Automate Ports, Protocols, and Services Management (PPSM) with OpenRMF Professional
Automate the tracking and management of ports, protocols and services for your network with ACAS scans and OpenRMF Professional.
Automatically Track PPSM through your Scan Results
For US DoD, US Federal and corporate networks your ACAS scans are a wealth of knowledge. Most organizations use them to automate their patch vulnerability management and track critical, high, medium, and low patches on servers and workstations that need to be fixed.
But did you know there is other very valuable information in these scans? The ports, protocols, and services (i.e. PPSM where “M” is management) that are running is captured in each server scanned. And this information is contained in the .nessus files your administrators and/or security team can export from ACAS.
Why not use this information to automate the tracking and documenting of PPSM data to make your job easier! That is where OpenRMF Professional comes in. OpenRMF Professional v2.2 released April of 2021 includes automating the PPSM, hardware listing, and software listing contained in these .nessus files and helps you list and track that information. You can use this PPSM data for your system ATO package / ATO package documentation and artifacts.
You can also track the boundaries that the PPS crosses inbound or outbound in OpenRMF Professional. And it saves the version history of items so you know when it changed as far as the date, time, reason, and who did it. History tracking and auditing are built in to almost every aspect of what OpenRMF does.
As you upload the latest ACAS scans over time (Continuous Monitoring) and things change, OpenRMF updates your data for you and tracks PPSM as well as any newer devices found from your scan. Built in notifications let your team know when a new scan is updated and when PPSM data changes.
Ease PPSM Reporting and Data Calls
Tracking all this data automatically not only eases the management burden on your system administrators and cyber personnel. It also lets you respond quickly to data calls asking for this information.
It enables you to proactively scan all your PPSM data and look for anomalies or ports that should not be open.
It lets you look for services that should be removed or disabled.
And it does it in an easy interface that is web-based, audited, and tracked for history and configuration management purposes.
OpenRMF Professional v2.2 (the software pitch)
OpenRMF Professional automates much of the RMF process, helping decrease the time to an ATO by 40–50%. OpenRMF’s collaborative environment eliminates much of the manual labor and isolated work involved in aligning the DISA controls, checklists and patch scans, and then manages all information in a secure central database structure. This allows automatic generation and updating of the POA&M, Test Plan Summary, and various other security and RMF reports.
Having a web-based central repository for all RMF data that has role-based security for each system, eases the RMF process using a single source of truth and eliminates errors, manually intensive individual tracking, and rework. It also provides leadership with direct insight into the status of all system security and risk information thus eliminating the mystery around implementing the RMF process.
Once an ATO is achieved, OpenRMF continues with continuous monitoring and tracking of POA&M items, overall risk of systems and applications, and tracking updated scans and checklists throughout the life of the system.
Check it out here. Ask for an evaluation copy to try it yourself!