Back to Blog
Product UpdatesMarch 24, 2026

March 2026 Update: Rebuilt Workflows, Audit Manager, and a Smarter Ava

RiskForce's March 2026 update transforms federal cybersecurity compliance with rebuilt workflows, a new Audit Manager, and an AI-powered Ava, streamlining RMF and incident response.

On This Page

March 2026 Update: Rebuilt Workflows, Audit Manager, and a Smarter Ava

This month, RiskForce delivers one of our most significant updates yet, fundamentally transforming how you navigate federal cybersecurity compliance. We've completely reimagined our core workflows, introduced a dedicated Audit Manager, expanded our analytical tools, and supercharged Ava with advanced AI capabilities.

Here's a detailed look at what's new:

Rebuilt Workflow Engine: A Seamless RMF Journey

Experience a dramatically improved user experience with our completely rebuilt workflow engine. Every guided workflow in RiskForce now offers smoother transitions, clear progress indicators, and enhanced navigation. If you've used our onboarding or control implementation workflows before, you'll immediately notice the difference:

  • Smoother step-to-step transitions: Navigate through complex processes with ease.
  • Persistent sidebar: Always know exactly where you are in the process.
  • Backward navigation: Effortlessly revisit previous steps.
  • Proper completion tracking: Monitor your progress with precision.

The full RMF lifecycle is now covered end-to-end with these intuitive, guided workflows:

  • Categorize System: Walk through FIPS 199 categorization with guided inputs.
  • Select Controls: Choose and tailor your control baseline effectively.
  • Implement Controls: Document implementation with robust skip and back-navigation support.
  • Assess Controls: Record assessment findings against objectives with clarity.
  • Authorize System: Compile your authorization package seamlessly.
  • Monitor Controls: Set up continuous monitoring activities with confidence.

New Incident Response Workflows

Beyond the RMF lifecycle, we've introduced two critical incident response workflows:

  • Data Spillage: A guided process for reporting classified information spills, featuring branching paths for email, file transfer, and public publication scenarios.
  • Asset Theft/Loss: A comprehensive guide for reporting lost or stolen assets, including data classification and custodian tracking.

Audit Manager: Streamlining Security Assessments

Coordinating security assessments can be complex. Our new Audit Manager centralizes all moving pieces—schedules, teams, daily plans, and deliverables—into one cohesive platform.

Key capabilities include:

  • Role-gated interface: Auditors and system owners see views most relevant to their roles.
  • Assessment plan view: Organized by day, ensuring your team knows exactly what's happening and when.
  • Outbrief report generator: Produce assessment summaries efficiently.
  • RMF step progress tracking: Tied directly to actual workflow completion for real-time insights.
  • Schedule management: Comprehensive scheduling for prep periods, assessment days, and wrap-up.
  • Task integration: Audit tasks flow seamlessly into your existing task system with calendar scheduling.

Say goodbye to managing assessments with spreadsheets and endless email chains—this is a significant upgrade.

Calculators Suite: Expanded Risk and Cost Analysis

Our former Cost Estimator has evolved into the comprehensive Calculators suite, now featuring 11 specialized tools. Each calculator utilizes the same intuitive, stepped-workflow interface for consistency:

  • Audit Estimate
  • Compliance Gap
  • Cyber Insurance
  • Data Breach
  • Downtime Impact
  • FAIR Risk
  • Incident Response
  • Recovery Cost
  • Remediation ROI
  • Security ROI
  • Vulnerability Exposure

All calculators support saving, loading, and import/export, allowing you to revisit calculations over time or share them across your team.

Ava Gets New Tools: A Smarter Compliance Partner

Ava continues to grow as an indispensable compliance partner. This month, she's gained several powerful new abilities:

  • Native diagram building: Ask Ava to create network diagrams, data flow diagrams, and other visuals directly within the chat interface.
  • Full task management: Bulk create, pin, and complete tasks through natural conversation.
  • Ports and protocols lookups: Quick reference for service-to-port mappings without leaving the application.
  • Org policy search: Ava can now query your uploaded organizational policies directly for instant insights.
  • "Send to Ava" staging: Select content from anywhere in the app and stage it as context for your next Ava conversation.

Chat history is now persistently saved across sessions, and Ava's context includes timestamp awareness for more accurate and time-sensitive responses.

AI Chatroom Mode

For teams seeking diverse perspectives, Ava now supports a chatroom mode where multiple AI models participate in a round-robin conversation. This is invaluable for comparing how different models approach complex compliance questions or policy interpretations.

Org Policy Management: Centralized Control

The Controls Manager now includes a dedicated Org Policy section. Upload and manage your organizational policy documents in one central location. Search across all policies, view document details, and browse associated policy rules—all seamlessly integrated. This also directly feeds into Ava's enhanced policy search capability.

Org Analytics Dashboard: Executive-Level Insights

A new Org Analytics tab on the dashboard provides 12 widgets covering organization-level metrics. Administrators gain a consolidated view of compliance posture across all systems, making it easier to identify gaps and track progress at the organizational level.

Asset Relationship Diagrams: Visualizing Dependencies

The Asset Manager now features a powerful relationship visualization page. Your assets are displayed in an interactive tree/accordion diagram with smart connector routing, a command bar for navigation, node management, and a detail sidebar for quick inspection. This makes understanding dependencies and connections between your system components clearer than ever before.

Additional Updates

  • CSV exports are now available for tool export pages across the platform.
  • Control Explorer now supports the CMMC framework alongside existing frameworks.
  • Chat minimap provides a lightweight preview of long conversations with drag-to-scroll sync.
  • Pinned task completion now plays a confirmation animation for a more engaging experience.
  • Evidence descriptions can now be added to automation profile cards.
  • Collapsible sidebar navigation provides more screen real estate.
  • Task calendar view features color-coded tasks, start date support, and task editing via modal.
  • MCP plugin install instructions replace the old API key flow on the Claude Code integration card.

Bug Fixes

  • Fixed DOMPurify stripping control tags and onclick handlers from narrative HTML content.
  • Resolved Control Matrix jump-to-control failing when assessment period formats varied.
  • Fixed duplicate API call in the artifact manager.
  • Corrected Auth0 token exchange failures on staging caused by CSP restrictions.
  • Fixed blank diagram state after resetting the diagram generator.
  • Resolved dark mode rendering issues across workflow primitives, badges, and diagram connectors.
Tags:product-updatermfworkflow-automationaudit-managementainist-800-53

Try RiskForce Free

Automate RMF, FedRAMP, and CMMC compliance from day one.

Start Free Trial Book a Demo

Follow Us

Related Articles

RiskForce March 2026 Update: Workflows, Audit Manager, & Smarter Ava | RiskForce Orchestrator | RiskForce Orchestrator