resources
- Various copy fixes and updates
Features and improvements
- Bitbucket is now available for all customers on the Connections page! 🎉 We encourage all customers using this service as their version control tool to connect their accounts to initiate monitoring for deployment best practices and change management evidence collection for audit.
- Updated the binary for all macOS users to our latest version (v0.2.0)! This app version includes:
- A new debugging tool called vanta-cli doctor.
- A new version of osqueryd.
- More robust toolbar app that shows a red notification when the agent is not registered.
- Various bugfixes.
- Updated design on the Vanta Reports page to simplify navigation.
- Updated design of pen test report upload flow and added a new history view table
- Added ability to reassign the Vanta agent between laptops on the Inventory list.
- Added ability to rotate Vanta agent key from Inventory install page.
- Deprecated the laptop admins feature (as of 12pm, Jan 8th):
- Removed as part of our work to make Vanta Agent installation easier and more robust, both for administrators using MDM solutions and for employees installing the agent on their own.
- For the time being, existing Laptop Admins can continue to install the Vanta agent on laptops as they have in the past.
- It is no longer possible to create new Laptop Admins, so we recommend updating your Vanta Agent installation workflows.
- Policy packet update to download policies in alphabetical order.
- Added ability to sort on the Computers table for last ping time and OS
- Added ability to store historical pen test results
- Added additional metadata for Linux machines on the Inventory list for easier identification
- Added support for distinct SLAs based on security task severity
- Added onboarding grace period for version control system accounts (e.g. GitHub)
- Copy updates in remediation instructions for infrastructure root account use
- Fix display of long hostnames in our Computers table
- Fix login redirect path on 403 error
- Copy correction for agent installation instructions
- Fixed changes log to show only merges to master or default branch
- Removed immediate SLA option for critical vulnerability resolution
- Fixed pen test upload dialog to include date selection
- Removed tabbed layout on the Reports page
- Copy update for agent install reminder email
- Fixed issue with guest accounts showing for Asana workspaces
- Fixed redirect for contractors with admin privileges to dashboard instead of onboarding flow
- Fixed email notifications for background checks so that customers running their own will be alerted for missing reports during audit period