Built on live asset data, JupiterOne CCM helps teams replace audit evidence hunts with a current view of control effectiveness across cloud, SaaS and hybrid environments
DURHAM, N.C., June 02, 2026 (GLOBE NEWSWIRE) — JupiterOne, the AI Risk Management Platform, today unveiled JupiterOne Continuous Controls Monitoring (CCM), a solution that helps security and compliance teams determine whether controls are operating as intended across cloud, SaaS and hybrid environments. By testing controls against live asset data, CCM helps teams identify control drift and maintain evidence before gaps become audit findings, customer concerns or business risk.
Progress in compliance automation has made audit preparation faster, but many tools still stop short of proving whether controls are working in practice. As organizations scale, framework managers, control owners and asset owners are often forced to stitch together evidence from multiple systems, review configurations by hand and manually verify whether controls remain effective after implementation.
Continuous Controls Monitoring is fast becoming the way security and compliance teams expect to operate, moving from periodic attestation to real-time assurance of control effectiveness. JupiterOne CCM enters this category with the architectural foundation it requires: a graph data model that evaluates controls across asset, identity, and configuration relationships, with every test fully transparent — exact query, integration source, and test logic visible to security teams and auditors alike.
JupiterOne CCM replaces screenshots, spreadsheets and point-in-time reviews with always-current control evaluation built on live asset data, the actual state of the environment, not its documentation. The solution helps teams see control performance, maintain supporting evidence and respond when controls drift from an intended state.
“Most organizations can show that a policy exists. Far fewer can prove, at any moment, that the control behind that policy is actually working,” said Kevin Tonkin, Chief Product Officer at JupiterOne. “GRC tools were built to manage compliance workflow. Security teams need something different — a way to prove that the technical controls behind every policy are actually working, in environments that change by the hour. JupiterOne CCM brings a security lens to GRC.”
Built on JupiterOne’s graph-native platform and more than 200 integrations, JupiterOne CCM evaluates controls across relationships between assets, identities, cloud resources, SaaS applications and security findings. JupiterOne AI allows teams to ask compliance questions in natural language and get answers about control status, evidence, drift and framework alignment in seconds. Early customer feedback reinforces a consistent need for faster, more defensible answers about control effectiveness without weeks of manual evidence gathering.
With JupiterOne CCM, teams can:
- Continuously evaluate controls: Test controls against live asset data and detect drift when it happens
- Evaluate controls graph-natively: Test controls across asset relationships, identity, configuration, exposure and policy not just isolated API responses from each tool
- Ask questions with JupiterOne AI: Use natural language to get answers about control status, evidence, drift and compliance posture in seconds
- Maintain audit-ready evidence: Generate and update evidence from current data sources, reducing manual collection and review cycles
- Map controls across frameworks: Define controls once and use evidence across SOC 2, ISO, NIST, FedRAMP, HIPAA and more.
The launch builds on JupiterOne’s May introduction of JupiterOne AI Attack Surface Management (AI ASM) and JupiterOne Unified Vulnerability Management (UVM), which help teams understand how assets, vulnerabilities, AI systems and business-critical resources connect to create risk. Together, AI ASM, UVM and CCM extend JupiterOne’s graph-native approach from attack surface and vulnerability context to control effectiveness, letting security and compliance teams trace risk and evidence across the same underlying asset graph.
To learn more about JupiterOne’s CCM capabilities, attendees can meet the team at Money20/20 Europe in Amsterdam (Hall 5, Stand 5F61) and Infosecurity Europe in London (Booth G122) from June 2–4, 2026.
For more information about JupiterOne CCM, visit https://www.jupiterone.com/products/ccm.
About JupiterOne
JupiterOne is the AI Risk Management Platform that helps security teams in highly regulated industries understand and prioritize risk across complex, AI-driven environments. Built on a true graph-native data model, JupiterOne brings together assets, identities, security posture, and controls, showing the intuitive relationships that connect everything across the enterprise. Unlike list-based approaches, it enables querying of those relationships to understand how risk flows, the blast radius, and what to prioritize in seconds, at enterprise scale. With deep integrations and automated discovery across hundreds of tools, JupiterOne provides a continually updated view of asset relationships and context to cut through tool sprawl and prioritize fixes quickly.
Media Contacts
Maria Ross
Marketbridge for JupiterOne
jupiterone@marketbridge.com
