Release Notes

v5.3 Release Notes

9/30/2025

Coming soon...

 

v5.2 Release Notes

1/31/2025

Updates made in Totem™ version 5.2 include:

  • Removed the save buttons from auto-save free-form fields to allow more space for typing
  • Added a column display selector to allow the user to select which Organization Action columns to display or hide, freeing up space to make the Implementation Details field larger:
    r/TotemKnowledgeBase - Totem™ Cybersecurity Compliance Management (CCM) tool 5.2 release notes
  • Added an orange border around free-form fields that have unsaved changes
  • Reduced the volume of email notifications by ensuring notifications are not sent every time a free-form field auto-saves
  • Added hover-over tool-tips to the numbers in the Control Status left-hand menu module
    r/TotemKnowledgeBase - Totem™ Cybersecurity Compliance Management (CCM) tool 5.2 release notes
  • Other bug fixes
  • Other security fixes

 

v5.1 Release Notes

9/30/2024

Updates made in version 5.1 include the following:

  • Features and clean-up related items in version 5.1 include:
  • We've added new control sets for the NIST 800-171 rev 3 standard, and the DHHS 405(d) volume II HIPAA controls for small businesses.
  • All free form text fields now have Autosave by default!
  • We've changed the Control Status wording from "Compliant" / "Noncompliant" to "Met" / "Not met" to aligned with CMMC wording.
  • Assigning Assessment Objectives (what we call Organizational Actions) to individuals. Now, Corrective Action Plans (CAP) in the POA&M page can be made "Recurring" and set to expire. A week from expiration the assigned Responsible Entity will receive a notice of expiration. When the CAP expires, the CAP will go from Complete to Ongoing state, and the Objectives/Actions' status will change from Met to Not Met. Using this new mechanism, the organization may essentially assign the individual or role that is marked as the Rsponsible Entity for that CAP with the responsibility for maintaing these Objectives/Actions.
  • Users are now warned when a CAP estimated completion date is further out than 180 days, aligning with CMMC framework restrictions.
  • The Control Status Comments field can now be displayed or not for users by assigning roles the "control-comments-read" permission. If an organization doesn't want a particular subset of its users to read the Control Comments, it can disable them from reading.
  • Risk Assessments module can now be exported to spreadsheet.
  • Tool Administrators can configure a "Message of the Day" to be displayed to users at login.
  • Tool Administrators can bulk update or delete users.
  • Tool Administrators can "lock" an Organization to a desired compliance standard, e.g. CMMC Level 2. This will be helpful for MSP partners to regulate which standards their clients can view in the tool.
  • Several security vulnerabilities have been remediated, including findings from the latest penetration test.
  • Various bug fixes

 

v5.0 Release Notes

12/31/2023

Updates made in version 5.0 include the following:

 
  • A new "Roadmap" module! Track your CMMC completion using strategic milestones.
Generate an IRP in Totem 5.0
  • A new Incident Response Plan module! Build your Incident Response Plan, identify recovery metrics, and record incident tabletop exercises.

Generate an IRP in Totem 5.0

  • Dashboard now shows date of last score update
  • All NIST 800-171 controls show their point value
  • An improved Hardware Inventory interface, which now includes additional inventory data columns
  • Corrective Action Plans can now be created without any Assessment Objectives (Organization Actions) associated with them
  • CUI and Hardware Inventory now exportable
  • POA&M Gantt Chart visual improvements
  • Email notifications disabled by default; users can enable in My Profile
  • Users can now reseed their MFA through My Profile
  • Risk Assessment Asset Type description now permits some special characters
  • Other security improvements
  • Other bug fixes

 

v4.5 Release Notes

8/31/2022

Updates made in version 4.5 include the following:

  • CMMC controls now fully aligned with NIST 800-171
  • A new filtering tool introduced to help filter by control
  • Added a Shared Responsibilities field
  • Global search feature now much easier to use
  • All supplemental guidance elements updated
  • All CMMC v1.0 .997, .998 and .999 controls removed
  • A new Start Date field has been added to the Corrective Action Plan (CAP) page, allowing you to specify when CAP steps begin in addition to their estimated completion date
  • Users now also have the ability to view a graphical depiction of their CAPs in the form of a Gantt Chart
  • Users can now delete CAPs
  • Responsible Entity field now preserved and can be selected across multiple CAP steps
  • Inventory module includes a Hardware Assets feature, allowing users to maintain their hardware inventory 
  • Audit log times now interpreted correctly
  • Updated Resources interface along with new tools and templates added
  • Security fixes
  • Bug fixes

 

v4.0 Release Notes

9/31/2021

Updates made in version 4.0 include the following:

  • POA&M includes pre-populated corrective action templates
  • Corrective actions are now split into individual rows
  • Estimated Completion Dates can be assigned for Corrective Actions
  • Corrective Actions can be assigned to different entities
  • Control Status left-hand menu indicates incomplete controls for all families
  • Control Status left-hand menu indicates non-compliant controls for all families
  • Implementation Details can be recorded in field or pop-out modal
  • Comments button now indicates if a comment has been left or not
  • Search filters can now be saved and managed
  • New .999, .998 & .997 CMMC controls now included
  • New Inventory tab where you can manage CUI inventory
  • New Audit Log feature where Owners can manage all user activity
  • Cleaner Risk Assessment interface
  • Other bug fixes