Cyber Compliance Automation

RMF and FedRAMP Tracking
Single Source-of-Truth for your system package data
Continuous Monitoring for Patch Vulnerabilities
NEW! External API for Integration
Automated POAM Tracking
Team Subpackages to manage workload
Custom Checklist Creator
Automatically track ports, protocols, services, H/W, S/W
Bulk Lock/Unlock and Edit Vulnerabilities
Reduce your time to submit for your ATO by 40+%!
Login by CAC, Windows AD, LDAP or User/Password

Features Data Sheet Eval License
OpenRMF® Professional v2.6 released October 2021!

OpenRMF Professional Dashboard
OpenRMF Professional System Package Dashboard
OpenRMF Professional Patch Vulnerability Score
OpenRMF Professional Ports, Protocols, Services
OpenRMF Professional Hardware Listing
OpenRMF Professional System Package Compliance
OpenRMF Professional Team Notifications
OpenRMF Professional Differences Report
OpenRMF Professional System Package Mitigation Statements
OpenRMF Professional System Package POAM

Automatically Relate NIST Controls

Relate DISA STIGs with NIST Controls Seamlessly through RMF CIA or FedRAMP levels and Tailoring. Generate Compliance reports with the click of a button.

Automatically update POAM Entries

Automated POAM tracking links related STIG Checklists and Patch Scans and their status. Reduce manual workload and build trust and confidence in your data.

web-based creation and editing of checklists

Easily upload DISA, Nessus or OpenSCAP scans to create checklists. Upload, update and upgrade STIG Checklists and track version changes automatically. Create Custom Checklists as well!

For Executives, Directors, Top Level Managers

Quickly gain status across all System ATOs directly, dive into specific system packages to see more detail, track open vulnerabilities and more.

For Cyber Security Personnel and Assessors

See POAM status, STIG Checklist and Patch Vulnerability items, PPSM listing, Generate Compliance and assess Risk with a single sourch-of-truth.

For Administrators, Program Managers, and Analysts

Easily upload SCAP scans, checklists, and Nessus scans to track vulnerabilities. Fully automate with the brand new OpenRMF® Professional API!

System Package Checklists

A Single Source of Truth for System Package Checklists

OpenRMF® Professional gives you a single definitive source-of-truth for all STIG Checklists, Patch Vulnerabilities and NIST Controls Compliance across your entire system package.

  • Upload DISA SCAP results, Nessus SCAP results, or OpenSCAP results in XCCDF format to automatically create or update checklists
  • Fully automate the upload with the OpenRMF® Professional API now in v2.6! See examples here.
  • Create or Upload Checklists in the system package easily
  • Track the Checklist Score of each checklist and of the entire System Package, including tracking Score History and changes over time
  • Automatically save data revisions on STIG Vulnerabilities or entire Checklists
  • Upgrade Checklists to the latest version and release with the click of a button
  • Bulk Edit Vulnerabilities across multiple checklists
  • Bulk Lock/Unlock Vulnerabilities to stop false positives and errors

Interact with a Live POAM for your System Package

Remove the manual, cumbersome, error-prone editing of your POAM status on vulnerabilities and let OpenRMF® automate that work for you!

  • Entries linked directly to the related Patch Vulnerabilities and STIG Checklist Vulnerabilities
  • Edit POAM live, tracking versions of data you edit
  • Automated updates from updated Patch Scans, Uploaded Checklists, and updated STIG vulnerabilities tied to the POAM
System Package POAM

A Collaborative Environment for your Cyber Compliance Needs

OpenRMF® Professional automates many manual tasks, gives you confidence in your data, and builds trust with your team and assessors on your compliance and continuous monitoring.

Multi-Tenancy for All System Packages and Teams

Multiple roles for users across system packages, data, and actions to allow role-based access control to the System Package or Team Subpackage level

New Team Subpackages for Spreading the Workload

v2.5 introduces Team Subpackages to group checklists and/or devices under teams so they view and manage only their data

Reports across System Package Vulnerability Data

Reports for gathering data across your whole system package quickly and accurately on vulnerabilities by status, device, risk, and controls

Licensed per Active System Packages Managed

License is based on the number of Active System Packages being tracked (i.e. an ATO or accreditation), regardless of the number of users, devices, or checklists