Features [Backend] Create psql user for backups on db create and app init (SEC-3746) [Backend] Define and implement activity logging for user (SEC-3722) [Backend] Define and implement scenario for centralized backup of Securea tenants (SEC-3723) [Frontend] Define and implement UI for user activity logging (SEC-3740) [Frontend] Define and implement user interface backup of Securea tenants (SEC-3727) [Frontend] Refactor FE to match new Content Security Policy Directive (SEC-3745) Improvements [Backend] 2FA recovery code shall temporarily disable 2FA (SEC-3657) [Backend] Analyze reasons for 63 idle transactions on production environment (SEC-3708) [Backend] Encrypt TOTP secrets at rest instead of storing them in plaintext (SEC-3674) [Backend] Lowercase username and email address (SEC-3673) [Backend] Rework 2FA to refresh secret and recovery code on each display of 2FA enablement screen (SEC-3686) [Frontend] Re-login screen shall be changed to a notification about automated logout due to inactivity (SEC-3701) [Frontend] Rework modal for using recovery code on login (SEC-3684) Bugfixes Asset Value/Value Severity inconsistency in Detailed reports (SEC-3416) Double 2FA popup on delete user without elevated token (SEC-3717) GovDoc-Req mapping page doesn't display requirement's "fulfillment data" (SEC-3429) Missing scrollbar in dropdown for generate report modal (SEC-3687) Missing translation on tab when regulation is selected in Regulation Checklist (SEC-3672) Requiremement Catalogue - Control mapping shows regulation keys (SEC-3716) Security Posture - ParentClauseID problems (SEC-3695) Template asset change of asset class throws error (SEC-3715) Wrong ColumnName grammar Risk Register (SEC-3702)

Features [Master Data] Requirement descriptions now include additional information for maturity evaluation (for newly created organizations) (SEC-3536) [Master Data] Template asset set updated (for newly created organizations) (SEC-3650) Improvements Emails sent from Securea now include both Slovak and English descriptions (SEC-3584) New scenario added to allow navigation from Security Posture -> Government Document mapping -> back to Security Posture (SEC-3483) Organization Users now allows setting a License Role for newly invited users (if a license has not yet been assigned) (SEC-3677) Security Posture filter is now defaulted to show only requirements linked to a regulation checklist, and its state is remembered by the browser (SEC-3685) Selected organization is now remembered in browser local storage (SEC-3596) User detail now shows license and role information without requiring edit mode (SEC-3678) Bugfixes Filter options disappeared after adjustments to dropdown size in filter configuration (SEC-3412) License Users could see license information that should not have been visible (if a License Admin was previously logged in using the same browser) (SEC-3704) Maturity level in the Security Posture widget displayed an incorrect text description (SEC-3393) Organization deletion no longer fails when existing connections are present (SEC-3668) Securea failed to send emails on RBAC role assignment or unassignment (SEC-3664) Users without any role in an organization and without a preselected organization could get stuck on the organization selection screen (SEC-3709)

Improvements Authentication token store was redesigned to improve security measures (SEC-3389) Automatic logout after a period of inactivity can now be prevented without needing to re-enter password (SEC-3670) Delete organization now requests the word DELETE instead of a full organization name (SEC-3455) New filter for Regulation Checklists added to Security Posture and Security Requirements Catalog (filter values not remembered yet) (SEC-3525) User passwords are now protected with additional obfuscation in addition to standard HTTPS encryption (SEC-3636) Bug Fixes Adding a new entry in Regulation Catalogue triggered an unsaved changes modal even after save operation (SEC-3621) Attempt to include @ in username resulted in an empty error message (without any text) (SEC-3512) Cloning system dashboard wrongly set widget name on cloned layout to Select Tenant instead of Select Organization (SEC-3660) Expired license threw license errors on Account screen, which is not license relevant (SEC-3671) In User Management it was not possible to unassign RBAC role by clicking on x next to a role (SEC-3659) Missing thresholds exclamation mark now properly disappears once all thresholds are set (SEC-3451) Missing translations added to filters in asset, owner, and report browsers (SEC-3404) Organization selector in User Management showed even organizations that were impossible to be managed (if user was only License User for them) (SEC-3663) Regulation Checklist – breadcrumb failed to navigate back to a view with a pre-selected regulation (SEC-3652) Requirement Clauses subtable in Requirement Catalogue was missing data in Regulation Checklist column (SEC-3583) Selection of menu entry in Organization group failed to properly highlight organization section (SEC-3669) Several reports in browser and viewer mode were missing translation strings for column names (SEC-3637) Several subtables showed the same value in both Description fields — one is for core object description and the second is for description of mapping relation (SEC-3517) Some reports were missing tooltips showing full column name for an abbreviated column name (SEC-3494) Some users were not provided a recovery code on 2FA setup screen (SEC-3658) Sorting based on Format column in Report Manager was incorrectly sorting Risk Register reports (SEC-3501) Users without License Admin role were always shown “No license assigned” on License information on Select Organization screen instead of “Valid” or “Invalid” (SEC-3662) Word Tenant was used instead of Organization in error toast in wizard when organization name already existed (SEC-3630)

