Easily lock vulnerabilities from automated updates related to SCAP scans and manual edits in the new OpenRMF Professional v2.4. Eliminate automated false positive updates on checklists from SCAP uploads. And stop checklist uploads from updating vulnerability information that is set and finalized. All through the same web tool that helps you manage all your checklists, patch scans, POAM entries, overlays, and compliance generation in an easy-to-use web-based application.

Bulk Locking of Checklist Vulnerabilities entries

Stop False Positives from SCAP Scan Updates

I love automation. I hate wasting time. Especially non-value-added time. And OpenRMF Professional capitalizes on that idea tremendously. But with everything there is always some things to watch on hyper automation.

One…


Have you ever needed a DISA Checklist to track a particular piece of software or hardware and the checklist does not exist? Ever wanted to use those same checklists to track RMF or FedRAMP manual processes and/or procedures with respect to NIST 800.53 controls (PM, IR, AT, PL, PE) in an easy way? Now you can with the new Custom Checklist Creator in OpenRMF Professional v2.4!

Custom Checklist Creator in OpenRMF Professional v2.4

Why Make a Custom Checklist Template?

There are several reasons you would use the custom checklist template creator to make a template for custom checklists:

  • make a checklist to match to the manual controls such as Program Management, Awareness and…

The latest version of OpenRMF Professional is v2.4 released in early July 2021. We have added several things to help you and your team manage your RMF and FedRAMP data easier, faster, and with less stress! The Custom Checklist Creator. Improved vulnerability bulk. Bulk lock on vulnerabilities. Add tags to checklists and devices. Export/import overlays. And improved navigation to the UI with linked breadcrumbs and keyboard shortcuts.

If you have not checked out OpenRMF Professional yet, now is the time!

OpenRMF Professional v2.4

Custom Checklist Creator

The Custom Checklist Creator allows you to make custom checklists on software, hardware, as well as processes and procedures that…


Automatically create, track, link, update and manage your POA&M entries for STIG Checklist vulnerabilities and OS Patch vulnerabilities with OpenRMF Professional!

OpenRMF Professional by Soteria Software
OpenRMF Professional by Soteria Software
OpenRMF Professional — Cyber Compliance Automation

Keeping your POA&M up to date is a full time job

If you or your team member has ever had to keep the plan of action and milestones (POA&M) up to date on a project that is going through accreditation for Risk Management Framework (RMF) or FedRAMP you know the pain and strife this causes! Even with the older DITSCAP and DIACAP processes you had to have a POA&M tracking open item vulnerabilities. You listed the actual issue or vulnerability, when you were fixing them (if not just accepting the…


OpenRMF Professional = Cybersecurity Compliance Automation. To help you get more automation out of your data and give you time back to harden and secure your systems, we added some new features in 2.3 we think you will love. These include managing RMF as well as FedRAMP compliance, tracking compliance to sub-controls, tailoring to sub-controls, managing compliance overlays, managing POA&M mitigation statements to use, adding milestone events, speed improvements loading large lists, quick filtering of list data, and more reports. Highlights are below!

OpenRMF Professional 2.3 System Package Dashboard

New FedRAMP controls mapping and reports

OpenRMF Professional v2.3 now adds the ability to track system packages going for FedRAMP compliance. FedRAMP stands…


You can use OpenRMF OSS open source to track just your specific STIG Checklists for your application, even if that is just a small piece of a larger overall ATO or System Package effort. It is worth the few minutes to setup this application as it will save you hours of work and cut down on copy/paste work, errors, frustration, elevated blood pressure, and bad data.

OpenRMF OSS is free to download and use at https://www.openrmf.io/

What is OpenRMF OSS?

OpenRMF OSS is the open source application that helps you manage your Risk Management Framework (RMF) data in one easy-to-use interface. …


Automatically list hardware devices, servers, and other hosts as well as software on them using OpenRMF Professional and ACAS Nessus scans.

OpenRMF Professional helps track hardware, noting patch scans and checklists

Automatically Track all Hardware from Scans and STIG Checklists

As we put in our PPSM article, there are multiple sections of great information in the ACAS scans that DoD and other Federal Agencies and corporations use for tracking patches. Most organizations use the scan results to automate their patch vulnerability management and track critical, high, medium, and low patches on servers and workstations that need to be fixed.

But did you know you also can track your hardware and devices scanned from your ACAS scans as well? Every…


Show differences in vulnerability status across all your similar checklists in your System ATO Package.

Quickly pick a System Package, Checklist Type, and Devices to find differences across your STIG Checklists

Finding Differences in Status and Severity Override

Picture this. You have a network enclave or group of servers and devices to manage. They are a mix of Windows Server 2012, 2016, 2019 as well as Red Hat Linux 7.8, 7.9 and 8.x servers. And you have web servers, database servers, application servers, a couple Active Directory servers, storage appliances, routers, switches, and firewalls.

And you have to keep up with device patching, ACAS scanning and SCAP scanning to make sure they are secure as far as vulnerabilities go. …


Automate the tracking and management of ports, protocols and services for your network with ACAS scans and OpenRMF Professional.

PPSM Listing automated through ACAS scans and OpenRMF Professional

Automatically Track PPSM through your Scan Results

For US DoD, US Federal and corporate networks your ACAS scans are a wealth of knowledge. Most organizations use them to automate their patch vulnerability management and track critical, high, medium, and low patches on servers and workstations that need to be fixed.

But did you know there is other very valuable information in these scans? The ports, protocols, and services (i.e. PPSM where “M” is management) that are running is captured in each server scanned. And this information is contained…


Track changes in STIG Checklists, Patch Vulnerabilities, POA&M updates, Open Items and more with a single web-based application. OpenRMF is here to simplify your life!

OpenRMF Professional dashboard for all System ATO Packages across your RMF workload.

Automatically Track Changes of STIG Checklist

Being able to show changes in vulnerabilities over time for their status, override, comments, and details has been a very big pain up until now. Keeping multiple copies of CKL files, putting files into a code repository like GitHub or GitLab, or even keeping checklists in folders that are named for dates of the year (i.e. 2021–02–15) have been going on for well over a decade. …

Dale Bingham

CTO of Cingulara. Software Geek by trade. Father of three daughters. Husband. Lover of newer tech where it fits. Follow at https://www.cingulara.com/ @cingulara

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store