Automatically relate NIST Families and Controls to your DISA STIG Checklists with OpenRMF

If you have ever spent time on a team that was going after an Authority to Operate (ATO) to run their system on a Department of Defense (DoD) network in recent years, you probably have seen (or heard about) the Risk Management Framework (RMF). This is put out by the National Institute of Standards and Technologies (NIST). It is a common security framework to improve information security, strengthen the risk management of systems, and encourage agencies to trust ATOs to shorten timelines of systems in use.