Features Email notification is sent to user on change of password / RBAC / disabling of 2FA by License Admin in User Management (SEC-3541) New option in User Management to send password reset to an existing user via email token (SEC-3540) New option to send email invite to a user created via User Management (SEC-3539) TISAX and ISO27001:2022 (without statements) included to wizard (SEC-3649) Improvements Email templates were updated to a new design (SEC-3609) License validity information is added to select tenant screen (SEC-3566) Organization Management - removal of irrelevant MFA option (SEC-3590) Organization Management - removal of XML config file (JSON is now the only option) (SEC-3610) Renaming Tenant to Organization on several places in application (SEC-3593) Rework of 2FA authentication to a new model where License Admin can only disable 2FA for user (SEC-3568) Bug Fixes Automatic session expiration shall return user back to login page (SEC-3519) Editing organization threw license error when organization limit was reached (SEC-3638) Enabling 2FA on License User without any organization role disabled access to tabs in Account screen (SEC-3640) Green confirmation dialog of added roles via Organization Users was shown even on cancelled operation (SEC-3594) RBAC role Full Access User was still shown as Tenant Master in Account (SEC-3627) Unexpected unsaved changes modal in Organization Management after hitting save (SEC-3628) User Management - License Admin can see and manage RBAC roles only for organizations under license with Admin role (SEC-3598)

