We’re constantly working to make compliance even easier. Check out a quick summary of our recent launches, or see full details at our Product Updates page.

AI Evidence Validation

We’ve launched a powerful new feature to help compliance teams catch evidence issues before audits begin. AI Evidence Validation uses advanced AI to analyze uploaded files and metadata in real time, checking whether the document is correct for the control being tested and whether the timestamp falls within the required testing window.

This proactive approach helps teams avoid common issues like submitting the wrong file, referencing outdated documentation, or uploading incomplete evidence, which often lead to audit delays or findings. With AI Evidence Validation, organizations can improve audit outcomes, reduce exceptions, and accelerate their path to compliance.

FedRAMP 20x

The Secureframe platform now supports the Fedramp 20x KSI framework out of the box. With the key security indicators for the Phase One pilot already mapped to pre-built controls and tests, you know exactly how to meet FedRAMP Low KSI requirements.

Secureframe is also proud to be working alongside Coalfire as part of the FedRAMP 20x pilot program. Developed to streamline compliance for cloud service providers, FedRAMP 20x aims to simplify the path to authorization while maintaining high security standards.

OneSchema device upload

With our new OneSchema-powered experience, admins can now upload device data using a smart template that provides instant validation feedback and highlights any issues in the file before submission. This new system not only improves usability but also includes significant backend performance enhancements, making uploads faster and more reliable.

Spring 2025 design release

Our Spring Design System Release focused on improving the form experience across the platform. We migrated all Checkbox and Radio components to our Castle component library, introduced a new form layout and updated design guidelines, and kicked off accessibility improvements with better focus states and keyboard navigation.

Email logs

Admins now have access to a centralized Email Log to view all outbound communications from Secureframe to users and vendors, including onboarding invites, task notifications, and role changes. This searchable, filterable log provides visibility into delivery status and open history for messages sent on or after March 17, 2025.

Access table updates

We’ve released the first of several User Access Review (UAR) updates with a completely revamped Access Table. Built with Castle components, the new table is easier to navigate, filter, and search. We also removed the "SSO" column and temporarily removed the "Privileged" column as we refine how customers define privileged access in a meaningful way.

GCC High integrations: Intune + Entra ID

Secureframe now supports both Intune and Entra ID in GCC High environments, expanding our integrations for customers operating in Microsoft’s government cloud. These updates are essential for organizations pursuing FedRAMP or CMMC 2.0 compliance, offering deeper visibility and automation across identity and device management in secure environments.

New integrations with Vercel + Supabase

We’ve added two powerful new integrations to support modern development teams: Vercel and Supabase. Secureframe now scans projects in both platforms as cloud resources and automatically surfaces evidence for relevant compliance tests.

CMMC 2.0 Level 3

We now support CMMC Level 3, the most advanced and rigorous level of the maturity model framework. Level 3 includes 24 additional requirements beyond Level 2 and is designed for organizations handling the most sensitive controlled information.

This rounds out our support for the full CMMC 2.0 framework, making Secureframe the most comprehensive solution for organizations across the defense industrial base.

GovRAMP Framework (formerly StateRAMP)

We’re proud to be the first platform to offer full support for GovRAMP, formerly known as StateRAMP. Secureframe now includes both GovRAMP Low and Moderate levels.

GovRAMP is built on the foundation of NIST 800-53, with significant overlap with both FedRAMP and TX-RAMP, making it a natural extension of the federal compliance frameworks many organizations are already familiar with. More than 28 states are currently participating in the GovRAMP program, and adoption continues to grow.

Azure Government integration

Secureframe now supports Azure Government Cloud connections, joining our existing support for AWS GovCloud. This integration allows you to sync resources from Azure Gov environments, helping meet strict CMMC 2.0 and FedRAMP requirements.

Microsoft GCC High Login

Customers in Microsoft 365 Government environments can now sign into Secureframe using Microsoft GCC High credentials. This update supports secure access and identity requirements for CMMC 2.0 and FedRAMP readiness.

Vendor Module: Updated table view

We’ve upgraded the Vendor Table to make it easier than ever to track vendor reviews. You can now view in-progress and upcoming reviews directly from the table, making it faster to stay on top of what’s next. Each review also displays the current assignee, so responsibilities are always clear. And for teams that prefer to tailor their workflow, the table still supports editing default columns and saving custom views for quick access to the information that matters most.

New Personnel Details editing experience

We’ve overhauled the Personnel Details editing experience for better usability and consistency across the platform.

• Clearer UI and improved guidance for managing user data
• Visibility into the source vendor for each data field, so you know when values are coming from integrations
• Ability to un-override the Status field if you want integrations to drive active/inactive status again
• You can now edit Job Title and Department, which were previously locked fields

New Audit Module

We’re excited to introduce the new Audit Module, built to make managing audits smoother than ever! With this release, you can:

• Create and track audits in a centralized space
• Store audit reports for future reference
• Auto-provision auditor access (no more manual permissioning!)
• View audit data in the APC (Auditor Partner Console) using our Castle component
• Auditor Super Admins can now unlink themselves from customer accounts post-audit

This update helps streamline the entire audit process for both customers and auditors.

Dashboard V2

We’ve refreshed the Secureframe Dashboard with an updated design and a new Action Items widget that shows expiring evidence, upcoming reviews, task due dates, and more.

Check out the new Dashboard

Zendesk integration

Our new Zendesk integration allows for bi-directional syncing, similar to our Jira integration. Use Zendesk as a task destination, with task updates flowing between systems. You can also sync Zendesk tickets to Secureframe for incident tracking, nonconformities, vulnerabilities, system changes, and user access, all mapped to your compliance tests.

Enhanced Help flyout

We’ve replaced the old help menu with a new, streamlined Help Flyout designed to get you the support you need faster. Quickly access Secureframe Academy, the Get Started page, and reach out to our support team directly from the flyout.

Need more help? The "Email us" button now links directly to our Customer Success team.

CMMC 2.0 Personnel Table

We’ve added two new columns to the Personnel Table to support CMMC compliance:

• Last Login: Easily identify inactive accounts
• Secureframe MFA: See at a glance who has MFA enabled

These updates help customers meet CMMC's Access Control and Account Management requirements.

Security Questionnaires: Doc and PDF imports

You can now import .doc and PDF files directly into the Security Questionnaires module, making it easier than ever to streamline the vendor review process.

MFA and password policy enhancements

To strengthen account security and meet compliance standards like CMMC, we’ve introduced new authentication and password policies:

• MFA (TOTP) is now required for all Super Admins, Admins, and Auditors
• MFA is enforced for direct login and magic link authentication
• Passwords now expire every 12 months and cannot be reused for four cycles

TISAX framework update

We’ve updated our TISAX framework and Statement of Applicability (SOA) export to better align with the latest TISAX assessment requirements.

Policy table enhancements

Two new columns have been added to the Policy Table:

• Acceptance Rate: Track policy acknowledgment across your org
• Mapped Frameworks: See how each policy ties back to your frameworks

Looking for 2024 Updates?

Check out our full archive of 2024 product updates here:
👉 2024 Product Updates – Secureframe