New in Vanta | December 2024

This past month, the Vanta team launched new features to help you: 

‍

• Reduce time to remediation with developer-first workflows
• Create and manage controls with new custom fields to best reflect your security posture
• Automate the vendor evidence gathering process to keep your security reviews on track
• Deflect inbound security reviews with AI-powered chat on your Trust Center
• Pursue and scale additional frameworks like TISAX and CMMC
• Integrate and automate with even more third-party systems, like HITRUST MyCSF

Reduce time to remediation with developer-first workflows 

Remediating compliance gaps quickly requires seamless collaboration with your cross-functional developer team—but with various different teams and tools involved—it can often take longer than expected.

‍

To help speed up remediation, Vanta AI can now generate personalized Terraform code snippets to help you make necessary changes to failing tests. With it, you can streamline the remediation of 175+ cloud tests across AWS, Azure, GCP, and more, with alerts about what needs to be remediated and the code snippets to do it. 

‍

You can also now automate Jira ticket creation for any tests that fail, ensuring your stakeholders and development teams are alerted the moment an issue arises and can track remediation progress in real time. 

‍

‍

AI-generated Terraform remediation instructions are generally available and automated Jira ticket creation is available in preveiw.

‍

‍

Create and manage controls with new custom fields 

Mature GRC programs often have unique needs when creating or maintaining controls. You can now add custom fields to your controls in Vanta, giving you the flexibility to manage controls in a way that best reflects your company’s security posture. 

‍

Custom fields can be created in a new settings page in the compliance hub, and they will display in the controls table. You have the option to create fields that are free text, pick list, numbers, or dates. You can choose whether custom fields are visible to your auditor. 

‍

‍

Custom fields for controls is currently in preview. 

‍

‍

Automate the vendor evidence gathering process

Our vendor risk management solution moves you from tedious, point-in-time vendor reviews to a collaborative, automated process that leverages AI to get reviews done faster than ever. Vanta streamlines the evidence gathering process by automatically emailing the vendor’s point of contact 30 days before the due date—saving time and preventing last-minute delays on your security reviews. You can track the email’s status and update the recipient directly from the table. If you need flexibility, you can opt out of automated emails for specific vendors or disable automation entirely for your account. The feature is currently in preview and will be available for all accounts before end of year.

‍

‍

To learn how to get started, check out this article.

‍

‍

Deflect inbound security reviews with AI-powered chat on your Trust Center

Our AI-powered chatbot for Trust Center is now generally available. With Vanta’s chatbot, you can deflect inbound questions with information from your Trust Center, giving stakeholders the documentation they’re looking for and the answers they need. 

‍

You also get insights into the security questions that your customers and prospects have about your controls, creating a continuous feedback loop to proactively improve your program.

‍

AI-powered chatbots for Trust Center are generally available, learn how to activate it today. 

‍

‍

Pursue and scale additional frameworks like TISAX and CMMC

Vanta now supports two new frameworks that are generally available globally:

‍

The TISAX (Trusted Information Security Assessment Exchange) framework is a European standard developed to ensure information security, particularly for automotive companies and their supply chains. It provides a structured assessment process to evaluate and exchange information security levels between business partners, fostering trust and compliance with industry standards.

‍

The Cybersecurity Maturity Model Certification (CMMC) is a framework established by the U.S. Department of Defense to ensure cybersecurity across the Defense Industrial Base (DIB). It outlines a tiered system of practices and processes that contractors must meet to protect sensitive federal information, such as Controlled Unclassified Information (CUI), from cyber threats.

‍

You can find a full list of the 35+ frameworks that Vanta supports here.

‍

‍

Integrate and automate with even more third-party systems, like HITRUST MyCSF

Vanta continues to expand the number of third-party systems it can integrate and automate with.

‍

Vanta is pleased to announce a new integration with HITRUST MyCSF that will drive increased efficiency, improved accuracy, and a faster overall certification timeframe for HITRUST e1, i1 and r2. With this two-way integration, you can sync controls and evidence seamlessly between the two platforms. This includes real-time updates, automatic mapping, and streamlined workflows 

‍

We’ve also launched new integrations with Ethena and Capablanca. Ethena supports employee security through continuous monitoring of user access data and security training status. Capablanca supports employee security via continuous monitoring of user access data and security training status, and brings vulnerabilities identified by Capablanca into Vanta.

‍

Explore all our integrations or tell us about any others you’d like to see.

‍

‍

Try it for yourself!

Log in to your Vanta account to try out these new features today. If you’re not a Vanta customer and want to learn more, request a demo.

As always, we welcome your feedback. Let us know what you think by reaching out to your Customer Success Manager and stay in the loop on Vanta news on LinkedIn.