Major [Data] New regulation with mappings to atomic requirements – Príloha 1 k vyhláške NBÚ 227/2025 (SEC-3603) [License 01] Added License Management screen to review available licenses (SEC-3433) [License 02] Securea Support now manages licenses and License Admin roles (SEC-3520) [License 03] Only License Admins can now access the Administration section (Organization, User, and License Management) (SEC-3468) [License 04] Organization Management now displays only organizations with licenses managed by the License Admin (SEC-3587) [License 05] User Management screen allows License Admins to assign licenses to users (SEC-3569) [License 06] License Admins can see only user licenses they manage (SEC-3487) [License 07] User Management hides user role assignments for organizations not managed by the License Admin (SEC-3543) [License 08] Added tooltip in User Management showing the license assigned to each organization (SEC-3538) [License 09] Only License Users with a valid license can access organization data (SEC-3469) [License 10] User license is now automatically assigned to all users via Organization → Organization Users (SEC-3565) [Menu] Menu structure reorganized, renamed items, and added missing breadcrumbs (SEC-3586) [User 01] Users can now exist as standalone objects without being assigned to an organization (SEC-3444) [User 02] Users can now exist with only email and username (auto-generated) (SEC-3478) [User 03] Users can now log in using email in addition to username (SEC-3450) [User 04] New password setup screen allows setting a password without knowing the old one (for new users) (SEC-3516) [User 05] Login process now requires all users to set up 2-factor authentication (SEC-3431) [User 06] Required user details must be filled in by the user during the login process (SEC-3489) [User 07] Organization selection is skipped during login for users without an organization (SEC-3526) [User 08] Account menu item is now accessible even for users without an organization (SEC-3432) [User 09] Users can be added directly to an organization by providing only their email via Organization → Organization Users (SEC-3459) [User 10] Users invited via Organization → Organization Users receive an email with a token allowing them to set their initial password (SEC-3456) [User 11] Users can now verify their own email via the Account menu (a verification link is sent) (SEC-3476) [User 12] Users receive an email notification to both old and new addresses when a License Admin changes their email (SEC-3504) [Wizard 1] Organization creation wizard can be launched from Organization Management (or from Account for new License Admins without an organization) (SEC-3471) [Wizard 2] Wizard allows creating an organization from licenses with available organization limits (SEC-3472) [Wizard 3] Wizard collects basic organization information (SEC-3475) [Wizard 4] Wizard collects information about the organization’s industry (SEC-3474) [Wizard 5] Wizard allows selecting only those regulations relevant for company compliance (SEC-3477) [Wizard 6] Wizard allows inviting users during the organization creation process (SEC-3485) [Wizard 7] Wizard summary lets you review all steps and choose the next action for the newly created organization (SEC-3486) Improvements Columns in User Management have been redesigned, reordered, and had their filters fixed (SEC-3522) Organization is now automatically selected after creation (SEC-3571) Organization name is now displayed directly in the menu as the first item instead of the word Organization (SEC-3542) Term Tenant Master (RBAC role) was changed to Full Access User (SEC-3585) Term Tenant was replaced with Organization in new features (older features will be updated gradually) (SEC-3602) Bug Fixes Fixed issue where duplicated RBAC roles could be assigned to users, causing errors during role deletion (SEC-3557) Fixed issue where unsaved changes dialog in Organization Management appeared even when no changes were made (SEC-3422) Removed the Admin column from User Management as it displayed irrelevant information (SEC-3521) Removed untranslated and empty sub-windows from Controls and Threats browsers (SEC-3518)

Features License is now required for tenant creation (licenses are assigned by Securea support) (SEC-1871) New option to add sample assets from predefined templates (only for tenants created from master data) (SEC-3327) New tenants can now be created from predefined master data (such tenant is enabled for future automated upgrades) (SEC-3413) Improvements Author in Report Browser displays username instead of user ID (SEC-3238) Caching mechanism optimized to handle larger datasets (SEC-3367) Dropdown components are now resizable, and new size is remembered in local browser storage (SEC-3140) Formatting of numbers in tables is unified (SEC-2801) Improved performance of loading Asset Threats in Asset Browser (SEC-3380) Relogin via reminder no longer requires second-factor authentication (SEC-1937) Threshold for Asset Value is now used in reports through new ‘Value Severity’ column (SEC-2701) Threshold values for Maturity added (not used yet) (SEC-3366) Threshold values for Threats renamed and reorganized in browsers and reports (SEC-3333) User view preferences stored locally in the browser have been reorganized and cleaned up (SEC-3247) Bug Fixes Dashboard Security Posture widget color corruption in collapsed mode fixed (SEC-3364) Fixed sorting on columns in Report Browser (SEC-3160) Re-login request could pop up immediately after user login (SEC-3399) Select Tenant screen showed scrollbar even if it was not needed (SEC-3150) Unsaved changes modal was missing when leaving a newly added entry unsaved (SEC-3329)

Features Asset Hierarchy – Primary and Supporting assets (SEC-2664) Improvements Assessment Points from Clause were added to all reports containing Clause Description (SEC-3080) Dashboard Security Posture Widget – algorithm for Maturity % in collapsed view changed to display % of requirements with Maturity at target level or higher (SEC-3324) Performance – optimized loading of asset mappings when adding a new asset (SEC-3277) Performance – optimized loading of threshold-related columns in tables (SEC-3278) Performance – optimized loading time for Assets in Control subtable (Control selected) in Security Requirements Fulfillment screen (SEC-2181) Performance – optimized loading time for Security Requirements Fulfillment screen (SEC-3290) Predefined system values (such as asset CIA attributes) are now automatically translated in tables in browsers (SEC-3241) Scrollbars were redesigned to remain permanently visible (SEC-3285) Bug Fixes Dashboard Security Posture Widget – color spectrum was lost after expanding and collapsing the widget (SEC-3313) Error “Model not found” could be encountered when using breadcrumbs in different browsers (SEC-3314) Expanding a dashboard widget on a layout containing a scrollbar displayed the expanded widget in the wrong screen position (SEC-3315) Incorrect data in Control Description field in Security Requirements Fulfillment (SEC-3338) Performance – some screens triggered API requests for the previous screen even after the user switched to a different one (SEC-3318)

