Back to Blog
Product UpdatesFebruary 24, 2026

February 2026 Update: Enhanced Integrations, Smarter AI, and Streamlined Workflows

RiskForce Orchestrator's February 2026 update introduces enhanced Jira integrations, native OSCAL import capabilities, and a more intelligent, action-oriented AI assistant named Ava.

February 2026 Update: Enhanced Integrations, Smarter AI, and Streamlined Workflows
On This Page

We're excited to share the latest improvements to RiskForce Orchestrator. This update focuses on connecting your compliance workflows with the tools you already use, expanding Ava's capabilities, and adding quality-of-life features that make your daily work more efficient.

Jira Integration Across the Platform

Managing compliance shouldn't happen in a silo. We've added Jira integration across multiple RFO tools, making it easy to push compliance work into your team's existing project management workflows:

  • Controls Manager: Create Jira issues from selected Rev 5 or CMMC controls -- choose between a single summary issue, one issue per control, or one issue per objective for granular tracking
  • STIG Manager: Share STIG checklist findings to Jira with status filtering, so you can push only open findings or specific severity levels to your remediation board
  • Project Planner: Export notes as Jira issues with priority and due date mapping, or pull existing Jira issues into your planner as sticky notes for unified visibility

Each integration supports bulk operations and automatically maps RFO metadata -- control families, severity levels, priority quadrants -- into Jira labels and fields.

Native OSCAL Import

RFO now supports importing OSCAL (Open Security Controls Assessment Language) documents directly into the Controls Manager. Upload JSON or YAML files up to 20MB, and RFO automatically detects the document type and processes it accordingly:

  • System Security Plans (SSP): Creates assets from components and appends control narratives -- existing data is preserved, and implementation status is only upgraded, never downgraded
  • Component Definitions: Creates assets per component with narratives tagged by component name
  • Plans of Action & Milestones (POA&M): Creates new POA&M entries and milestones from your imported data
  • Assessment Results (SAR): Sets objective validation status from findings and optionally creates POA&Ms from risk findings

Import history is tracked with timestamps and user attribution, and duplicate detection prevents accidental re-imports.

Ava Gets Smarter and More Capable

Your AI compliance assistant has received a major upgrade. Ava has moved from a read-only advisor to an action-capable assistant that can now write directly to over 10 RFO services on your behalf:

  • Create and update assets, controls, POA&Ms, tasks, and approved products
  • Link evidence to controls and objectives
  • Update implementation status, narratives, and assessment notes across Rev 5 and CMMC frameworks
  • Manage diagrams and documents, including generating AI-powered network diagrams

Every write operation requires your explicit confirmation before executing, so you stay in full control. Ava asks, you approve, and the change is made -- no surprises.

We've also added clear documentation about our Zero Data Retention (ZDR) policy for AI interactions, ensuring your sensitive compliance data stays private.

Claude Code Compliance Plugin

For organizations using AI-assisted development, we've introduced integration with Claude Code through our compliance plugin. Install the compliance plugin in your project, generate a per-system API key from the RFO Integrations settings, and run an assessment against your codebase:


  # 1. Add RiskForce marketplace source
  /plugin marketplace add riskforce/rf-o-compliance-plugin

  # 2. Install the plugin from that marketplace
  /plugin install rf-o-compliance@riskforce
  • The plugin evaluates your code against NIST 800-53 technical controls and submits findings directly to your system in RFO
  • Uses Auth0 to authenticate your session.
  • Integrates into CI/CD pipelines for continuous compliance validation

We plan to expand support to additional AI code agents in the future.

Better Note Management and Navigation

Small improvements make a big difference in daily workflows:

  • Archive Notes: Put away notes you're not actively working on without deleting them. Archived notes are stored separately with a dedicated archive view where you can search and restore them at any time
  • Keyboard Shortcuts: ESC to close expanded notes, Delete key to remove notes in Kanban view, and click-to-select for faster navigation
  • Dark Mode Improvements: Better visual consistency across the Project Planner

Additional Updates

  • Redesigned Integrations settings page with a cleaner sidebar and drawer layout
  • Added GitHub Workflow integration for CI/CD dependency scanning
  • Improved STIG upgrade experience with progress indicators and summary panels
  • Enhanced Personnel Manager with role editing, system chart views, and scoped permissions
Tags:product-updateintegrationsaioscalsjiraworkflow-automation

Try RiskForce Free

Automate RMF, FedRAMP, and CMMC compliance from day one.

Start Free Trial Book a Demo

Follow Us

Related Articles