Compare STIG Vulnerability Differences Quickly with OpenRMF Professional
Show differences in vulnerability status across all your similar checklists in your System ATO Package.
Finding Differences in Status and Severity Override
Picture this. You have a network enclave or group of servers and devices to manage. They are a mix of Windows Server 2012, 2016, 2019 as well as Red Hat Linux 7.8, 7.9 and 8.x servers. And you have web servers, database servers, application servers, a couple Active Directory servers, storage appliances, routers, switches, and firewalls.
And you have to keep up with device patching, ACAS scanning and SCAP scanning to make sure they are secure as far as vulnerabilities go. And you have to keep up with the documentation, checklists, continuous monitoring, reporting, data calls, and status emails and briefings.
And all similar machines should have the same status of patching and vulnerabilities.
And somehow you have to do your job without getting burned out!
Tracking your SCAP scans, manual checklist settings, and checklist upgrades from DISA is very time consuming. And comparing them across all devices or even a subset of your devices/hosts/servers can be very manually intensive.
Even if you or someone on your team wrote a script to compare them, it is still a very manual process to get the latest SCAP scan, update the checklists, make sure they are the latest, track changes, and then see differences.
What we need here is a lot of automation to not only ingest the SCAP scans and create new checklists or update the current ones. We need to automate the change history for configuration management (the phrase no one wants to hear until you need it!).
And we need to automate finding differences and anomalies in a way to ask “Across all my Windows 2016 Domain Member servers, which ones have differences I need to investigate?” and get a quick answer we can use to take action.
Enter OpenRMF Professional v2.2!
Checklist Differences Report in OpenRMF
With the latest version 2.2 of OpenRMF Professional we have added several great reports. You have all this wonderful data and information. Let’s pull some intelligence out of it and get THE SYSTEM to tell US what we need to do!
You can run Reports → Checklist Differences, pick the System Package you have access to, choose the type of Checklist, and then show all devices to choose which ones you want to compare. Click the Run Report button and see your differences (if any).
And then export to MS Excel if you need to so you can answer data calls, send out the information, and show your team what issues need to be worked quickly.
You also can run a separate report that is similar to the one above. How about we ask, “What is the status of this vulnerability item (i.e. V-220112) across all checklists in my System Package?”. OpenRMF Professional reports back all the devices and checklists that vulnerability is in across all the information related to that System Package and its latest status.
Combine this type of reporting with OpenRMF Professional’s tracking of patch vulnerabilities and open items, checklists, PPSM, software listing, hardware listing, POA&M data, historical tracking of patch score and STIG checklist score and other reports and you have a great system that can help you manage all this information in a much less stressful way.
This helps you in your Risk Management Framework processes. It helps you with Continuous Monitoring. It helps you toward achieving your IATO, ATO or updating your ATO status. And it gives you a single source-of-truth for this data that is tracked, audited, and reportable in a clean web-based interface. (And yes I am a little biased!)
OpenRMF Professional v2.2 (the software pitch)
OpenRMF Professional automates much of the RMF process, helping decrease the time to an ATO by 40–50%. OpenRMF’s collaborative environment eliminates much of the manual labor and isolated work involved in aligning the DISA controls, checklists and patch scans, and then manages all information in a secure central database structure. This allows automatic generation and updating of the POA&M, Test Plan Summary, and various other security and RMF reports.
Having a web-based central repository for all RMF data that has role-based security for each system, eases the RMF process using a single source of truth and eliminates errors, manually intensive individual tracking, and rework. It also provides leadership with direct insight into the status of all system security and risk information thus eliminating the mystery around implementing the RMF process.
Once an ATO is achieved, OpenRMF continues with continuous monitoring and tracking of POA&M items, overall risk of systems and applications, and tracking updated scans and checklists throughout the life of the system.
Check it out here. Ask for an evaluation copy to try it yourself!