Improvements Assign Users screen allows user to paste multiple email addresses from clipboard (SEC-3078) Changed expand and collapse behavior on sidebar menu (SEC-2742) Improved loading times on dashboard when collapsing expanded widget (SEC-2675) Improved memory management when expanding and collapsing dashboard widgets (SEC-2995) Redesigned Personalization tab in User Settings (SEC-2699) Setting dashboard as a primary no longer requires user to enter password (SEC-3237) Warning about loosing data added to edit mode when clicking a redirect within Securea with unsaved changes (SEC-2639) Bug Fixes Blank Name and Description fields for Risk Register Report in report browser (SEC-3292) Corrected wrong API endpoint for CSV import of regulations (SEC-3274) Dashboard layout editor button is now hidden for mobile devices (SEC-3165) Improved performance for adding an asset linked to an asset class (SEC-3268) Missing field descriptions for fields when adding a new clause (SEC-3291) Removed short blip when opening Regulation Checklist (SEC-2740) Save button in Assign users screen failed to disappear upon successful save (SEC-3221) Unsupported option to import full tenant as a CSV removed from dropdown (SEC-3275) Previous changes: Changes for v2.4.4

New Features Control window in SoA View per clause supports navigation to Control details and hyperlink to Control-Asset assignment (SEC-2171) Dashboard Framework and Layout Editor (SEC-2479) Dashboard Governing Documents Widget (SEC-2545) Dashboard Highest Risk Assets and Highest Threats Widgets (SEC-2735) Dashboard Security Posture Widget (SEC-2597) Dashboard Select Tenant Widget (SEC-2930) Master Tenant user role can export all tenant data as a zip archive (SEC-2272) New threshold for Asset Value added (not used yet) (SEC-2700) Refactor of thresholds - added filter support for Severity columns (SEC-2989) Select tenant screen allows setup of favorite tenants (remembered locally in browser) (SEC-2935) Select tenant screen was redesigned to allow display of more tenants on one screen (SEC-2954) SoA View per clause supports comparison of before/after when overwriting clause with requirement data (SEC-2713) Tenant name is now included in filename of each exported file (SEC-2794) Improvements Added export and import of Tenant Configuration file (SEC-2164) Adjusted rendering of tenant image to zoom in if image is not in square format (SEC-2652) All ‘Remediation’ field names are renamed to ‘Corrective Action’ (SEC-2943) Change password notification reworked to toast notification engine (SEC-2941) Column “Days Until Review” added to Governing Documentation browser (SEC-2554) Column “Requirement Count” added to Governing Documentation browser (SEC-2557) Column Corrective Action was added to reports containing clauses (SEC-2942) Data Export with Master Tenant role now uses standard toast notifications (SEC-2831) Help center accessed via ‘?’ redirected to a different source site (SEC-2840) Item detail views adjusted to show all item properties (empty properties are displayed with ‘-’) (SEC-2802) Login expiration notification text changed to inform user about loss of unsaved changes (SEC-2756) Logout icon added to the bottom of main sidebar (SEC-2637) New filter for regulation checklist added to CSV export of clauses and clause-requirements (SEC-3141) New tooltip and icon for Reset button and unification of button order in top right corner (SEC-2812) Notification is shown whenever a user switches to a different tenant (SEC-2640) Notification was added to the cloning operation on tenant (SEC-3249) Overwrite All Changed Data in SoA View notifies users that entries not visible due to filter will also be overwritten (SEC-1684) Owner ID replaced with Owner Name in Governing Documentation Table in SoA View (SEC-949) Rename of “Regulations” to “Regulations Checklist” (SEC-2062) Requirement Fulfillment & Corrective Action fields added to requirement details in mapping screens (SEC-2962) Securea login screen is redesigned to better support vertical orientation (SEC-2638) Table columns with multiline texts display all rows in one line (SEC-2204) Tenant selection displayed on first user login reworked to show tenant list instead of a grid (SEC-3077) Toast notification moved from top right corner to bottom left corner (SEC-2587) URLs for Governing Documentation adjusted to notify user when redirecting outside of Securea (SEC-2804) Warning about unsupported web browser redesigned to use toast notification engine (SEC-3162) Bug Fixes ‘Overwrite All’ was not visible in ‘SoA view’ after editing clause details and returning to SoA view (SEC-2195) Added ‘Reset’ button to ‘Report Browsers’ for detailed reports (SEC-2567) Adding regulation showed wrong background in light mode (SEC-2809) Bigger area for tooltip ‘No thresholds set’ on menu item ‘Tenant’ (SEC-2546) Cloning of currently active tenant caused wrong data being shown in Securea (SEC-3223) Compliance manager was unable to see Generate Report button (SEC-2994) Default risk threshold descriptions were not loaded according to selected language (SEC-2854) Deletion of a tenant with an existing connection caused an inconsistent tenant state (scenario is now blocked) (SEC-3256) Disabled propagation from ‘Asset Class’ for ‘Asset Owner’ (SEC-2149) Export buttons in report manager are more consistent and have tooltips (SEC-2759) Filter did not work in Report Browser for all saved reports in Detailed Format (SEC-2696) Fixed ‘Overwrite all’ that got hidden after editing in SoA view screen (SEC-2595) Fixed loading-related error in ‘Asset Browser’ after propagation (SEC-2443) Fixed logo issue in tenant creation workflow (SEC-2577) Fixed redundant reset of the search filter when editing records that are the result of a search (SEC-2593) Horizontal arrows navigating between records did not scroll records back to the top (SEC-2747) Improved styling and responsiveness for certain resolutions in User Settings/User Management (SEC-2049) Light theme fix on delete tenant screen (SEC-2978) Light theme fixes on filter input (SEC-3143) Regulation selection criteria when adding a new report were not refreshed when switching between tenants (SEC-2808) Removed redundant “Export” buttons in catalogues and browsers (SEC-2806) Removed redundant word ‘Threat’ in Threat Browser Reset filter pop-up (SEC-2715) Securea enters not responding state after sorting some columns in mapping screen (SEC-3245) Several filter options not working in Security Requirements Fulfillment screen (SEC-2527) Switching to a different requirement in Security Posture screen did not scroll Requirement Description back to the top (SEC-2584) Tenant with one regulation was not able to generate a new report - field was disabled and regulation record was not prefilled (SEC-2798) User-friendly error messages on failed import (SEC-888)

We are so glad you joined us. Here are some things you can do to get started: Introduce yourself by adding your picture and information about yourself and your interests to your profile. What is one thing you would like to be asked about? Get to know the community by browsing discussions that are already happening here. When you find a post interesting, informative, or entertaining, use the to show your appreciation or support! Contribute by commenting, sharing your own perspective, asking questions, or offering feedback in the discussion. Before replying or starting new topics, please review the Community Guidelines.

Report manager - after user attempts to sort FOR, FOCUSED ON, FORMAT, AUTHOR, this bug occurs, data disappears and sorting is no longer functional at all ( in those mentioned columns) this remains until user deletes his cookies and relogin Securea version: 2.3.4.4

We’ve launched a new dashboard with both new and updated widgets, giving you faster and clearer access to key data. The new Securea dashboard allows users to build their own dashboard from multiple widgets tailored exactly to their needs. It now also supports displaying data across tenants, which will be especially appreciated by consultants working with multiple customers. New Governing documentation widget shows documents that need to be reviewed after the deadline has expired, as well as the number of days since the last review. Select tenant widget speeds up the selection of the tenant the user wants to work with. Security Posture widget shows the level of maturity and certainty in meeting requirements. Improved Highest threats and Highest risks assets widgets display more information and provide a better overview of threats and assets.